Jump to content

How do I stop a Browser Hijacking by FileCure?


Recommended Posts

The Problem:

Some time ago, when trying to look at .dat files, I clicked on "Use the web service to find the appropriate program". Microsoft suggested that I download "Free File Viewer". The website seemed a little shady, especially since it wanted mt o install a lot of pointless stuff too, but I installed it anyway (stupidly).

"Free File Viewer" does work in allowing you to view the .dat file, but ".dat" can be opened up in many programs; what matters if you could actually understand it, and "Free File Viewer" failed in that regard. So I uninstalled it, woo-hoo.

Except now, when I click on "Use the web service to find the appropriate program"...and instead of directing me to the Microsoft website, it directs me to www.filecure.com. I suspect this is the exact same company that made "Free File Viewer", and so I want to remove this browser-hijacking so that I return back to the Microsoft website and get their support (even though their "support" led me to this problem in the first place).

The question is how? I have installed Malbytes and doing a Quick Search, but I can't find any Malware program. What should I do now?

Note: The website is actually going http://www.helpmeopen.com/?n=app&l=0409&ext=DAT which then redirects to www.filecure.com.

DDS:

DDS (Ver_10-03-17.01) - NTFSx86

Run by Habiba Ali at 15:49:29.51 on Fri 08/13/2010

Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.85 [GMT -7:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton Internet Security 2006 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Program Files\AirLink101\AWLL5026\WLService.exe

c:\program files\ge security supra\syncservice.exe

C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\lxctcoms.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

C:\Program Files\GE Security Supra\ProxyDaemon.exe

C:\SSL\stunnel-4.10.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\cryptainersrv.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\PROGRA~1\AVG\AVG8\avgemc.exe

C:\Program Files\AVG\AVG8\avgcsrvx.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Dell\Media Experience\DMXLauncher.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Lexmark 5400 Series\lxctmon.exe

C:\Program Files\Lexmark 5400 Series\ezprint.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\Program Files\Brother\ControlCenter3\brccMCtl.exe

C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\GE Security Supra\SyncInfoApp.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\mIRC\mirc.exe

C:\Documents and Settings\Habiba Ali\My Documents\Downloads\dds.scr

C:\Program Files\Messenger\msmsgs.exe

============== Pseudo HJT Report ===============

uStart Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us

uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: CNisExtBho Class: {9ecb9560-04f9-4bbc-943d-298ddf1699e1} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

BHO: CNavExtBho Class: {a8f38d8d-e480-4d52-b7a2-731bb6995fdd} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll

TB: Norton Internet Security 2006: {0b53eac3-8d69-4b9e-9b19-a37c9a5676a7} - c:\program files\common files\symantec shared\adblocking\NISShExt.dll

TB: Norton AntiVirus: {c4069e3a-68f1-403e-b40e-20066696354b} - c:\program files\norton internet security\norton antivirus\NavShExt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File

TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [wgdqwmgp] c:\documents and settings\habiba ali\local settings\application data\ooyfnftab\dbdpnoatssd.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [urlLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Corel Photo Downloader] c:\program files\corel\corel snapfire plus\Corel Photo Downloader.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [lxctmon.exe] "c:\program files\lexmark 5400 series\lxctmon.exe"

mRun: [Lexmark 5400 Series Fax Server] "c:\program files\lexmark 5400 series\fm3032.exe" /s

mRun: [EzPrint] "c:\program files\lexmark 5400 series\ezprint.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [Yjubawopik] rundll32.exe "c:\windows\ibehifureqijol.dll",Startup

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup

StartupFolder: c:\docume~1\habiba~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe

StartupFolder: c:\docume~1\habiba~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\displa~1.lnk - c:\program files\ge security supra\SyncInfoApp.exe

IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: avgrsstarter - avgrsstx.dll

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Notification Packages = scecli kbrupoph.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\habiba~1\applic~1\mozilla\firefox\profiles\jgoj4vt0.default\

FF - prefs.js: network.proxy.type - 0

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: XULRunner: {A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7} - c:\documents and settings\habiba ali\local settings\application data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}

FF - HiddenExtension: XULRunner: {87FD98CA-AAF2-49FB-92AD-BCD51AF2249E} - c:\documents and settings\rafiq ali\local settings\application data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-9-30 335240]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-9-30 27784]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-9-30 108552]

R1 SAVRTPEL;SAVRTPEL;c:\program files\norton internet security\norton antivirus\Savrtpel.sys [2005-11-17 53896]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-8-19 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-8-19 297752]

R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\airlink101\awll5026\WLService.exe [2007-7-13 49152]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCEVTMGR.EXE [2005-11-17 191848]

R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\CCPROXY.EXE [2005-11-17 202088]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSETMGR.EXE [2005-11-17 169320]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-30 93320]

R2 navapsvc;Norton AntiVirus Auto-Protect Service;c:\program files\norton internet security\norton antivirus\NAVAPSVC.EXE [2005-11-17 139888]

R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [2007-9-7 100728]

R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2007-6-25 1251720]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-5-24 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2007-10-11 112688]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20071011.021\NAVENG.Sys [2007-10-11 81232]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20071011.021\NavEx15.Sys [2007-10-11 865904]

R3 SAVRT;SAVRT;c:\program files\norton internet security\norton antivirus\savrt.sys [2005-11-17 334984]

R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [2007-7-13 19968]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-25 30192]

S3 SAVScan;Symantec AVScan;c:\program files\norton internet security\norton antivirus\SAVScan.exe [2005-11-17 198368]

=============== Created Last 30 ================

2010-08-13 22:37:18 0 d-----w- c:\docume~1\habiba~1\applic~1\Malwarebytes

2010-08-13 18:18:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-13 18:18:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-08-13 18:18:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-13 18:18:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-12 05:33:55 0 d-----w- c:\program files\AIM Toolbar

2010-08-12 05:33:55 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM Toolbar

2010-08-12 05:33:39 0 d-----w- c:\program files\common files\Software Update Utility

2010-08-12 05:33:23 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM

2010-08-12 05:32:56 0 d-----w- c:\program files\AIM

2010-08-11 19:27:27 0 d-----w- c:\docume~1\habiba~1\applic~1\Reallusion

2010-07-29 18:08:48 0 d-----w- C:\Republic The Revolution Prima Official eGuide

==================== Find3M ====================

2010-06-14 14:30:28 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

2010-03-27 13:15:53 168 --sh--r- c:\windows\system32\2F1BCE3FA4.sys

2010-03-27 13:16:02 5642 -csha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 15:50:14.50 ===============

files.zip

Link to post
Share on other sites

Hello ,

And :D My name is Elise and I'll be glad to help you with your computer problems.

I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.

  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.

You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications.

-----------------------------------------------------------

I see indeed evidence of a rogue program running on your system, so lets start to get rid of it. :)

COMBOFIX

---------------

Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Link to post
Share on other sites

ComboFix 10-08-14.01 - Habiba Ali 08/14/2010 11:48:38.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.958.217 [GMT -7:00]

Running from: c:\documents and settings\Habiba Ali\My Documents\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Norton Internet Security 2006 *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Security 2006 *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\Habiba Ali\Local Settings\Application Data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}

c:\documents and settings\Habiba Ali\Local Settings\Application Data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}\chrome.manifest

c:\documents and settings\Habiba Ali\Local Settings\Application Data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}\chrome\content\_cfg.js

c:\documents and settings\Habiba Ali\Local Settings\Application Data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}\chrome\content\overlay.xul

c:\documents and settings\Habiba Ali\Local Settings\Application Data\{A1C67B3E-FB7E-4AB4-B3DD-28A5E74109A7}\install.rdf

c:\documents and settings\Rafiq Ali\Local Settings\Application Data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}

c:\documents and settings\Rafiq Ali\Local Settings\Application Data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}\chrome.manifest

c:\documents and settings\Rafiq Ali\Local Settings\Application Data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}\chrome\content\_cfg.js

c:\documents and settings\Rafiq Ali\Local Settings\Application Data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}\chrome\content\overlay.xul

c:\documents and settings\Rafiq Ali\Local Settings\Application Data\{87FD98CA-AAF2-49FB-92AD-BCD51AF2249E}\install.rdf

c:\documents and settings\Rafiq Ali\Local Settings\Temporary Internet Files\b4baBxU.jpg

c:\documents and settings\Rafiq Ali\Local Settings\Temporary Internet Files\NANJ84Ilb.jpg

c:\documents and settings\Rafiq Ali\Local Settings\Temporary Internet Files\vnToiD.jpg

c:\documents and settings\Rafiq Ali\Local Settings\Temporary Internet Files\Y8i8C7.jpg

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

c:\windows\system32\_000008_.tmp.dll

c:\windows\system32\_000009_.tmp.dll

c:\windows\system32\_000011_.tmp.dll

c:\windows\system32\pst.dat

.

((((((((((((((((((((((((( Files Created from 2010-07-14 to 2010-08-14 )))))))))))))))))))))))))))))))

.

2010-08-13 22:37 . 2010-08-13 22:37 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\Malwarebytes

2010-08-13 18:18 . 2010-08-13 18:18 -------- d-----w- c:\documents and settings\Rafiq Ali\Application Data\Malwarebytes

2010-08-13 18:18 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-13 18:18 . 2010-08-13 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-08-13 18:18 . 2010-08-13 18:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-13 18:18 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-13 18:03 . 2010-08-13 18:04 -------- d-----w- c:\documents and settings\Rafiq Ali\Application Data\FreeFileViewer

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\program files\AIM Toolbar

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM Toolbar

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\documents and settings\Rafiq Ali\Local Settings\Application Data\AIM Toolbar

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\program files\Common Files\Software Update Utility

2010-08-12 05:33 . 2010-08-12 05:35 -------- d-----w- c:\documents and settings\Rafiq Ali\Local Settings\Application Data\AIM

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\documents and settings\Habiba Ali\Local Settings\Application Data\AIM

2010-08-12 05:33 . 2010-08-12 05:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM

2010-08-12 05:32 . 2010-08-12 05:33 -------- d-----w- c:\program files\AIM

2010-08-11 19:27 . 2010-08-11 19:27 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\Reallusion

2010-07-29 18:08 . 2010-07-29 18:08 -------- d-----w- C:\Republic The Revolution Prima Official eGuide

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-14 19:13 . 2009-09-14 00:59 -------- d-----w- c:\documents and settings\Rafiq Ali\Application Data\Skype

2010-08-14 19:12 . 2009-09-14 01:01 -------- d-----w- c:\documents and settings\Rafiq Ali\Application Data\skypePM

2010-08-14 19:01 . 2007-06-25 12:55 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-14 19:00 . 2008-02-21 17:24 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\mIRC

2010-08-14 18:59 . 2009-10-14 14:29 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\Skype

2010-08-14 18:31 . 2009-10-15 22:26 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\skypePM

2010-08-14 02:41 . 2007-11-24 03:00 -------- d-----w- c:\program files\mIRC

2010-08-14 02:30 . 2007-08-08 18:24 -------- d-----w- c:\documents and settings\Habiba Ali\Application Data\LimeWire

2010-08-13 18:22 . 2007-11-24 03:00 -------- d-----w- c:\documents and settings\Rafiq Ali\Application Data\mIRC

2010-08-12 21:50 . 2009-09-07 07:06 1 ----a-w- c:\documents and settings\Rafiq Ali\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-08-12 01:00 . 2008-06-08 03:07 -------- d-----w- c:\program files\Norton Security Scan

2010-07-29 16:10 . 2010-07-29 16:10 364544 ----a-w- c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\aimtbres.dll

2010-06-16 20:09 . 2007-09-07 00:52 -------- d-----w- c:\program files\GE Security Supra

2010-06-05 23:55 . 2010-04-12 15:32 0 ----a-w- c:\windows\Rtosil.bin

2010-06-05 23:55 . 2010-04-12 15:32 120 ----a-w- c:\windows\Jhajimayob.dat

2010-06-18 00:37 . 2009-12-01 15:40 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

2010-03-27 13:15 . 2007-11-26 04:28 168 --sh--r- c:\windows\system32\2F1BCE3FA4.sys

2010-03-27 13:16 . 2007-11-26 04:28 5642 -csha-w- c:\windows\system32\KGyGaAvL.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-03-09 26100520]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-08-10 39816]

"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216]

"Aim"="c:\program files\AIM\aim.exe" [2010-05-21 3824472]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-23 7630848]

"nwiz"="nwiz.exe" [2006-08-23 1617920]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-23 86016]

"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]

"SigmatelSysTrayApp"="stsystra.exe" [2006-08-15 282624]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-02-12 53096]

"URLLSTCK.exe"="c:\program files\Norton Internet Security\UrlLstCk.exe" [2007-01-16 23168]

"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]

"Corel Photo Downloader"="c:\program files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe" [2006-08-14 462336]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-08-01 271672]

"lxctmon.exe"="c:\program files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 291760]

"Lexmark 5400 Series Fax Server"="c:\program files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 304048]

"EzPrint"="c:\program files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 82864]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-07-27 221184]

c:\documents and settings\Rafiq Ali\Start Menu\Programs\Startup\

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Habiba Ali\Start Menu\Programs\Startup\

LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-2-8 147456]

OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-6-25 24576]

DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2007-9-6 102400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-08-28 15:33 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\lxctcoms.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\mIRC\\mirc.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/30/2008 7:27 PM 335240]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/30/2008 7:28 PM 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/19/2009 3:33 AM 908056]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [8/19/2009 3:33 AM 297752]

R2 AWLL5026 WLService;AWLL5026 WLService;c:\program files\AirLink101\AWLL5026\WLService.exe [7/13/2007 7:59 PM 49152]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/30/2008 1:16 PM 93320]

R2 ssoftnt4;ssoftnt4;c:\windows\system32\drivers\ssoftnt4.sys [9/7/2007 9:44 PM 100728]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/24/2008 9:59 PM 24652]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/11/2007 2:33 PM 112688]

R3 StreamSurge;StreamSurge Driver (miniport);c:\windows\system32\drivers\ss.sys [7/13/2007 7:59 PM 19968]

S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/25/2007 6:00 AM 30192]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/13/2010 11:18 AM 38224]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - COMHOST

.

Contents of the 'Scheduled Tasks' folder

2010-08-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 19:15]

2010-08-14 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Rafiq Ali.job

- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-11-17 18:13]

2010-08-14 c:\windows\Tasks\Norton Security Scan for Rafiq Ali.job

- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 11:18]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/?src=aim

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

Trusted Zone: asu.edu\myasucourses

Trusted Zone: google.com\pages

Trusted Zone: googlepages.com\alexbruener

FF - ProfilePath - c:\documents and settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\

FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100812053337015&tb_oid=12-08-2010&tb_mrud=12-08-2010

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100812053337015&tb_oid=12-08-2010&tb_mrud=12-08-2010&query=

FF - component: c:\documents and settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll

FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll

FF - plugin: c:\program files\BYOND\bin\npbyond.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

FF - user.js: browser.sessionstore.resume_from_crash - false

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

HKLM-Run-Yjubawopik - c:\windows\ibehifureqijol.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-14 12:09

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5844)

c:\windows\system32\WININET.dll

c:\progra~1\mcafee\SITEAD~1\saHook.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\ccProxy.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\program files\AirLink101\AWLL5026\AWLL5026.exe

c:\program files\ge security supra\syncservice.exe

c:\progra~1\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\lxctcoms.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\cryptainersrv.exe

c:\program files\GE Security Supra\ProxyDaemon.exe

c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe

c:\ssl\stunnel-4.10.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\rundll32.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\stsystra.exe

c:\program files\Brother\ControlCenter3\brccMCtl.exe

c:\windows\system32\rundll32.exe

c:\program files\Brother\Brmfcmon\BrMfcmon.exe

c:\program files\Skype\Phone\Skype.exe

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe

c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe

c:\program files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe

c:\program files\OpenOffice.org 3\program\soffice.exe

c:\program files\OpenOffice.org 3\program\soffice.bin

c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-08-14 12:26:08 - machine was rebooted

ComboFix-quarantined-files.txt 2010-08-14 19:26

Pre-Run: 123,041,107,968 bytes free

Post-Run: 125,344,976,896 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3D6F9CFD292DB9F8E0F1E3E7A67A3056

In addition: I have a "Handle License Agreement" pop-up that came, purportedly from Microsoft, does that normally occur or is it a part of the malware itself?

In addition, Malwarebytes did an automatic scan before I was able to do Combofix, here's the log for that:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4425

Windows 5.1.2600 Service Pack 2

Internet Explorer 7.0.5730.13

8/13/2010 2:26:29 PM

mbam-log-2010-08-13 (14-26-29).txt

Scan type: Quick scan

Objects scanned: 179262

Time elapsed: 38 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 2

Registry Values Infected: 0

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Rafiq Ali\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\ms32clod.dll (Trojan.Clopdor) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Well done, that is looking a lot better now. :D

How are things running? Any problems left?

In addition: I have a "Handle License Agreement" pop-up that came, purportedly from Microsoft, does that normally occur or is it a part of the malware itself?
Did you get this only one time or more often?
Link to post
Share on other sites

I haven't even closed it yet, I guess I should have. I'll decline it for now and let you know when it comes back...

The main issue has still not been resolved. I "use the web service to find the appropriate program" and it still redirects me to www.filecure.com.

Link to post
Share on other sites

Hi, could you please let me know if that pop up comes back and if so, can you make a screenshot of it?

OTL

-----

Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTListIt.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

Link to post
Share on other sites

OTL logfile created on: 8/15/2010 1:03:27 PM - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rafiq Ali\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 12.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.96 Gb Total Space | 116.78 Gb Free Space | 80.01% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAFIQ

Current User Name: Rafiq Ali

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/15 12:58:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafiq Ali\My Documents\Downloads\OTL.exe

PRC - [2010/08/10 10:42:47 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

PRC - [2010/08/10 10:42:47 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

PRC - [2010/08/10 10:42:47 | 000,039,816 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

PRC - [2010/07/30 11:09:07 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/07/30 11:09:06 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/07/08 08:01:19 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe

PRC - [2010/06/17 17:37:25 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

PRC - [2010/05/21 08:36:28 | 003,824,472 | ---- | M] (AOL Inc.) -- C:\Program Files\AIM\aim.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

PRC - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

PRC - [2009/12/28 09:03:15 | 000,761,600 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgscanx.exe

PRC - [2009/11/05 08:53:06 | 001,251,720 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

PRC - [2009/08/28 08:33:00 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgcsrvx.exe

PRC - [2009/08/28 08:33:00 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe

PRC - [2009/08/28 08:32:55 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe

PRC - [2009/08/28 08:32:53 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe

PRC - [2009/08/28 08:32:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe

PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin

PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe

PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

PRC - [2008/02/11 17:22:14 | 000,191,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

PRC - [2008/02/11 17:22:14 | 000,169,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

PRC - [2008/02/11 17:22:14 | 000,053,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

PRC - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

PRC - [2007/11/01 12:57:24 | 002,756,096 | ---- | M] (mIRC Co. Ltd.) -- C:\Program Files\mIRC\mirc.exe

PRC - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

PRC - [2007/09/13 17:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE

PRC - [2007/07/13 19:02:30 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/05/23 11:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE

PRC - [2007/03/23 12:14:52 | 000,663,552 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

PRC - [2007/03/19 05:58:47 | 000,537,520 | ---- | M] ( ) -- C:\WINDOWS\system32\lxctcoms.exe

PRC - [2007/03/19 05:58:20 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 5400 Series\ezprint.exe

PRC - [2007/03/19 05:58:17 | 000,291,760 | ---- | M] () -- C:\Program Files\Lexmark 5400 Series\lxctmon.exe

PRC - [2007/03/06 18:20:00 | 000,536,576 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

PRC - [2007/03/02 15:48:00 | 000,098,304 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

PRC - [2007/01/29 20:12:14 | 000,030,248 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

PRC - [2007/01/24 17:45:10 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) -- C:\WINDOWS\system32\cryptainersrv.exe

PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/12/15 12:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

PRC - [2006/09/07 10:05:16 | 000,102,400 | ---- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\SyncInfoApp.exe

PRC - [2006/09/07 10:05:16 | 000,053,248 | ---- | M] (GE Security Supra) -- c:\Program Files\GE Security Supra\SyncService.exe

PRC - [2006/09/07 10:05:16 | 000,011,776 | ---- | M] (GE Security Supra) -- C:\Program Files\GE Security Supra\ProxyDaemon.exe

PRC - [2006/08/28 19:57:12 | 000,395,776 | ---- | M] (Gteko Ltd.) -- C:\Program Files\Dell Support\DSAgnt.exe

PRC - [2006/08/15 01:00:20 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe

PRC - [2006/08/14 12:20:26 | 000,462,336 | ---- | M] (Corel, Inc.) -- C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

PRC - [2006/03/16 18:24:44 | 000,827,392 | ---- | M] () -- C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe

PRC - [2006/03/16 18:24:44 | 000,049,152 | ---- | M] () -- C:\Program Files\AirLink101\AWLL5026\WLService.exe

PRC - [2005/11/17 01:33:52 | 001,160,800 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

PRC - [2005/11/16 10:34:28 | 000,073,216 | ---- | M] () -- C:\SSL\stunnel-4.10.exe

PRC - [2005/10/05 01:12:00 | 000,094,208 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe

PRC - [2005/09/08 03:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE

PRC - [2005/02/16 15:15:20 | 000,081,920 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

PRC - [2003/10/29 00:06:00 | 000,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe

========== Modules (SafeList) ==========

MOD - [2010/08/15 12:58:28 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rafiq Ali\My Documents\Downloads\OTL.exe

MOD - [2010/04/01 09:57:36 | 000,015,056 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\sahook.dll

MOD - [2010/03/04 15:01:09 | 000,503,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MSVCP71.DLL

MOD - [2008/02/11 17:22:14 | 000,379,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCL40.DLL

MOD - [2006/08/25 06:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

MOD - [2006/07/11 17:35:38 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcr71.dll

MOD - [2005/11/17 01:33:00 | 000,123,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\AntiSpam\asOEHook.dll

MOD - [2004/08/04 03:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)

SRV - [2010/08/04 08:45:48 | 000,822,048 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\WINDOWS\Temp\0023771281820062mcinst.exe -- (0023771281820062mcinstcleanup) McAfee Application Installer Cleanup (0023771281820062)

SRV - [2010/06/17 17:37:25 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)

SRV - [2010/03/26 11:16:04 | 000,093,320 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)

SRV - [2010/03/04 15:08:20 | 002,106,760 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)

SRV - [2010/03/04 15:08:20 | 000,099,720 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)

SRV - [2009/11/05 08:53:06 | 001,251,720 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)

SRV - [2009/08/28 08:32:55 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)

SRV - [2009/08/28 08:32:52 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)

SRV - [2008/02/11 17:22:14 | 000,191,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)

SRV - [2008/02/11 17:22:14 | 000,169,320 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)

SRV - [2008/01/29 17:38:31 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)

SRV - [2007/10/01 14:50:08 | 000,214,408 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)

SRV - [2007/09/13 17:49:48 | 000,202,088 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe -- (ccProxy)

SRV - [2007/05/23 11:13:38 | 000,139,888 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe -- (navapsvc)

SRV - [2007/03/19 05:58:47 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxctcoms.exe -- (lxct_device)

SRV - [2007/01/24 17:45:10 | 000,074,240 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\System32\cryptainersrv.exe -- (ssoftservice)

SRV - [2007/01/16 12:52:26 | 000,072,328 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\ccPwdSvc.exe -- (ccISPwdSvc)

SRV - [2007/01/16 10:25:28 | 000,045,696 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\comHost.exe -- (comHost)

SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/12/15 12:36:28 | 000,750,720 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE -- (NSCService)

SRV - [2006/09/07 10:05:16 | 000,053,248 | ---- | M] (GE Security Supra) [Auto | Running] -- c:\Program Files\GE Security Supra\SyncService.exe -- (DkeySync)

SRV - [2006/03/16 18:24:44 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\AirLink101\AWLL5026\WLService.exe -- (AWLL5026 WLService)

SRV - [2005/11/17 01:33:52 | 001,160,800 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)

SRV - [2005/11/17 01:32:56 | 000,198,368 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe -- (SAVScan)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\ComboFix\catchme.sys -- (catchme)

DRV - [2010/06/23 12:37:11 | 000,264,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20100804.001\SymIDSCo.sys -- (SYMIDSCO)

DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)

DRV - [2009/11/05 08:51:59 | 000,124,464 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2009/08/28 08:33:00 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)

DRV - [2009/08/28 08:33:00 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)

DRV - [2009/08/19 03:33:40 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)

DRV - [2007/10/01 14:49:26 | 000,189,320 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)

DRV - [2007/10/01 14:49:20 | 000,023,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)

DRV - [2007/10/01 14:49:16 | 000,031,624 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS -- (SYMIDS)

DRV - [2007/10/01 14:49:10 | 000,028,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)

DRV - [2007/10/01 14:49:04 | 000,098,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)

DRV - [2007/10/01 14:48:56 | 000,012,680 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)

DRV - [2007/08/30 01:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2007/08/30 01:00:00 | 000,112,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2007/07/17 01:00:00 | 000,865,904 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVEX15.SYS -- (NAVEX15)

DRV - [2007/07/17 01:00:00 | 000,081,232 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20071011.021\NAVENG.SYS -- (NAVENG)

DRV - [2007/07/13 18:05:38 | 000,100,728 | ---- | M] (Cypherix Software (India) Pvt. Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ssoftnt4.sys -- (ssoftnt4)

DRV - [2007/06/25 05:57:18 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)

DRV - [2007/04/09 20:44:52 | 000,391,256 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)

DRV - [2007/02/25 19:25:12 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)

DRV - [2006/12/12 10:28:26 | 000,052,224 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrSerIf.sys -- (BrSerIf)

DRV - [2006/09/07 10:00:18 | 000,089,808 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabser.sys -- (slabser)

DRV - [2006/09/07 10:00:18 | 000,055,312 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slabbus.sys -- (slabbus) DisplayKEY USB Cradle driver (WDM)

DRV - [2006/09/03 08:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbSer.sys -- (BrUsbSer)

DRV - [2006/08/23 10:12:38 | 003,959,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2006/08/15 01:00:18 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2006/08/14 04:29:44 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)

DRV - [2006/08/05 05:00:48 | 000,089,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvraid.sys -- (nvraid) NVIDIA nForce

DRV - [2006/08/05 05:00:40 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\nvatabus.sys -- (nvatabus)

DRV - [2006/06/08 09:49:50 | 000,344,064 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)

DRV - [2006/01/10 09:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)

DRV - [2005/11/17 01:32:56 | 000,334,984 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\savrt.sys -- (SAVRT)

DRV - [2005/11/17 01:32:56 | 000,053,896 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrtpel.sys -- (SAVRTPEL)

DRV - [2005/09/12 01:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)

DRV - [2005/09/08 03:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)

DRV - [2005/09/08 03:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)

DRV - [2005/09/08 03:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)

DRV - [2005/09/08 03:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)

DRV - [2005/09/08 03:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)

DRV - [2005/09/08 03:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)

DRV - [2005/09/08 03:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)

DRV - [2005/08/25 10:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)

DRV - [2005/08/25 10:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)

DRV - [2005/08/12 03:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)

DRV - [2005/06/17 12:48:46 | 000,019,968 | ---- | M] (WikiTek Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ss.sys -- (StreamSurge) StreamSurge Driver (miniport)

DRV - [2004/10/15 11:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/08/12 15:45:54 | 000,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus)

DRV - [2004/08/03 23:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/08/03 21:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)

DRV - [2004/08/03 21:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)

DRV - [2003/11/17 12:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)

DRV - [2003/11/17 12:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2003/11/17 12:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)

DRV - [2001/08/17 12:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)

DRV - [2001/08/17 12:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)

DRV - [2001/08/17 12:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)

DRV - [2001/08/17 12:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)

DRV - [2001/08/17 12:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)

DRV - [2001/08/17 11:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)

DRV - [2001/08/17 11:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)

DRV - [2001/08/17 11:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)

DRV - [2001/08/17 11:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)

DRV - [2001/08/17 11:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)

DRV - [2001/08/17 11:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)

DRV - [2001/08/17 11:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)

DRV - [2001/08/17 11:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)

DRV - [2001/08/17 11:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)

DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)

DRV - [2001/08/17 11:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2070625

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AOL Search"

FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20100812053337015&tb_oid=12-08-2010&tb_mrud=12-08-2010"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1

FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044

FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&tb_uuid=20100812053337015&tb_oid=12-08-2010&tb_mrud=12-08-2010&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/09/01 12:09:53 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/08/14 14:07:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/30 11:09:11 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/11 22:32:52 | 000,000,000 | ---D | M]

[2009/02/13 22:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Extensions

[2010/08/14 12:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions

[2009/09/05 11:26:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/01/05 09:34:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}

[2010/01/05 09:48:49 | 000,000,000 | ---D | M] (LeechBlock) -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

[2010/08/11 22:34:08 | 000,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}

[2009/11/30 17:21:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\activegs@freetoolsassociation.com

[2009/09/05 11:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\extensions\reader_plugin@ebrary.com

[2010/08/11 22:35:15 | 000,002,342 | ---- | M] () -- C:\Documents and Settings\Rafiq Ali\Application Data\Mozilla\Firefox\Profiles\twzdwyp7.default\searchplugins\aol-search.xml

[2010/08/14 12:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/10/24 07:40:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

[2007/07/31 18:44:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll

O1 HOSTS File: ([2010/08/14 12:09:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll File not found

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (CNisExtBho Class) - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O2 - BHO: (CNavExtBho Class) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)

O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)

O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)

O3 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\Toolbar\WebBrowser: (Norton Internet Security 2006) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (Symantec Corporation)

O3 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\Toolbar\WebBrowser: (Norton AntiVirus) - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVSHEXT.DLL (Symantec Corporation)

O3 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)

O4 - HKLM..\Run: [brMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)

O4 - HKLM..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe (Corel, Inc.)

O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)

O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()

O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 5400 Series\ezprint.exe (Lexmark International Inc.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [iSUSPM Startup] c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)

O4 - HKLM..\Run: [Lexmark 5400 Series Fax Server] C:\Program Files\Lexmark 5400 Series\fm3032.exe ()

O4 - HKLM..\Run: [lxctmon.exe] C:\Program Files\Lexmark 5400 Series\lxctmon.exe ()

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)

O4 - HKLM..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\URLLSTCK.EXE (Symantec Corporation)

O4 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)

O4 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)

O4 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)

O4 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O4 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DisplayKEY eSYNC Info.lnk = C:\Program Files\GE Security Supra\SyncInfoApp.exe (GE Security Supra)

O4 - Startup: C:\Documents and Settings\Habiba Ali\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\Habiba Ali\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O4 - Startup: C:\Documents and Settings\Rafiq Ali\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)

O15 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..Trusted Domains: asu.edu ([myasucourses] https in Trusted sites)

O15 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..Trusted Domains: google.com ([pages] https in Trusted sites)

O15 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..Trusted Domains: googlepages.com ([alexbruener] http in Trusted sites)

O15 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..Trusted Ranges: GD ([http] in Local intranet)

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4.../OGAControl.cab (Office Genuine Advantage Validation Tool)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/08/10 11:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/08/14 14:07:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood

[2010/08/14 11:46:49 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/08/14 11:41:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/08/14 11:41:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/08/14 11:41:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/08/14 11:41:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/08/14 11:41:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/08/14 11:35:14 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/08/13 11:18:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafiq Ali\Application Data\Malwarebytes

[2010/08/13 11:18:07 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/08/13 11:18:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/08/13 11:18:04 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/08/13 11:18:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/08/13 11:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafiq Ali\Application Data\FreeFileViewer

[2010/08/11 22:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar

[2010/08/11 22:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility

[2010/08/11 22:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rafiq Ali\Local Settings\Application Data\AIM

[2010/08/11 22:33:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM

[2010/08/11 22:32:56 | 000,000,000 | ---D | C] -- C:\Program Files\AIM

[2010/07/29 11:08:48 | 000,000,000 | ---D | C] -- C:\Republic The Revolution Prima Official eGuide

[2008/02/05 20:34:12 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\LXCThcp.dll

[2008/02/05 20:34:11 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctusb1.dll

[2008/02/05 20:34:11 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctinpa.dll

[2008/02/05 20:34:11 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctiesc.dll

[2008/02/05 20:34:10 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctserv.dll

[2008/02/05 20:34:10 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpmui.dll

[2008/02/05 20:34:10 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctprox.dll

[2008/02/05 20:34:10 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctpplc.dll

[2008/02/05 20:34:09 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctlmpm.dll

[2008/02/05 20:34:08 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcthbn3.dll

[2008/02/05 20:34:07 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomm.dll

[2008/02/05 20:34:06 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxctcomc.dll

[295 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/15 09:51:36 | 063,466,956 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/08/14 12:10:29 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn

[2010/08/14 12:09:55 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/08/14 12:09:51 | 000,081,191 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/08/14 12:09:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/08/14 12:01:47 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/08/14 12:01:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/08/14 12:01:33 | 1005,047,808 | -HS- | M] () -- C:\hiberfil.sys

[2010/08/14 11:46:53 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/08/13 20:00:00 | 000,000,556 | ---- | M] () -- C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Rafiq Ali.job

[2010/08/13 18:00:06 | 000,000,416 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for Rafiq Ali.job

[2010/08/13 14:32:09 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Rafiq Ali\NTUSER.DAT

[2010/08/13 14:32:09 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rafiq Ali\ntuser.ini

[2010/08/13 11:18:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/12 16:45:14 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/08/11 22:34:16 | 000,000,731 | -H-- | M] () -- C:\IPH.PH

[2010/08/11 22:33:22 | 000,001,592 | ---- | M] () -- C:\Documents and Settings\Rafiq Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/08/11 22:33:22 | 000,001,574 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2010/08/11 20:13:44 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk

[2010/08/11 13:21:50 | 000,001,008 | ---- | M] () -- C:\Documents and Settings\Rafiq Ali\Desktop\GoToMeeting.lnk

[295 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[2 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/14 11:46:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/08/14 11:46:50 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/08/14 11:41:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/08/14 11:41:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/08/14 11:41:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/08/14 11:41:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/08/14 11:41:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/08/13 11:18:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/08/11 22:33:22 | 000,001,592 | ---- | C] () -- C:\Documents and Settings\Rafiq Ali\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM.lnk

[2010/08/11 22:33:22 | 000,001,574 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk

[2009/09/24 22:24:21 | 000,000,305 | ---- | C] () -- C:\WINDOWS\bundle.ini

[2009/09/01 18:01:00 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll

[2008/03/30 13:11:06 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/03/30 13:11:06 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/03/30 13:09:07 | 000,000,887 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/03/30 13:09:07 | 000,000,153 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/03/30 13:08:18 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini

[2008/03/30 13:08:17 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll

[2008/03/30 13:07:15 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/02/10 19:29:26 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\Zlib.dll

[2008/02/10 19:29:24 | 000,041,984 | ---- | C] () -- C:\WINDOWS\System32\ZFExt.dll

[2008/02/05 20:37:28 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxctvs.dll

[2008/02/05 20:37:25 | 000,331,776 | ---- | C] () -- C:\WINDOWS\System32\lxctcoin.dll

[2008/02/05 20:37:00 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxctdrs.dll

[2008/02/05 20:37:00 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxctcaps.dll

[2008/02/05 20:36:59 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxctcnv4.dll

[2008/02/05 20:36:39 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\lxctpmon.dll

[2008/02/05 20:36:39 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXCTFXPU.DLL

[2008/02/05 20:34:12 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\LXCTinst.dll

[2008/02/05 20:34:08 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\lxctgrd.dll

[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2007/12/02 22:21:17 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2007/11/25 21:28:54 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys

[2007/11/25 21:28:54 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\2F1BCE3FA4.sys

[2007/09/06 17:53:37 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll

[2007/07/13 19:59:05 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\AWLL5026.dll

[2007/07/13 19:59:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2007/06/25 06:04:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2007/06/25 05:59:12 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2007/06/25 05:35:47 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2007/06/25 05:35:47 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2007/06/25 05:35:47 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2007/06/25 05:35:47 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2007/06/25 05:35:46 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2007/06/25 05:35:46 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2007/06/25 05:35:45 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2007/06/25 05:34:46 | 000,001,124 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2005/11/09 23:56:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2005/03/28 23:58:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2005/03/28 23:58:10 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2004/08/10 11:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/08/10 11:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

< End of report >

OTL Extras logfile created on: 8/15/2010 1:03:27 PM - Run 1

OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Rafiq Ali\My Documents\Downloads

Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

958.00 Mb Total Physical Memory | 117.00 Mb Available Physical Memory | 12.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 46.00% Paging File free

Paging file location(s): C:\pagefile.sys 1440 2880 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 145.96 Gb Total Space | 116.78 Gb Free Space | 80.01% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: RAFIQ

Current User Name: Rafiq Ali

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-2494159889-3760298060-762487769-1006\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\WINDOWS\system32\lxctcoms.exe" = C:\WINDOWS\system32\lxctcoms.exe:*:Enabled:Lexmark Communications System -- ( )

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)

"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop -- (Google)

"C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.)

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306

"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA

"{1248C09A-BD6B-47F5-BF3F-CD2B700D9FCB}" = ccCommon

"{12E2B9E9-05B1-407d-B0FD-B5F350535125}" = Norton Internet Security

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 16

"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet

"{2EBF25F1-F8A2-40EA-92BE-931C142A44E2}" = CC_ccProxyExt

"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager

"{30738666-9805-4926-A78F-91DA33B6C437}" = ccPxyCore

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer

"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor

"{3B29A786-5803-4E9E-9B58-3014A5B4E519}" = Norton AntiSpam

"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant

"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting

"{3FADAA19-E595-44CA-A072-58B6B0851768}" = Norton Security Scan

"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer

"{449F3A9E-9903-4a0d-A209-08030D45A935}" = Norton Internet Security

"{48185814-A224-447a-81DA-71BD20580E1B}" = Norton Internet Security

"{492724FC-3B26-46B4-824F-3CE2722D9AA0}" = Apple Software Update

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{5677563D-0CB1-485F-9E18-C5025306BB3F}" = Norton AntiSpam

"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III

"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer

"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore

"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC

"{7862B103-624D-401A-8718-22A3A53B403E}" = AirLink101 USB XR Adapter

"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus

"{82A5BF38-8461-4A5C-B2C9-24F5256D92A6}" = Norton Protection Center

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{93A1B09E-BAFA-4628-A5B6-921CB026955A}" = Corel Paint Shop Pro Photo XI

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{967D588C-9B96-40C9-A222-DCD6922563CA}" = Apple Mobile Device Support

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite

"{A93C9E60-29B6-49da-BA21-F70AC6AADE20}" = Norton Internet Security

"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio

"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy

"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11

"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C252EB7B-7AE0-46DE-9BEE-DF681B885F13}" = Modem Diagnostic Tool

"{C6F5B6CF-609C-428E-876F-CA83176C021B}" = Norton AntiVirus 2006

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEE2252C-4035-4B27-8EC6-0B085DD3A413}" = Dell Support 3.2.1

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Hello again,

Lets fix a few things with OTL and do another rootkit scan to find out what may be causing the redirects.

Also, if you are connecting through a router to the internet, please reset it (it should have a button for that on the backside).

OTL FIX

------------

We need to run an OTL Fix

  1. Please reopen otlDesktopIcon.png on your desktop.
  2. Copy and Paste the following code into the customFix.png textbox. Do not include the word "Code"
    :otl
    IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-2494159889-3760298060-762487769-1006\..\URLSearchHook: *{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - Reg Error: Key error. File not found

    :commands
    [emptytemp]


  3. Push runFixbutton.png
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click btnOK.png.
  6. A report will open. Copy and Paste that report in your next reply.

Please download Rootkit Unhooker and save it to your Desktop

  • Double-click on RKUnhookerLE to run it
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth, and uncheck the rest
  • Click OK
  • Wait until it's finished and then go to File > Save Report
  • Save the report to your Desktop

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

Link to post
Share on other sites

All processes killed

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-2494159889-3760298060-762487769-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}\ not found.

Registry value HKEY_USERS\S-1-5-21-2494159889-3760298060-762487769-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{CFBFAE00-17A6-11D0-99CB-00C04FD64497}\ not found.

Registry value HKEY_USERS\S-1-5-21-2494159889-3760298060-762487769-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\*{EA756889-2338-43DB-8F07-D1CA6FB9C90D} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\*{EA756889-2338-43DB-8F07-D1CA6FB9C90D}\ not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 18002246 bytes

->Temporary Internet Files folder emptied: 114786408 bytes

->Java cache emptied: 3210303 bytes

->FireFox cache emptied: 91548465 bytes

->Flash cache emptied: 12818 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Habiba Ali

->Temp folder emptied: 2323106 bytes

->Temporary Internet Files folder emptied: 2765796 bytes

->Java cache emptied: 63599569 bytes

->FireFox cache emptied: 35530466 bytes

->Flash cache emptied: 18889 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 201013 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

User: Owner

User: Rafiq Ali

->Temp folder emptied: 760160 bytes

->Temporary Internet Files folder emptied: 932772 bytes

->Java cache emptied: 63690812 bytes

->FireFox cache emptied: 85612590 bytes

->Flash cache emptied: 32836 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 173638883 bytes

%systemroot%\System32\dllcache .tmp files removed: 114688 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 822180 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 627.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 08162010_202713

Files\Folders moved on Reboot...

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\citrixlogs\gotomeeting\457\log1E.tmp\G2MStart.log moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\citrixlogs\gotomeeting\457\log1E.tmp\GoToMeeting_00.log moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\citrixlogs\gotomeeting\457\G2MOutlookAddin_util.log moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\Acr5BFF.tmp moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\G2MCodec.log moved successfully.

File\Folder C:\Documents and Settings\Habiba Ali\Local Settings\Temp\Perflib_Perfdata_1160.dat not found!

File\Folder C:\Documents and Settings\Habiba Ali\Local Settings\Temp\Perflib_Perfdata_a38.dat not found!

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\Z@R48.tmp moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\~DF1438.tmp moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temp\~DFA141.tmp moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temporary Internet Files\Content.IE5\PX0V2HIO\step1[1].htm moved successfully.

C:\Documents and Settings\Habiba Ali\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

RkU Version: 3.8.388.590, Type LE (SR2)

==============================================

OS Name: Windows XP

Version 5.1.2600 (Service Pack 2)

Number of processors #2

==============================================

>Drivers

==============================================

0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 4497408 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 91.48 )

0xF6D83000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 3960832 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 91.48 )

0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2146304 bytes (Microsoft Corporation, NT Kernel & System)

0x804D7000 PnpManager 2146304 bytes

0x804D7000 RAW 2146304 bytes

0x804D7000 WMIxWDM 2146304 bytes

0xBF800000 Win32k 1851392 bytes

0xBF800000 C:\WINDOWS\System32\win32k.sys 1851392 bytes (Microsoft Corporation, Multi-User Win32 Driver)

0xF6371000 C:\WINDOWS\system32\drivers\sthda.sys 1126400 bytes (SigmaTel, Inc., NDRC)

0xF6BF6000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1044480 bytes (Conexant Systems, Inc., HSF_DP driver)

0xB8955000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NavEx15.Sys 860160 bytes (Symantec Corporation, AV Engine)

0xF6B4F000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 684032 bytes (Conexant Systems, Inc., HSF_CNXT driver)

0xF71DA000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)

0xF2BE8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 454656 bytes (Microsoft Corporation, Windows NT SMB Minirdr)

0xF2B85000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 405504 bytes (Symantec Corporation, Symantec Eraser Control Driver)

0xF2D8A000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 405504 bytes (Symantec Corporation, SPBBC Driver)

0xB8A4F000 C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS 360448 bytes (Symantec Corporation, AutoProtect)

0xF3BCA000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 360448 bytes (Microsoft Corporation, TCP/IP Protocol Driver)

0xB93D9000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)

0xB2C30000 C:\WINDOWS\system32\DRIVERS\rt73.sys 344064 bytes (Ralink Technology, Corp., Ralink 802.11 USB Wireless Adapter Driver)

0xF2B15000 C:\WINDOWS\System32\Drivers\avgldx86.sys 331776 bytes (AVG Technologies CZ, s.r.o., AVG AVI Loader Driver)

0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)

0xB4912000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100804.001\symidsco.sys 282624 bytes (Symantec Corporation, IDS Core Driver)

0xB880D000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)

0xF3B69000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 233472 bytes (Symantec Corporation, Network Dispatch Driver)

0xF6CF5000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 212992 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)

0xF6ACD000 C:\WINDOWS\system32\DRIVERS\update.sys 212992 bytes (Microsoft Corporation, Update Driver)

0xF7358000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)

0xF71AD000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)

0xB9688000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 180224 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)

0xB1AC3000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)

0xF2C57000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)

0xF2E0F000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)

0xF6B29000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 155648 bytes (Windows ® Server 2003 DDK provider, High Definition Audio Bus Driver v1.0)

0xB4957000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 155648 bytes (Symantec Corporation, Firewall Filter Driver)

0xF2E50000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 151552 bytes (Symantec Corporation, Symantec Event Library)

0xF6D29000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)

0xF6D4C000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 143360 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)

0xF2DED000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)

0xF634F000 C:\WINDOWS\system32\drivers\portcls.sys 139264 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))

0xF2E75000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 135168 bytes (Microsoft Corporation, IP Network Address Translator)

0x806E3000 ACPI_HAL 134272 bytes

0x806E3000 C:\WINDOWS\system32\hal.dll 134272 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)

0xF72A6000 fltMgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)

0xF2B66000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 126976 bytes (Symantec Corporation, Symantec Eraser Utility Driver)

0xF7328000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)

0xF7192000 Mup.sys 110592 bytes (Microsoft Corporation, Multiple UNC Provider driver)

0xF2AD3000 C:\WINDOWS\System32\Drivers\dump_nvata.sys 106496 bytes

0xF72C6000 nvata.sys 106496 bytes (NVIDIA Corporation, NVIDIA

Link to post
Share on other sites

Hello again,

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

Link 1
Link 2
Link 3

  • Double-click on MBRCheck.exe to run it. Vista/Windows 7 users right-click and select Run As Administrator.
  • It will open a black screen with some data on it...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will be created on the desktop.
  • Copy and paste the contents of that log in your next reply.

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x000001ec

Kernel Drivers (total 150):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E3000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7487000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7497000 MountMgr.sys

0xF7328000 ftdisk.sys

0xF74A7000 \WINDOWS\system32\drivers\CLASSPNP.SYS

0xF770F000 PartMgr.sys

0xF74B7000 VolSnap.sys

0xF72FA000 atapi.sys

0xF72C6000 nvata.sys

0xF74C7000 disk.sys

0xF72A6000 fltMgr.sys

0xF7294000 sr.sys

0xF727E000 DRVMCDB.SYS

0xF7717000 PxHelp20.sys

0xF7267000 KSecDD.sys

0xF71DA000 Ntfs.sys

0xF71AD000 NDIS.sys

0xF7192000 Mup.sys

0xF7547000 \SystemRoot\system32\DRIVERS\processr.sys

0xF6D83000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF6D6F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF787F000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF6D4C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7887000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7557000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF79A1000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7577000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF6D29000 \SystemRoot\system32\DRIVERS\ks.sys

0xF788F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7587000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xF6CF5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys

0xF6BF6000 \SystemRoot\system32\DRIVERS\HSF_DP.sys

0xF6B4F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF7727000 \SystemRoot\System32\Drivers\Modem.SYS

0xF6B29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7B96000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7597000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF6B12000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF75A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF75B7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7737000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6B01000 \SystemRoot\system32\DRIVERS\psched.sys

0xF75C7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF773F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7747000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF75D7000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF774F000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF79A3000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF6ACD000 \SystemRoot\system32\DRIVERS\update.sys

0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF775F000 \SystemRoot\system32\DRIVERS\ss.sys

0xF6371000 \SystemRoot\system32\drivers\sthda.sys

0xF634F000 \SystemRoot\system32\drivers\portcls.sys

0xF7617000 \SystemRoot\system32\drivers\drmk.sys

0xF7627000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7647000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7977000 \SystemRoot\system32\drivers\MODEMCSA.sys

0xF79BF000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7B8B000 \SystemRoot\System32\Drivers\Null.SYS

0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS

0xF779F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS

0xF77A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF77AF000 \SystemRoot\System32\drivers\vga.sys

0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF77B7000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF77BF000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF716E000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF3C22000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF3BCA000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF3B69000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0xF2E75000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF2E50000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF2E37000 \SystemRoot\System32\Drivers\avgtdix.sys

0xF2E0F000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF2DED000 \SystemRoot\System32\drivers\afd.sys

0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF2D8A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0xF7527000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF793F000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7957000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF2C82000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS

0xF2C57000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF2BE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF631F000 \SystemRoot\System32\Drivers\Fips.SYS

0xF2B85000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0xF628F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF2B66000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0xF777F000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xF2B15000 \SystemRoot\System32\Drivers\avgldx86.sys

0xF2CA6000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF2AD3000 \SystemRoot\System32\Drivers\dump_nvata.sys

0xF79ED000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF7927000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77FF000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BBB000 \SystemRoot\System32\drivers\dxgthk.sys

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xF2CD6000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xF7B18000 \SystemRoot\System32\DLA\DLADResN.SYS

0xBA4D2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA550000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF7A15000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF782F000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xBA4BA000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xBA4A4000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xF7847000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xF2AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB9964000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0xB9688000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7807000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xB9768000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xB93D9000 \SystemRoot\system32\DRIVERS\srv.sys

0xB9520000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB92AA000 \??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys

0xB91CD000 \SystemRoot\system32\drivers\wdmaud.sys

0xB97E4000 \SystemRoot\system32\drivers\sysaudio.sys

0xF7857000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

0xB8A4F000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS

0xB8955000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NavEx15.Sys

0xB8942000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NAVENG.Sys

0xB880D000 \SystemRoot\System32\Drivers\HTTP.sys

0xB8E1F000 \SystemRoot\System32\Drivers\SYMDNS.SYS

0xB6B96000 \SystemRoot\System32\Drivers\SYMNDIS.SYS

0xB4957000 \SystemRoot\System32\Drivers\SYMFW.SYS

0xB50A6000 \SystemRoot\System32\Drivers\SYMIDS.SYS

0xB4912000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100804.001\symidsco.sys

0xB2C30000 \SystemRoot\system32\DRIVERS\rt73.sys

0xBFF50000 \SystemRoot\System32\TSDDD.dll

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xF79D5000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

0xAE21E000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 125):

0 System Idle Process

4 System

844 C:\WINDOWS\system32\smss.exe

892 csrss.exe

916 C:\WINDOWS\system32\winlogon.exe

960 C:\WINDOWS\system32\services.exe

972 C:\WINDOWS\system32\lsass.exe

1180 C:\WINDOWS\system32\svchost.exe

1248 svchost.exe

1464 C:\WINDOWS\system32\svchost.exe

1624 svchost.exe

1696 svchost.exe

120 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

188 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

308 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE

320 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

380 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

432 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

1060 C:\WINDOWS\system32\spoolsv.exe

1328 svchost.exe

1380 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

1392 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

1416 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

1436 C:\Program Files\AirLink101\AWLL5026\WLService.exe

1452 C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe

1456 C:\Program Files\GE Security Supra\SyncService.exe

1508 C:\Program Files\AVG\AVG8\avgrsx.exe

1612 C:\PROGRA~1\AVG\AVG8\avgnsx.exe

1912 C:\Program Files\Java\jre6\bin\jqs.exe

2024 C:\WINDOWS\system32\lxctcoms.exe

1900 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

652 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE

744 C:\Program Files\GE Security Supra\ProxyDaemon.exe

804 C:\WINDOWS\system32\nvsvc32.exe

876 C:\SSL\stunnel-4.10.exe

1364 C:\WINDOWS\system32\cryptainersrv.exe

2188 explorer.exe

2408 C:\WINDOWS\system32\svchost.exe

2428 C:\Program Files\Viewpoint\Common\ViewpointService.exe

2464 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

2500 C:\PROGRA~1\AVG\AVG8\avgemc.exe

2984 C:\Program Files\AVG\AVG8\avgcsrvx.exe

708 alg.exe

2088 DMXLauncher.exe

3084 stsystra.exe

3148 CCAPP.EXE

3348 DLACTRLW.EXE

3352 issch.exe

3428 GoogleDesktop.exe

2120 Corel Photo Downloader.exe

3612 iTunesHelper.exe

3264 lxctmon.exe

3784 ezprint.exe

3916 pptd40nt.exe

4044 BrMfcWnd.exe

576 avgtray.exe

640 BrccMCtl.exe

2056 opwareSE2.exe

2616 DSAgnt.exe

2920 GoogleToolbarNotifier.exe

3328 BrMfcMon.exe

3568 Skype.exe

3660 C:\WINDOWS\system32\svchost.exe

2216 g2mstart.exe

3912 ctfmon.exe

4036 DLG.exe

3096 SyncInfoApp.exe

1104 g2mcomm.exe

2076 soffice.exe

3844 soffice.bin

1996 g2mlauncher.exe

2664 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

4388 C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

5768 C:\Program Files\iPod\bin\iPodService.exe

4816 skypePM.exe

5568 avgui.exe

5588 firefox.exe

5184 plugin-container.exe

1096 ISUSPM.exe

3316 agent.exe

4860 csrss.exe

1460 C:\WINDOWS\system32\winlogon.exe

4612 C:\WINDOWS\explorer.exe

2836 C:\WINDOWS\system32\rundll32.exe

2868 C:\WINDOWS\system32\wuauclt.exe

936 C:\WINDOWS\system32\rundll32.exe

3896 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

1828 C:\WINDOWS\stsystra.exe

5744 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

3720 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

3012 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

2772 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

4464 C:\Program Files\iTunes\iTunesHelper.exe

5556 C:\Program Files\Lexmark 5400 Series\lxctmon.exe

3028 C:\Program Files\Lexmark 5400 Series\ezprint.exe

1080 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

4200 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

2028 C:\PROGRA~1\AVG\AVG8\avgtray.exe

6596 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

6764 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

6944 C:\Program Files\Dell Support\DSAgnt.exe

7048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

7160 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

7324 C:\Program Files\Skype\Phone\Skype.exe

7396 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

6160 C:\Program Files\AIM\aim.exe

3668 C:\Program Files\Messenger\msmsgs.exe

6472 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

6580 C:\WINDOWS\system32\ctfmon.exe

7592 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

7792 C:\Program Files\Digital Line Detect\DLG.exe

8152 C:\Program Files\GE Security Supra\SyncInfoApp.exe

2596 C:\Program Files\Windows NT\Accessories\wordpad.exe

3132 C:\Program Files\Windows NT\Accessories\wordpad.exe

6272 C:\Program Files\OpenOffice.org 3\program\soffice.exe

6388 C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

6908 C:\Program Files\OpenOffice.org 3\program\soffice.bin

7028 C:\Program Files\Mozilla Firefox\firefox.exe

7676 wmiprvse.exe

8024 C:\Program Files\Skype\Plugin Manager\skypePM.exe

5724 C:\Program Files\Mozilla Firefox\plugin-container.exe

7500 C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe

6504 C:\Program Files\AVG\AVG8\avgscanx.exe

6448 C:\Program Files\AVG\AVG8\avgcsrvx.exe

5516 C:\Documents and Settings\Rafiq Ali\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Dell MBR code detected

SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

Link to post
Share on other sites

I reset my router and tried the scan again.

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Home Edition

Windows Information: Service Pack 2 (build 2600)

Logical Drives Mask: 0x000001ec

Kernel Drivers (total 150):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E3000 \WINDOWS\system32\hal.dll

0xF7987000 \WINDOWS\system32\KDCOM.DLL

0xF7897000 \WINDOWS\system32\BOOTVID.dll

0xF7358000 ACPI.sys

0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7347000 pci.sys

0xF7487000 isapnp.sys

0xF7A4F000 pciide.sys

0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7497000 MountMgr.sys

0xF7328000 ftdisk.sys

0xF74A7000 \WINDOWS\system32\drivers\CLASSPNP.SYS

0xF770F000 PartMgr.sys

0xF74B7000 VolSnap.sys

0xF72FA000 atapi.sys

0xF72C6000 nvata.sys

0xF74C7000 disk.sys

0xF72A6000 fltMgr.sys

0xF7294000 sr.sys

0xF727E000 DRVMCDB.SYS

0xF7717000 PxHelp20.sys

0xF7267000 KSecDD.sys

0xF71DA000 Ntfs.sys

0xF71AD000 NDIS.sys

0xF7192000 Mup.sys

0xF7547000 \SystemRoot\system32\DRIVERS\processr.sys

0xF6D83000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF6D6F000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF787F000 \SystemRoot\system32\DRIVERS\usbohci.sys

0xF6D4C000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF7887000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF7557000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF79A1000 \SystemRoot\System32\Drivers\DLACDBHM.SYS

0xF7567000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF7577000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF6D29000 \SystemRoot\system32\DRIVERS\ks.sys

0xF788F000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xF7587000 \SystemRoot\system32\DRIVERS\bcm4sbxp.sys

0xF6CF5000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys

0xF6BF6000 \SystemRoot\system32\DRIVERS\HSF_DP.sys

0xF6B4F000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF7727000 \SystemRoot\System32\Drivers\Modem.SYS

0xF6B29000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF7B96000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF7597000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF7947000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF6B12000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF75A7000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF75B7000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF7737000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF6B01000 \SystemRoot\system32\DRIVERS\psched.sys

0xF75C7000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF773F000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF7747000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF75D7000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF774F000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7757000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF79A3000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF6ACD000 \SystemRoot\system32\DRIVERS\update.sys

0xF7953000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF775F000 \SystemRoot\system32\DRIVERS\ss.sys

0xF6371000 \SystemRoot\system32\drivers\sthda.sys

0xF634F000 \SystemRoot\system32\drivers\portcls.sys

0xF7617000 \SystemRoot\system32\drivers\drmk.sys

0xF7627000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7647000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF79B5000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF7977000 \SystemRoot\system32\drivers\MODEMCSA.sys

0xF79BF000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xF79C1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF7B8B000 \SystemRoot\System32\Drivers\Null.SYS

0xF79C3000 \SystemRoot\System32\Drivers\Beep.SYS

0xF779F000 \SystemRoot\System32\Drivers\DLARTL_N.SYS

0xF77A7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF77AF000 \SystemRoot\System32\drivers\vga.sys

0xF79C5000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF79C7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF77B7000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF77BF000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF716E000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF3C22000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF3BCA000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF3B69000 \SystemRoot\System32\Drivers\SYMTDI.SYS

0xF2E75000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF2E50000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xF77E7000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0xF2E37000 \SystemRoot\System32\Drivers\avgtdix.sys

0xF2E0F000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF2DED000 \SystemRoot\System32\drivers\afd.sys

0xF7687000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF2D8A000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

0xF7527000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF793F000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF7537000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF7957000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xF2C82000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS

0xF2C57000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF2BE8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF631F000 \SystemRoot\System32\Drivers\Fips.SYS

0xF2B85000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0xF628F000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF2B66000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0xF777F000 \SystemRoot\System32\Drivers\avgmfx86.sys

0xF2B15000 \SystemRoot\System32\Drivers\avgldx86.sys

0xF2CA6000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xF2AD3000 \SystemRoot\System32\Drivers\dump_nvata.sys

0xF79ED000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xF7927000 \SystemRoot\System32\drivers\Dxapi.sys

0xF77FF000 \SystemRoot\System32\watchdog.sys

0xBF000000 \SystemRoot\System32\drivers\dxg.sys

0xF7BBB000 \SystemRoot\System32\drivers\dxgthk.sys

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xF2CD6000 \SystemRoot\System32\Drivers\DRVNDDM.SYS

0xF7B18000 \SystemRoot\System32\DLA\DLADResN.SYS

0xBA4D2000 \SystemRoot\System32\DLA\DLAIFS_M.SYS

0xBA550000 \SystemRoot\System32\DLA\DLAOPIOM.SYS

0xF7A15000 \SystemRoot\System32\DLA\DLAPoolM.SYS

0xF782F000 \SystemRoot\System32\DLA\DLABOIOM.SYS

0xBA4BA000 \SystemRoot\System32\DLA\DLAUDFAM.SYS

0xBA4A4000 \SystemRoot\System32\DLA\DLAUDF_M.SYS

0xF7847000 \SystemRoot\system32\DRIVERS\AegisP.sys

0xF2AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB9964000 \SystemRoot\System32\Drivers\SYMREDRV.SYS

0xB9688000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xF7807000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0xB9768000 \SystemRoot\system32\DRIVERS\usbscan.sys

0xF781F000 \SystemRoot\system32\DRIVERS\usbprint.sys

0xB93D9000 \SystemRoot\system32\DRIVERS\srv.sys

0xB9520000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB92AA000 \??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys

0xB91CD000 \SystemRoot\system32\drivers\wdmaud.sys

0xB97E4000 \SystemRoot\system32\drivers\sysaudio.sys

0xF7857000 \??\C:\WINDOWS\system32\drivers\symlcbrd.sys

0xB8A4F000 \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS

0xB8955000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NavEx15.Sys

0xB8942000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20071011.021\NAVENG.Sys

0xB880D000 \SystemRoot\System32\Drivers\HTTP.sys

0xB8E1F000 \SystemRoot\System32\Drivers\SYMDNS.SYS

0xB6B96000 \SystemRoot\System32\Drivers\SYMNDIS.SYS

0xB4957000 \SystemRoot\System32\Drivers\SYMFW.SYS

0xB50A6000 \SystemRoot\System32\Drivers\SYMIDS.SYS

0xB2C30000 \SystemRoot\system32\DRIVERS\rt73.sys

0xBFF50000 \SystemRoot\System32\TSDDD.dll

0xBF012000 \SystemRoot\System32\nv4_disp.dll

0xF79D5000 \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys

0xACF7A000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20100811.001\symidsco.sys

0xACCCC000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 130):

0 System Idle Process

4 System

844 C:\WINDOWS\system32\smss.exe

892 csrss.exe

916 C:\WINDOWS\system32\winlogon.exe

960 C:\WINDOWS\system32\services.exe

972 C:\WINDOWS\system32\lsass.exe

1180 C:\WINDOWS\system32\svchost.exe

1248 svchost.exe

1464 C:\WINDOWS\system32\svchost.exe

1624 svchost.exe

1696 svchost.exe

120 C:\Program Files\Common Files\Symantec Shared\CCSETMGR.EXE

188 C:\Program Files\Common Files\Symantec Shared\CCEVTMGR.EXE

308 C:\Program Files\Common Files\Symantec Shared\CCPROXY.EXE

320 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

380 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

432 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

1060 C:\WINDOWS\system32\spoolsv.exe

1328 svchost.exe

1380 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

1392 C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe

1416 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

1436 C:\Program Files\AirLink101\AWLL5026\WLService.exe

1452 C:\Program Files\AirLink101\AWLL5026\AWLL5026.exe

1456 C:\Program Files\GE Security Supra\SyncService.exe

1508 C:\Program Files\AVG\AVG8\avgrsx.exe

1912 C:\Program Files\Java\jre6\bin\jqs.exe

2024 C:\WINDOWS\system32\lxctcoms.exe

1900 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

652 C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE

744 C:\Program Files\GE Security Supra\ProxyDaemon.exe

804 C:\WINDOWS\system32\nvsvc32.exe

876 C:\SSL\stunnel-4.10.exe

1364 C:\WINDOWS\system32\cryptainersrv.exe

2188 explorer.exe

2408 C:\WINDOWS\system32\svchost.exe

2428 C:\Program Files\Viewpoint\Common\ViewpointService.exe

2464 C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

2500 C:\PROGRA~1\AVG\AVG8\avgemc.exe

2984 C:\Program Files\AVG\AVG8\avgcsrvx.exe

708 alg.exe

2088 DMXLauncher.exe

3084 stsystra.exe

3148 CCAPP.EXE

3348 DLACTRLW.EXE

3352 issch.exe

3428 GoogleDesktop.exe

2120 Corel Photo Downloader.exe

3612 iTunesHelper.exe

3264 lxctmon.exe

3784 ezprint.exe

3916 pptd40nt.exe

4044 BrMfcWnd.exe

576 avgtray.exe

640 BrccMCtl.exe

2056 opwareSE2.exe

2616 DSAgnt.exe

2920 GoogleToolbarNotifier.exe

3328 BrMfcMon.exe

3568 Skype.exe

3660 C:\WINDOWS\system32\svchost.exe

2216 g2mstart.exe

3912 ctfmon.exe

4036 DLG.exe

3096 SyncInfoApp.exe

1104 g2mcomm.exe

2076 soffice.exe

3844 soffice.bin

1996 g2mlauncher.exe

2664 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

4388 C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE

5768 C:\Program Files\iPod\bin\iPodService.exe

4816 skypePM.exe

5568 avgui.exe

5588 firefox.exe

5184 plugin-container.exe

1096 ISUSPM.exe

3316 agent.exe

4860 csrss.exe

1460 C:\WINDOWS\system32\winlogon.exe

4612 C:\WINDOWS\explorer.exe

2836 C:\WINDOWS\system32\rundll32.exe

2868 C:\WINDOWS\system32\wuauclt.exe

936 C:\WINDOWS\system32\rundll32.exe

3896 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

1828 C:\WINDOWS\stsystra.exe

5744 C:\Program Files\Common Files\Symantec Shared\CCAPP.EXE

3720 C:\WINDOWS\system32\DLA\DLACTRLW.EXE

3012 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

2772 C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe

4464 C:\Program Files\iTunes\iTunesHelper.exe

5556 C:\Program Files\Lexmark 5400 Series\lxctmon.exe

3028 C:\Program Files\Lexmark 5400 Series\ezprint.exe

1080 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

4200 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

2028 C:\PROGRA~1\AVG\AVG8\avgtray.exe

6596 C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe

6764 C:\Program Files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

6944 C:\Program Files\Dell Support\DSAgnt.exe

7048 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

7160 C:\Program Files\Brother\Brmfcmon\BrMfcMon.exe

7324 C:\Program Files\Skype\Phone\Skype.exe

7396 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

6160 C:\Program Files\AIM\aim.exe

3668 C:\Program Files\Messenger\msmsgs.exe

6472 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

6580 C:\WINDOWS\system32\ctfmon.exe

7592 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

7792 C:\Program Files\Digital Line Detect\DLG.exe

8152 C:\Program Files\GE Security Supra\SyncInfoApp.exe

2596 C:\Program Files\Windows NT\Accessories\wordpad.exe

3132 C:\Program Files\Windows NT\Accessories\wordpad.exe

6272 C:\Program Files\OpenOffice.org 3\program\soffice.exe

6388 C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe

6908 C:\Program Files\OpenOffice.org 3\program\soffice.bin

7028 C:\Program Files\Mozilla Firefox\firefox.exe

7676 wmiprvse.exe

8024 C:\Program Files\Skype\Plugin Manager\skypePM.exe

5724 C:\Program Files\Mozilla Firefox\plugin-container.exe

1976 C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\msgup1000_1270_us_u2.exe

384 C:\DOCUME~1\RAFIQA~1\LOCALS~1\temp\nsu42.tmp\ymsgr_suite_setup.exe

2824 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe

7748 C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

10076 C:\WINDOWS\system32\dwwin.exe

10148 C:\Program Files\Apple Software Update\SoftwareUpdate.exe

6376 C:\PROGRA~1\AVG\AVG8\avgnsx.exe

9668 C:\Program Files\AVG\AVG8\avgscanx.exe

9312 C:\Program Files\AVG\AVG8\avgcsrvx.exe

2480 C:\Documents and Settings\Rafiq Ali\My Documents\Downloads\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST3160815AS, Rev: 3.ADA

Size Device Name MBR Status

--------------------------------------------

149 GB \\.\PhysicalDrive0 Dell MBR code detected

SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

Link to post
Share on other sites

  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.