Jump to content

hijack.folderoptions


Recommended Posts

Hi guys,

My mbam has picked up hijack.folderoptions.

I have been fighting this for a few days. At first, it would hijack every page I clicked on while using the internet and would not allow me to open new programs, folder, etc. After running mbam several times, I have kept deleting new threats that were found. This is the latest mbam log:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5190

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 8.0.6001.18702

11/28/2010 9:56:11 AM

mbam-log-2010-11-28 (09-56-11).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 264970

Time elapsed: 1 hour(s), 5 minute(s), 34 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Any help is deeply appreciated...

Link to post
Share on other sites

OTL logfile created on: 11/28/2010 12:29:55 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 37.21 Gb Free Space | 49.93% Space Free | Partition Type: NTFS

Computer Name: RIDER-ABDD23B8E | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/28 12:28:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\OTL.exe

PRC - [2010/11/25 23:36:25 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe

PRC - [2010/10/29 10:08:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/29 10:08:10 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2010/10/08 17:18:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

PRC - [2010/08/13 14:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

PRC - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe

PRC - [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

PRC - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe

PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

PRC - [2010/01/14 21:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\CTskMstr.exe

PRC - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

PRC - [2009/11/03 14:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/11/03 14:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009/08/31 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

PRC - [2009/08/31 19:07:00 | 000,124,240 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

PRC - [2009/08/31 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe

PRC - [2009/08/31 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

PRC - [2009/08/31 19:07:00 | 000,027,960 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

PRC - [2009/08/31 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

PRC - [2009/08/17 12:52:08 | 002,043,904 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

PRC - [2009/08/17 12:52:08 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

PRC - [2009/08/17 12:50:32 | 008,919,040 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

PRC - [2009/01/16 15:00:00 | 000,226,624 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

PRC - [2009/01/16 15:00:00 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\UdaterUI.exe

PRC - [2009/01/16 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe

PRC - [2009/01/16 15:00:00 | 000,091,456 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\McTray.exe

PRC - [2008/04/14 07:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/22 11:43:38 | 001,245,184 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2008/02/22 11:40:20 | 000,475,136 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

PRC - [2007/05/11 00:46:20 | 000,624,248 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

PRC - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\stacsv.exe

PRC - [2007/05/10 09:22:32 | 000,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

PRC - [2005/03/10 11:40:30 | 000,757,760 | ---- | M] (Eastman Kodak Company) -- C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

PRC - [2004/02/13 16:12:08 | 000,016,423 | ---- | M] () -- C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

========== Modules (SafeList) ==========

MOD - [2010/11/28 12:28:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\OTL.exe

MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2010/01/14 21:16:14 | 000,316,928 | ---- | M] (Pharos Systems International) -- C:\Program Files\PharosSystems\Core\PrnTrack.dll

MOD - [2008/04/14 07:00:00 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll

MOD - [2008/04/14 07:00:00 | 000,198,144 | ---- | M] () -- C:\WINDOWS\otesodefak.dll

MOD - [2008/04/14 07:00:00 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll

MOD - [2004/02/11 18:58:16 | 000,024,613 | ---- | M] (BackWeb) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Local Settings\Temp\IadHide5.dll

========== Win32 Services (SafeList) ==========

SRV - [2010/11/25 23:36:25 | 000,057,752 | ---- | M] (Absolute Software Corp.) [Auto | Running] -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet) Remote Procedure Call (RPC)

SRV - [2010/10/08 17:18:50 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/13 14:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)

SRV - [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2010/08/02 16:09:55 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/01/14 21:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)

SRV - [2009/11/03 14:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/11/03 14:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2009/11/03 14:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/11/03 14:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2009/08/31 19:07:00 | 000,146,448 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe -- (McShield)

SRV - [2009/08/31 19:07:00 | 000,070,728 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)

SRV - [2009/08/31 19:07:00 | 000,066,896 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)

SRV - [2009/08/31 19:07:00 | 000,021,256 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe -- (McAfeeEngineService)

SRV - [2009/08/17 12:52:08 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)

SRV - [2009/06/16 11:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)

SRV - [2009/01/16 15:00:00 | 000,103,744 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)

SRV - [2008/02/22 11:40:20 | 000,475,136 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe -- (NICCONFIGSVC)

SRV - [2007/05/10 09:23:50 | 000,094,208 | ---- | M] (SigmaTel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)

========== Driver Services (SafeList) ==========

DRV - [2010/08/02 16:10:08 | 000,126,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/08/02 16:10:08 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/10/26 04:47:30 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel®

DRV - [2009/08/31 19:07:00 | 000,343,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/08/31 19:07:00 | 000,091,672 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/08/31 19:07:00 | 000,075,704 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)

DRV - [2009/08/31 19:07:00 | 000,065,448 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)

DRV - [2009/08/31 19:07:00 | 000,063,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)

DRV - [2009/08/31 19:07:00 | 000,043,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/03/11 13:04:00 | 006,251,168 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2009/02/13 14:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)

DRV - [2008/08/13 15:23:56 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)

DRV - [2008/04/14 07:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2007/12/23 16:18:48 | 000,068,696 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2)

DRV - [2007/08/02 16:35:12 | 000,989,952 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2007/08/02 16:34:30 | 000,211,200 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2007/08/02 16:34:26 | 000,731,136 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2007/05/10 09:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)

DRV - [2007/02/16 14:46:00 | 000,160,256 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)

DRV - [2005/08/12 15:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/?ref=logo"

FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z007&form=ZGAADF&q="

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2010/10/17 10:58:37 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\extensions\\{90794FA8-C7E4-4DE0-99CF-BD9C4395F632}: C:\Documents and Settings\Administrator.RIDER-6D092D348\Local Settings\Application Data\{90794FA8-C7E4-4DE0-99CF-BD9C4395F632} [2010/11/25 03:05:09 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/14 22:24:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 10:08:17 | 000,000,000 | ---D | M]

[2010/10/15 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Extensions

[2010/10/15 17:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/11/28 10:16:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Firefox\Profiles\6ibzcate.default\extensions

[2010/10/14 01:06:25 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Firefox\Profiles\6ibzcate.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2010/10/19 17:52:46 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Firefox\Profiles\6ibzcate.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/25 03:03:25 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Mozilla\Firefox\Profiles\6ibzcate.default\searchplugins\bing-zugo.xml

[2010/11/28 10:16:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/10/17 11:05:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2009/08/31 19:07:00 | 000,023,864 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll

[2010/09/15 06:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/11/25 12:18:50 | 000,001,919 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2008/04/14 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll (McAfee, Inc.)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files\whitesmoketoolbar\whitesmoketoolbarX.dll ()

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)

O4 - HKLM..\Run: [intelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)

O4 - HKLM..\Run: [intelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)

O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [Ocezufew] C:\WINDOWS\otesodefak.DLL ()

O4 - HKLM..\Run: [shStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)

O4 - HKLM..\Run: [sigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\Administrator.RIDER-6D092D348\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)

O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)

O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator.RIDER-6D092D348\My Documents\My Pictures\2560x1600-rider03ec.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator.RIDER-6D092D348\My Documents\My Pictures\2560x1600-rider03ec.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/05/25 11:58:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/28 12:28:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\OTL.exe

[2010/11/28 10:44:09 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys

[2010/11/28 10:44:01 | 000,126,856 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys

[2010/11/28 10:44:01 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

[2010/11/28 10:44:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys

[2010/11/28 10:44:01 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys

[2010/11/28 10:43:59 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2010/11/28 10:43:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira

[2010/11/25 23:36:26 | 000,013,160 | ---- | C] (Absolute Software Corp.) -- C:\WINDOWS\System32\Upgrd.exe

[2010/11/25 17:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Malwarebytes

[2010/11/25 17:54:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/25 17:54:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/25 17:54:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes

[2010/11/25 17:54:12 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/11/25 17:36:45 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC

[2010/11/25 12:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\whitesmoketoolbar

[2010/11/25 12:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%

[2010/11/25 03:05:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Local Settings\Application Data\{90794FA8-C7E4-4DE0-99CF-BD9C4395F632}

[2010/11/25 03:04:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\whitesmoketoolbar

[2010/11/25 03:03:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\HPAppData

[2010/11/25 03:03:14 | 000,000,000 | ---D | C] -- C:\QUARANTINE

[2010/11/15 16:43:19 | 000,000,000 | ---D | C] -- C:\Program Files\Ares

[2010/11/15 16:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Local Settings\Application Data\Ares

[2010/11/08 12:01:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun

[2010/11/01 19:32:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/28 12:28:18 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\OTL.exe

[2010/11/28 11:13:17 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\jxobuy.job

[2010/11/28 10:44:26 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk

[2010/11/28 10:40:33 | 000,066,151 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001

[2010/11/28 10:40:20 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/11/28 10:38:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pxuyogerutewotev.bin

[2010/11/28 10:38:43 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe

[2010/11/28 10:38:42 | 000,195,973 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/11/28 10:38:41 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll

[2010/11/28 10:38:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/11/28 09:58:51 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll

[2010/11/26 22:17:41 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/26 03:13:36 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Adesilil.dat

[2010/11/25 23:36:34 | 000,013,160 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\Upgrd.exe

[2010/11/25 23:36:25 | 000,057,752 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.exe

[2010/11/25 12:18:05 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk

[2010/11/25 02:54:47 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/11/25 02:54:47 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/11/24 16:44:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\iTunes.lnk

[2010/11/23 18:15:58 | 000,032,087 | ---- | M] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\.recently-used.xbel

[2010/11/15 16:43:22 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\Ares.lnk

[2010/11/14 23:45:03 | 001,485,824 | R--- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\ESBK.mbb

[2010/11/14 23:45:03 | 001,091,584 | R--- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Documents\ESBK.mb

[2010/11/12 09:04:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/28 10:44:26 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Avira AntiVir Control Center.lnk

[2010/11/25 17:38:31 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/11/25 12:18:04 | 000,001,072 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk

[2010/11/25 11:13:24 | 000,000,358 | ---- | C] () -- C:\WINDOWS\tasks\jxobuy.job

[2010/11/25 03:05:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pxuyogerutewotev.bin

[2010/11/25 03:05:13 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Adesilil.dat

[2010/11/23 18:15:58 | 000,032,087 | ---- | C] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\.recently-used.xbel

[2010/11/15 16:43:22 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\Ares.lnk

[2010/10/17 10:23:45 | 000,004,766 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Application Data\hpzinstall.log

[2010/10/08 18:16:43 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\iPod Access v4 Prefs

[2010/10/08 18:15:59 | 000,000,011 | -H-- | C] () -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\iPodAccess_Time

[2010/06/29 11:23:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2010/06/23 14:34:33 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WININIT.INI

[2010/06/22 14:06:30 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2010/06/22 14:06:30 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2010/06/22 14:06:28 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2010/06/22 14:06:27 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2010/06/17 14:32:38 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\rpcnetp.dll

[2010/06/17 10:06:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2008/04/14 07:00:00 | 000,198,144 | ---- | C] () -- C:\WINDOWS\otesodefak.dll

[2007/02/09 19:26:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2000/09/08 19:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2010/11/23 18:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\gtk-2.0

[2010/11/28 10:39:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\LimeWire

[2010/10/08 18:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\Western Digital

[2010/11/25 03:06:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator.RIDER-6D092D348\Application Data\whitesmoketoolbar

[2010/10/08 18:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Western Digital

[2010/10/08 18:11:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010/11/28 11:13:17 | 000,000,358 | ---- | M] () -- C:\WINDOWS\Tasks\jxobuy.job

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 11/28/2010 12:29:55 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 73.00 Mb Available Physical Memory | 7.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 44.00% Paging File free

Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.53 Gb Total Space | 37.21 Gb Free Space | 49.93% Space Free | Partition Type: NTFS

Computer Name: RIDER-ABDD23B8E | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"427:TCP" = 427:TCP:LocalSubNet:Enabled:SLP_Port(427)_TCP

"427:UDP" = 427:UDP:LocalSubNet:Enabled:SLP_Port(427)_UDP

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)

"C:\Program Files\PharosSystems\Core\CTskMstr.exe" = C:\Program Files\PharosSystems\Core\CTskMstr.exe:*:Enabled:Pharos Com Task Master -- (Pharos Systems International)

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"D:\setup\hpznui01.exe" = D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{03A7C57A-B2C8-409b-92E5-524A0DFD0DD3}" = Status

"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data

"{087A66B8-1F0F-4a8d-A649-0CFE276AA7C0}" = WebReg

"{10E98E14-832C-4AF7-A4D1-6A9EF83B282E}" = VCAMCEN

"{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 22

"{2A329FB6-389D-4396-A974-29656D6864AE}" = MarketResearch

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter

"{4D304678-738E-42a0-931A-2B022F49DEB8}" = TrayApp

"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan

"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini

"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update

"{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}" = McAfee Agent

"{800E784D-53E3-4948-B491-9E7FA5EACBDC}" = SmartWebPrinting

"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software

"{83C57C58-FDD7-4d86-BFCC-9D31CC4EFA71}" = 6500_E709n

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12

"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007

"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007

"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007

"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox

"{AC76BA86-1033-0000-BA7E-000000000003}" = Adobe Acrobat 8 Standard

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C29C1940-CB85-4F3B-906C-33FEE0E67103}" = DocMgr

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C861921A-E002-498F-9800-153CCBABB9C9}" = 32 Bit HP CIO Components Installer

"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}" = Broadcom Gigabit Integrated Controller

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DD7A785B-45C9-4DDB-A726-0889F7A9C006}" = WD SmartWare

"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax

"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component

"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help

"{F2D0C1B1-80FF-46F9-BA61-33B01A07FAFC}" = HLPCCTR

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F769B78E-FF0E-4db5-95E2-9F4C8D6352FE}" = DeviceDiscovery

"{FA0F0A01-4631-4161-A6C2-948BF694382E}" = HP Officejet 6500 E709 Series

"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock

"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Adobe Acrobat 8 Standard" = Adobe Acrobat 8.1.0 Standard

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Ares" = Ares 2.1.7

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem

"HP Document Manager" = HP Document Manager 2.0

"HP Imaging Device Functions" = HP Imaging Device Functions 12.0

"HP Smart Web Printing" = HP Smart Web Printing

"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0

"HPExtendedCapabilities" = HP Customer Participation Program 12.0

"HPOCR" = OCR Software by I.R.I.S. 12.0

"ie8" = Windows Internet Explorer 8

"InstallShield_{EDC2B89F-3F72-48EA-B63E-985BC51622E4}" = OZ776 SCR Driver V1.1.4.202

"LimeWire" = LimeWire 5.5.16

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"NVIDIA Drivers" = NVIDIA Drivers

"Pharos" = Pharos

"Picasa 3" = Picasa 3

"PROHYBRIDR" = 2007 Microsoft Office system

"ProInst" = Intel PROSet Wireless

"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5

"WinGimp-2.0_is1" = GIMP 2.6.11

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 11/25/2010 8:47:42 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 359610

Error - 11/25/2010 8:47:44 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/25/2010 8:47:44 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 361563

Error - 11/25/2010 8:47:44 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 361563

Error - 11/25/2010 8:47:46 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/25/2010 8:47:46 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 363516

Error - 11/25/2010 8:47:46 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 363516

Error - 11/25/2010 8:47:48 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

Error - 11/25/2010 8:47:48 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 365469

Error - 11/25/2010 8:47:48 AM | Computer Name = RIDER-ABDD23B8E | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 365469

< End of report >

Link to post
Share on other sites

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0200000c

Kernel Drivers (total 135):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E4000 \WINDOWS\system32\hal.dll

0x8705F000 \WINDOWS\system32\KDCOM.DLL

0xF79D8000 \WINDOWS\system32\BOOTVID.dll

0xF7495000 ACPI.sys

0xF7AC4000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xF7484000 pci.sys

0xF75C4000 isapnp.sys

0xF75D4000 ohci1394.sys

0xF75E4000 \WINDOWS\system32\DRIVERS\1394BUS.SYS

0xF79DC000 compbatt.sys

0xF79E0000 \WINDOWS\system32\DRIVERS\BATTC.SYS

0xF7B8C000 pciide.sys

0xF7844000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xF7466000 pcmcia.sys

0xF75F4000 MountMgr.sys

0xF7447000 ftdisk.sys

0xF784C000 PartMgr.sys

0xF7604000 VolSnap.sys

0xF742F000 atapi.sys

0xF7614000 disk.sys

0xF7624000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xF740F000 fltMgr.sys

0xF7854000 PxHelp20.sys

0xF73F8000 KSecDD.sys

0xF736B000 Ntfs.sys

0xF733E000 NDIS.sys

0xF7324000 Mup.sys

0xF72D2000 mfehidk.sys

0xF7754000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xF5939000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xF5925000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xF79BC000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xF5901000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xF79C4000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xF58D9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xF54D2000 \SystemRoot\system32\DRIVERS\NETw5x32.sys

0xF7764000 \SystemRoot\system32\DRIVERS\nic1394.sys

0xF7774000 \SystemRoot\system32\DRIVERS\i8042prt.sys

0xF79CC000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xF7864000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xF7784000 \SystemRoot\system32\DRIVERS\serial.sys

0xF7AC0000 \SystemRoot\system32\DRIVERS\serenum.sys

0xF7794000 \SystemRoot\system32\DRIVERS\imapi.sys

0xF77A4000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xF77B4000 \SystemRoot\system32\DRIVERS\redbook.sys

0xF54AF000 \SystemRoot\system32\DRIVERS\ks.sys

0xF7884000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0xF72AA000 \SystemRoot\system32\DRIVERS\CmBatt.sys

0xF72A6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0xF7AFC000 \SystemRoot\system32\DRIVERS\serscan.sys

0xF7C37000 \SystemRoot\system32\DRIVERS\audstub.sys

0xF77C4000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xF72A2000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xF5498000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xF77D4000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xF5FC0000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xF788C000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xF5487000 \SystemRoot\system32\DRIVERS\psched.sys

0xF5FB0000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xF7894000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xF789C000 \SystemRoot\system32\DRIVERS\raspti.sys

0xF5457000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xF5FA0000 \SystemRoot\system32\DRIVERS\termdd.sys

0xF7AFE000 \SystemRoot\system32\DRIVERS\swenum.sys

0xF53F9000 \SystemRoot\system32\DRIVERS\update.sys

0xF6B27000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xF7814000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xF7824000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xF7B0A000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xF2E25000 \SystemRoot\system32\drivers\sthda.sys

0xF2E01000 \SystemRoot\system32\drivers\portcls.sys

0xF76B4000 \SystemRoot\system32\drivers\drmk.sys

0xF2D2D000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys

0xF2C3B000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys

0xF2B88000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xF7924000 \SystemRoot\System32\Drivers\Modem.SYS

0xF7B50000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xF104F000 \SystemRoot\System32\Drivers\Null.SYS

0xF7B52000 \SystemRoot\System32\Drivers\Beep.SYS

0xF1699000 \SystemRoot\System32\drivers\vga.sys

0xF7B54000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xF7B56000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xF1691000 \SystemRoot\System32\Drivers\Msfs.SYS

0xF1689000 \SystemRoot\System32\Drivers\Npfs.SYS

0xF335F000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xF096D000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xF0914000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xF119F000 \SystemRoot\system32\drivers\mfetdik.sys

0xF08C6000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xF089E000 \SystemRoot\system32\DRIVERS\netbt.sys

0xF118F000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xF0872000 \SystemRoot\System32\drivers\afd.sys

0xF117F000 \SystemRoot\system32\DRIVERS\netbios.sys

0xF116F000 \SystemRoot\system32\DRIVERS\arp1394.sys

0xF0847000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xF07D7000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xF1001000 \SystemRoot\System32\Drivers\Fips.SYS

0xF1D7D000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xF0FF1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xF1681000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xF09C8000 \SystemRoot\system32\DRIVERS\NuidFltr.sys

0xF0F81000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS

0xEFE7E000 \SystemRoot\system32\DRIVERS\Wdf01000.sys

0xF0718000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xF0E1C000 \SystemRoot\System32\Drivers\oz776.sys

0xF0714000 \SystemRoot\System32\Drivers\SMCLIB.SYS

0xF0710000 \SystemRoot\SYSTEM32\DRIVERS\APPDRV.SYS

0xEBF30000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xEB02D000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xF7B58000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xEB91A000 \SystemRoot\System32\drivers\Dxapi.sys

0xEB77B000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xEFF44000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBFFA0000 \SystemRoot\System32\ATMFD.DLL

0xF53E1000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xED0EB000 \SystemRoot\system32\DRIVERS\s24trans.sys

0xB8783000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB86F6000 \SystemRoot\system32\drivers\wdmaud.sys

0xF49BD000 \SystemRoot\system32\drivers\sysaudio.sys

0xB8508000 \SystemRoot\system32\DRIVERS\srv.sys

0xB8490000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xEB627000 \??\C:\WINDOWS\system32\Drivers\mchInjDrv.sys

0xB6D0F000 \SystemRoot\system32\drivers\mfeapfk.sys

0xB8068000 \SystemRoot\system32\drivers\mfebopk.sys

0xB6CFA000 \SystemRoot\system32\drivers\mfeavfk.sys

0xB6A9C000 \SystemRoot\System32\Drivers\HTTP.sys

0xB613E000 \SystemRoot\system32\DRIVERS\avipbb.sys

0xF7AF0000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys

0xB6129000 \SystemRoot\system32\DRIVERS\avgntflt.sys

0xB531E000 \SystemRoot\system32\drivers\kmixer.sys

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 79):

0 System Idle Process

4 System

612 C:\WINDOWS\system32\smss.exe

672 C:\WINDOWS\system32\csrss.exe

704 C:\WINDOWS\system32\winlogon.exe

752 C:\WINDOWS\system32\services.exe

764 C:\WINDOWS\system32\lsass.exe

940 C:\WINDOWS\system32\svchost.exe

1008 C:\WINDOWS\system32\svchost.exe

1144 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

1208 C:\WINDOWS\system32\svchost.exe

1260 C:\WINDOWS\system32\svchost.exe

1536 C:\WINDOWS\system32\spoolsv.exe

1596 C:\WINDOWS\system32\scardsvr.exe

1656 C:\WINDOWS\system32\svchost.exe

1688 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1708 C:\Program Files\Bonjour\mDNSResponder.exe

1752 C:\Program Files\Intel\WiFi\bin\EvtEng.exe

1824 C:\WINDOWS\system32\svchost.exe

140 C:\WINDOWS\system32\svchost.exe

264 C:\Program Files\Java\jre6\bin\jqs.exe

272 C:\WINDOWS\explorer.exe

352 C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe

488 C:\Program Files\McAfee\Common Framework\FrameworkService.exe

968 C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe

1324 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

1376 C:\Program Files\McAfee\Common Framework\naPrdMgr.exe

1420 C:\WINDOWS\system32\mfevtps.exe

1552 C:\WINDOWS\system32\svchost.exe

1980 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe

2028 C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

2056 C:\WINDOWS\system32\nvsvc32.exe

2068 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

2084 C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe

2112 C:\WINDOWS\system32\rundll32.exe

2120 C:\WINDOWS\system32\rundll32.exe

2128 C:\Program Files\Dell\QuickSet\quickset.exe

2136 C:\Program Files\McAfee\Common Framework\UdaterUI.exe

2144 C:\Program Files\McAfee\VirusScan Enterprise\shstat.exe

2152 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

2168 C:\Program Files\iTunes\iTunesHelper.exe

2176 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

2184 C:\Program Files\Common Files\Java\Java Update\jusched.exe

2200 C:\WINDOWS\system32\ctfmon.exe

2256 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

2292 C:\PROGRA~1\PHAROS~1\Core\CTskMstr.exe

2364 C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe

2436 C:\Program Files\McAfee\Common Framework\McTray.exe

2444 C:\WINDOWS\system32\svchost.exe

2472 C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

2548 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe

2912 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

3012 C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe

3128 C:\WINDOWS\system32\rpcnet.exe

3492 C:\WINDOWS\system32\stacsv.exe

3928 C:\WINDOWS\system32\svchost.exe

4068 C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

544 C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

1968 C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe

2348 C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

2832 C:\WINDOWS\system32\wbem\unsecapp.exe

3564 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

416 C:\Program Files\iPod\bin\iPodService.exe

3768 C:\WINDOWS\system32\alg.exe

4320 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

4984 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

5688 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

308 C:\Program Files\Avira\AntiVir Desktop\avguard.exe

3452 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

1724 C:\Program Files\Avira\AntiVir Desktop\sched.exe

5308 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

3528 C:\Program Files\Internet Explorer\iexplore.exe

5148 C:\Program Files\Internet Explorer\iexplore.exe

2320 C:\WINDOWS\system32\svchost.exe

4764 C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

3624 C:\Program Files\Mozilla Firefox\firefox.exe

908 C:\Program Files\Mozilla Firefox\plugin-container.exe

240 C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\OTL.exe

1516 C:\Documents and Settings\Administrator.RIDER-6D092D348\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST980813AS, Rev: 3.ADB

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Windows XP MBR code detected

SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Link to post
Share on other sites

Hi,

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Here is a guide on how to disable them:
    Click me
    If you can't disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RcAuto1.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

Link to post
Share on other sites

  • 2 months later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.