Jump to content

whitesmoke toolbar, google redirect


Recommended Posts

Hi there. Thank you for helping me out with this.

So I noticed that my CPU was maxing out (svchost. In looking into this, I noticed that somehow the whitesmoke Toolbar was loaded onto my machine. In addition, when doing a google search, I occassionally get a redirected page instead of the page I selected.

One other thing I have noticed is that if I try to post from the infected computer I get the IE error page that says it cannot find the page.

I appreciate you help and time.

Smitty

dds.txt:

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.6001.18702

Run by TPLGuest at 9:24:23 on 2011-07-06

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1063 [GMT -6:00]

.

AV: Symantec AntiVirus Corporate Edition *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\rundll32.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\CENTENN.IAL\AUDIT\cagent32.exe

C:\CENTENN.IAL\AUDIT\xferwan.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\Citrix\ICA Client\ssonsvr.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\UPHClean\uphclean.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\dpmw32.exe

C:\WINDOWS\system32\NWTRAY.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE

C:\WINDOWS\V0350Mon.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Citrix\ICA Client\concentr.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

C:\Program Files\Citrix\ICA Client\PNAMAIN.EXE

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uWindow Title = Windows Internet Explorer provided by TPL Information Services

uInternet Settings,ProxyOverride = <local>

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\pagerage\YontooIEClient.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [GoToMeeting] "c:\program files\citrix\gotomeeting\457\g2mstart.exe" "/Trigger RunAtLogon"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized

mRun: [CleanIt] c:\program files\cleanit\cleanit.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [NDPS] c:\windows\system32\dpmw32.exe

mRun: [NWTRAY] NWTRAY.EXE

mRun: [Discovery User Input] c:\discovery\user input\userin32.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [EPSON Stylus Photo RX620 Series] c:\windows\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE /P31 "EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"

mRun: [V0350Mon.exe] c:\windows\V0350Mon.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Njicerulaze] rundll32.exe "c:\windows\ujujubijameh.dll",Startup

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\online~1.lnk - c:\windows\installer\{e5f3d1e9-006e-4435-85d6-483b66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

uPolicies-explorer: NoWinKeys = 01000000

uPolicies-explorer: NoRecentDocsNetHood = 01000000

uPolicies-explorer: NoSMMyDocs = 01000000

uPolicies-explorer: NoSMMyPictures = 01000000

uPolicies-explorer: NoNetworkConnections = 01000000

uPolicies-explorer: NoStrCmpLogical = 01000000

mPolicies-system: CompatibleRUPSecurity = 1 (0x1)

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Trusted Zone: facebook.com\upload

Trusted Zone: facebook.com\www

Trusted Zone: geocortex.com\resources

Trusted Zone: geocortex.net\redtail.tpl

Trusted Zone: ipkey.com\ssl

Trusted Zone: montereybayaquarium.org\www

Trusted Zone: parkscore.org

Trusted Zone: philzone.com\www

Trusted Zone: santafeopera.org\c1047

Trusted Zone: tpl.org

Trusted Zone: tplgis.org

Trusted Zone: umn.edu\dgisuserv01.uservices

Trusted Zone: united.com\travel

Trusted Zone: united.com\www

Trusted Zone: usaa.com\www

Trusted Zone: wunderground.com\stationdata

Trusted Zone: wunderground.com\www

Trusted Zone: tpl.org

DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/d/c/8/dc8362b3-f410-4e7d-b672-209d6bd8fcea/OGAControl.cab

DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - hxxp://24.227.71.42:1024/img/NetCamPlayerWeb.ocx

DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab

DPF: {44C1E3A2-B594-401C-B27A-D1B4476E4797} - hxxps://ssl.ipkey.com/XTSAC.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.4.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154979204218

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1196018782234

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://ssl.ipkey.com/MLWebCacheCleaner.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://cgi3.ocis.uncwil.edu/aquarius/AxisCamControl.ocx

DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab

DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF}

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://tpl.webex.com/client/v_mywebex-t20/webex/ieatgpc.cab

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{285B63A0-D5EA-4821-8438-236B1130BC3F} : DhcpNameServer = 74.2.112.177

TCP: Interfaces\{4C49C72C-F49D-4EE2-B4BC-6379A47B788D} : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{62398FD7-7064-465E-BFB1-05C56F39AC54} : DhcpNameServer = 74.2.112.177

TCP: Interfaces\{960D4CD9-943B-43E9-BD35-C4EF43C21ED2} : DhcpNameServer = 10.6.2.1 10.6.3.205 10.6.2.5

TCP: Interfaces\{C9634791-903A-40B2-99E0-9F0701A2FE9A} : DhcpNameServer = 74.2.112.177

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: itlntfy - itlnfw32.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

LSA: Authentication Packages = msv1_0 nwv1_0

.

============= SERVICES / DRIVERS ===============

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-10-5 65584]

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]

R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-3-14 116416]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]

R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [2008-1-28 12000]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-10 105592]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110705.002\naveng.sys [2011-7-5 86008]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110705.002\navex15.sys [2011-7-5 1542392]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2009-3-1 142656]

R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2009-3-1 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2009-3-1 170368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate1c99b98886fb008;Google Update Service (gupdate1c99b98886fb008);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]

S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2004-8-4 14336]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-2-10 30312]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-3-2 133104]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2006-4-25 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-15 22712]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-15 39984]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-2-10 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-2-10 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-2-10 121576]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-15 366640]

.

=============== Created Last 30 ================

.

2011-07-06 15:09:28 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}

2011-07-06 12:59:19 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{C6B96261-05CE-4D48-A890-C587E0164E04}

2011-07-06 06:43:37 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{9F934399-84DC-4E7A-B436-AF462E6CF742}

2011-06-29 03:20:40 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{406A9476-AEE7-4A9E-921D-77C8C216B449}

2011-06-28 04:58:41 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}

2011-06-28 02:33:36 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}

2011-06-27 04:56:48 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}

2011-06-25 16:12:08 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}

2011-06-25 15:28:53 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}

2011-06-25 03:37:44 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}

2011-06-25 00:07:08 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}

2011-06-24 21:08:26 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}

2011-06-24 18:42:57 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}

2011-06-24 12:51:29 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}

2011-06-24 04:39:57 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{615DF874-2262-4536-B0E0-516AAFDDA224}

2011-06-23 23:01:07 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}

2011-06-23 18:34:51 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{10A646F3-9019-4B16-87CD-10BB74465267}

2011-06-23 17:27:36 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{E319E19C-5844-4810-8723-7F2EF81D0D84}

2011-06-22 01:02:23 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{3612359B-26A6-4F87-B499-8988C372746A}

2011-06-21 02:55:49 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}

2011-06-17 18:59:00 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{B710F3D6-8A44-4295-9081-DF83767031EF}

2011-06-17 14:23:53 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{AA28FB6E-4748-45DF-84F2-2F741695E882}

2011-06-17 04:01:29 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}

2011-06-16 01:47:00 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}

2011-06-15 19:32:13 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}

2011-06-15 16:03:22 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-06-15 15:15:18 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-06-15 14:54:14 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-15 14:46:29 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\Secunia PSI

2011-06-15 14:46:11 -------- d-----w- c:\program files\Secunia

2011-06-15 13:37:22 -------- d-----w- c:\documents and settings\tplguest\application data\whitesmoketoolbar

2011-06-15 13:37:22 -------- d-----w- c:\documents and settings\tplguest\application data\vmntemplate

2011-06-15 13:37:07 -------- d-----w- c:\program files\whitesmoketoolbar

2011-06-15 13:23:59 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}

2011-06-15 08:38:24 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}

2011-06-15 06:04:45 -------- d-----w- c:\documents and settings\tplguest\application data\Malwarebytes

2011-06-15 06:04:39 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-15 06:04:38 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-15 06:04:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-15 06:04:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-15 06:02:34 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}

2011-06-15 05:56:20 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}

2011-06-15 05:20:19 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller

2011-06-15 04:25:18 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}

2011-06-15 04:10:33 -------- d-----w- c:\documents and settings\all users\application data\Norton

2011-06-07 05:03:19 0 ----a-w- c:\windows\Smumamotetaco.bin

2011-06-07 05:03:18 -------- d-----w- c:\documents and settings\tplguest\local settings\application data\{EDCE0277-1DA1-428E-B743-10365D585460}

2011-06-07 05:02:43 -------- d-----w- c:\program files\PageRage

2011-06-07 05:02:43 -------- d-----w- c:\documents and settings\all users\application data\Tarma Installer

.

==================== Find3M ====================

.

2011-07-06 15:09:05 12000 ----a-w- c:\windows\system32\drivers\CDProbe.SYS

2011-06-15 15:26:19 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-06-15 15:26:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600 Disk: ST380815AS rev.3.CHF -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A7E84D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8a7ee7f0]; MOV EAX, [0x8a7ee86c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x8A846AB8]

3 CLASSPNP[0xF763805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006b[0x8A86FF18]

5 ACPI[0xF75AE620] -> nt!IofCallDriver[0x804E13B9] -> [0x8A83E940]

\Driver\atapi[0x8A8CDA20] -> IRP_MJ_CREATE -> 0x8A7E84D0

error: Read A device attached to the system is not functioning.

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV SI, 0x7be; MOV CL, 0x4; CMP [sI], CH; JL 0x2d; JNZ 0x3b; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8A7E831B

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

============= FINISH: 9:26:30.92 ===============

mbam-log-2011-07-06 (00-39-26).zip

attach.zip

ark.zip

Link to post
Share on other sites

Hello SmittyNM and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hi D-Fred,

Thank you very much for taking the time to help me with this. So I have run the three programs you outlined above. After running the TDSSKiller my computer seems to be running better. i have not gotten any redirects and the CPU has not maxed out on me yet. I will keep an eye / ear on my computer to m ake sure everything runs smoothly as I use it more.

TDSSKiller Log:

2011/07/07 19:44:12.0718 3892 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:21

2011/07/07 19:44:13.0640 3892 ================================================================================

2011/07/07 19:44:13.0640 3892 SystemInfo:

2011/07/07 19:44:13.0640 3892

2011/07/07 19:44:13.0640 3892 OS Version: 5.1.2600 ServicePack: 2.0

2011/07/07 19:44:13.0640 3892 Product type: Workstation

2011/07/07 19:44:13.0640 3892 ComputerName: DESKTOP12-01-07

2011/07/07 19:44:13.0640 3892 UserName: TPLGuest

2011/07/07 19:44:13.0640 3892 Windows directory: C:\WINDOWS

2011/07/07 19:44:13.0640 3892 System windows directory: C:\WINDOWS

2011/07/07 19:44:13.0640 3892 Processor architecture: Intel x86

2011/07/07 19:44:13.0640 3892 Number of processors: 2

2011/07/07 19:44:13.0640 3892 Page size: 0x1000

2011/07/07 19:44:13.0640 3892 Boot type: Normal boot

2011/07/07 19:44:13.0640 3892 ================================================================================

2011/07/07 19:44:14.0500 3892 Initialize success

2011/07/07 19:44:23.0640 2204 ================================================================================

2011/07/07 19:44:23.0640 2204 Scan started

2011/07/07 19:44:23.0640 2204 Mode: Manual;

2011/07/07 19:44:23.0640 2204 ================================================================================

2011/07/07 19:44:27.0703 2204 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys

2011/07/07 19:44:28.0312 2204 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/07 19:44:28.0937 2204 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/07 19:44:30.0062 2204 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/07 19:44:31.0031 2204 adpu320 (0ea9b1f0c6c90a509c8603775366adb7) C:\WINDOWS\system32\DRIVERS\adpu320.sys

2011/07/07 19:44:31.0578 2204 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys

2011/07/07 19:44:32.0078 2204 AFD (6a0397376853e604de8e1e7a87fc08ac) C:\WINDOWS\System32\drivers\afd.sys

2011/07/07 19:44:33.0875 2204 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/07 19:44:35.0203 2204 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/07 19:44:36.0359 2204 androidusb (dd8d9c597af7cd2f6b70a3d6a4a1acea) C:\WINDOWS\system32\Drivers\ssadadb.sys

2011/07/07 19:44:37.0843 2204 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/07 19:44:38.0234 2204 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/07 19:44:39.0359 2204 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/07 19:44:39.0656 2204 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/07 19:44:40.0046 2204 b57w2k (3a3a82ffd268bcfb7ae6a48cecf00ad9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys

2011/07/07 19:44:40.0390 2204 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/07 19:44:40.0671 2204 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/07 19:44:41.0125 2204 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2011/07/07 19:44:43.0546 2204 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/07 19:44:43.0937 2204 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/07 19:44:44.0859 2204 CdProbe (50ab02a4235f0f180f32bb3b24f7c160) C:\WINDOWS\system32\DRIVERS\CDProbe.SYS

2011/07/07 19:44:45.0218 2204 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\WINDOWS\system32\drivers\Cdr4_xp.sys

2011/07/07 19:44:45.0593 2204 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\WINDOWS\system32\drivers\Cdralw2k.sys

2011/07/07 19:44:45.0953 2204 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/07 19:44:47.0468 2204 ctxusbm (cb6ff7012bb5d59d7c12350db795ce1f) C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

2011/07/07 19:44:48.0796 2204 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/07 19:44:49.0312 2204 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/07 19:44:49.0656 2204 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/07 19:44:49.0921 2204 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/07 19:44:50.0359 2204 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/07 19:44:50.0890 2204 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/07 19:44:51.0312 2204 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/07 19:44:51.0687 2204 DVDVRRdr_xp (668ffa03397aa70aae3bff2c81775a59) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys

2011/07/07 19:44:52.0046 2204 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/07 19:44:52.0500 2204 e1express (17aaca24903e6d5faece3c35de01d3dd) C:\WINDOWS\system32\DRIVERS\e1e5132.sys

2011/07/07 19:44:52.0640 2204 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/07/07 19:44:52.0687 2204 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/07/07 19:44:53.0031 2204 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/07 19:44:53.0750 2204 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/07 19:44:54.0859 2204 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/07 19:44:55.0281 2204 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/07 19:44:55.0703 2204 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2011/07/07 19:44:56.0125 2204 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/07 19:44:56.0750 2204 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/07 19:44:57.0062 2204 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys

2011/07/07 19:44:57.0703 2204 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/07 19:44:58.0093 2204 HdAudAddService (2a013e7530beab6e569faa83f517e836) C:\WINDOWS\system32\drivers\HdAudio.sys

2011/07/07 19:44:58.0890 2204 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/07 19:44:59.0343 2204 HECI (c865d1f6d03595df213dc3c67e4e4c58) C:\WINDOWS\system32\DRIVERS\HECI.sys

2011/07/07 19:44:59.0953 2204 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/07 19:45:00.0781 2204 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/07 19:45:01.0921 2204 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/07 19:45:02.0375 2204 i81x (06b7ef73ba5f302eecc294cdf7e19702) C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

2011/07/07 19:45:02.0781 2204 iAimFP0 (7b5b44efe5eb9dadfb8ee29700885d23) C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

2011/07/07 19:45:03.0062 2204 iAimFP1 (eb1f6bab6c22ede0ba551b527475f7e9) C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

2011/07/07 19:45:03.0734 2204 iAimFP2 (03ce989d846c1aa81145cb22fcb86d06) C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

2011/07/07 19:45:04.0046 2204 iAimFP3 (525849b4469de021d5d61b4db9be3a9d) C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

2011/07/07 19:45:04.0437 2204 iAimFP4 (589c2bcdb5bd602bf7b63d210407ef8c) C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

2011/07/07 19:45:04.0750 2204 iAimFP5 (0308aef61941e4af478fa1a0f83812f5) C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

2011/07/07 19:45:05.0031 2204 iAimFP6 (714038a8aa5de08e12062202cd7eaeb5) C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

2011/07/07 19:45:05.0468 2204 iAimFP7 (7bb3aa595e4507a788de1cdc63f4c8c4) C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

2011/07/07 19:45:05.0750 2204 iAimTV0 (d83bdd5c059667a2f647a6be5703a4d2) C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

2011/07/07 19:45:06.0093 2204 iAimTV1 (ed968d23354daa0d7c621580c012a1f6) C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

2011/07/07 19:45:06.0515 2204 iAimTV3 (d738273f218a224c1ddac04203f27a84) C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

2011/07/07 19:45:06.0812 2204 iAimTV4 (0052d118995cbab152daabe6106d1442) C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

2011/07/07 19:45:07.0109 2204 iAimTV5 (791cc45de6e50445be72e8ad6401ff45) C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

2011/07/07 19:45:07.0546 2204 iAimTV6 (352fa0e98bc461ce1ce5d41f64db558d) C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

2011/07/07 19:45:07.0859 2204 ialm (9a883c3c4d91292c0d09de7c728e781c) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/07 19:45:08.0328 2204 IFXTPM (2cdf483f8fc2bf3f7b93e3bdd734cfbd) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

2011/07/07 19:45:08.0656 2204 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/07 19:45:09.0453 2204 IntcAzAudAddService (6d6b57808c923a4d79cc8f47307753c9) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/07/07 19:45:09.0750 2204 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/07 19:45:10.0031 2204 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/07 19:45:10.0296 2204 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2011/07/07 19:45:10.0625 2204 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/07 19:45:10.0984 2204 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/07 19:45:11.0500 2204 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/07 19:45:11.0906 2204 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/07 19:45:12.0265 2204 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/07 19:45:12.0562 2204 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/07 19:45:13.0390 2204 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/07 19:45:13.0750 2204 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/07 19:45:14.0015 2204 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/07 19:45:14.0609 2204 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys

2011/07/07 19:45:14.0890 2204 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/07 19:45:15.0234 2204 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/07 19:45:15.0609 2204 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/07 19:45:15.0890 2204 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/07 19:45:16.0171 2204 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/07 19:45:16.0656 2204 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/07 19:45:17.0109 2204 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/07 19:45:17.0437 2204 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/07 19:45:17.0718 2204 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/07 19:45:18.0046 2204 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/07 19:45:18.0312 2204 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/07 19:45:18.0625 2204 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/07 19:45:18.0906 2204 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys

2011/07/07 19:45:19.0171 2204 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/07 19:45:19.0500 2204 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2011/07/07 19:45:19.0984 2204 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110707.003\naveng.sys

2011/07/07 19:45:20.0078 2204 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110707.003\navex15.sys

2011/07/07 19:45:20.0359 2204 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/07 19:45:20.0843 2204 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2011/07/07 19:45:21.0125 2204 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/07 19:45:21.0500 2204 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/07 19:45:21.0796 2204 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/07 19:45:22.0093 2204 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/07 19:45:22.0390 2204 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/07 19:45:22.0703 2204 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/07 19:45:23.0000 2204 NetwareWorkstation (927c58b8dcf8e058459325a8b03ccd96) C:\WINDOWS\system32\NetWare\nwfs.sys

2011/07/07 19:45:23.0250 2204 NICM (a44f0bcf8abdba07b49b12712deeed9c) C:\WINDOWS\system32\drivers\nicm.sys

2011/07/07 19:45:23.0578 2204 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/07 19:45:23.0890 2204 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/07 19:45:24.0234 2204 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/07 19:45:24.0546 2204 NWDHCP (2cd673a16887a31533ab4f2eafffa69e) C:\WINDOWS\system32\NetWare\nwdhcp.sys

2011/07/07 19:45:24.0812 2204 NWDNS (235f7f351f34588620f82ccc4a88b8a9) C:\WINDOWS\system32\NetWare\nwdns.sys

2011/07/07 19:45:25.0046 2204 NWFILTER (7bbf493e2b4979312fa5b350fcf5a4c4) C:\WINDOWS\system32\NetWare\nwfilter.sys

2011/07/07 19:45:25.0593 2204 NWHOST (baa75acf404bebce7065663664a7c3e4) C:\WINDOWS\system32\NetWare\NWHOST.sys

2011/07/07 19:45:25.0890 2204 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/07 19:45:26.0781 2204 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/07 19:45:27.0734 2204 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys

2011/07/07 19:45:28.0265 2204 NWSIPX32 (0c19ea7bf54f23ef37d8a14c61f64891) C:\WINDOWS\system32\NetWare\nwsipx32.sys

2011/07/07 19:45:28.0718 2204 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys

2011/07/07 19:45:29.0015 2204 NWSNS (172308996609da67e99c87fa784df8bc) C:\WINDOWS\system32\NetWare\NWSNS.sys

2011/07/07 19:45:29.0734 2204 P3 (3e16eff2a6fed2d8d7f5a66dfe65d183) C:\WINDOWS\system32\DRIVERS\p3.sys

2011/07/07 19:45:30.0046 2204 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/07 19:45:30.0437 2204 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/07 19:45:30.0718 2204 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/07 19:45:30.0968 2204 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/07 19:45:31.0984 2204 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/07 19:45:32.0343 2204 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/07 19:45:34.0093 2204 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/07 19:45:34.0359 2204 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys

2011/07/07 19:45:34.0625 2204 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/07 19:45:34.0953 2204 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/07 19:45:37.0109 2204 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/07 19:45:37.0421 2204 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/07 19:45:37.0671 2204 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/07 19:45:38.0031 2204 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/07 19:45:38.0500 2204 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/07 19:45:38.0765 2204 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/07 19:45:39.0031 2204 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/07 19:45:39.0359 2204 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/07 19:45:39.0703 2204 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/07 19:45:40.0015 2204 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys

2011/07/07 19:45:40.0671 2204 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys

2011/07/07 19:45:40.0953 2204 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys

2011/07/07 19:45:41.0140 2204 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys

2011/07/07 19:45:41.0265 2204 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys

2011/07/07 19:45:41.0578 2204 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/07 19:45:41.0875 2204 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/07 19:45:42.0218 2204 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/07 19:45:42.0812 2204 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/07 19:45:43.0968 2204 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2011/07/07 19:45:45.0250 2204 SPBBCDrv (ef9760a364d836a0ce6149ebdf71524d) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

2011/07/07 19:45:45.0921 2204 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/07 19:45:47.0078 2204 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/07 19:45:48.0046 2204 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/07 19:45:49.0390 2204 SRVLOC (92a0fe75514b41d811f8876aa739868e) C:\WINDOWS\system32\NetWare\srvloc.sys

2011/07/07 19:45:49.0953 2204 ssadbus (406776fe3c2b66796bac1a7afb9ac8a1) C:\WINDOWS\system32\DRIVERS\ssadbus.sys

2011/07/07 19:45:50.0984 2204 ssadmdfl (b19532d015a5d295e2aa34bb521202cf) C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

2011/07/07 19:45:51.0875 2204 ssadmdm (2aebf9108e6f435458b9499c27394da4) C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

2011/07/07 19:45:53.0296 2204 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys

2011/07/07 19:45:54.0062 2204 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

2011/07/07 19:45:55.0000 2204 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

2011/07/07 19:45:57.0078 2204 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2011/07/07 19:45:57.0765 2204 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/07 19:45:58.0765 2204 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/07 19:45:59.0781 2204 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/07 19:46:01.0187 2204 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/07 19:46:01.0812 2204 SymEvent (49b20b430a4f219173f823536944474a) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2011/07/07 19:46:02.0328 2204 Symmpi (f2b7e8416f508368ac6730e2ae1c614f) C:\WINDOWS\system32\DRIVERS\symmpi.sys

2011/07/07 19:46:02.0937 2204 SYMREDRV (626f733be7f951116c5c0804b068666c) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

2011/07/07 19:46:03.0562 2204 SYMTDI (cb7cc4ddbe09e224d4cd876760ba982c) C:\WINDOWS\System32\Drivers\SYMTDI.SYS

2011/07/07 19:46:04.0000 2204 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/07 19:46:04.0875 2204 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/07 19:46:05.0656 2204 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/07 19:46:06.0406 2204 Tcpip (744e57c99232201ae98c49168b918f48) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/07 19:46:07.0328 2204 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/07 19:46:07.0828 2204 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/07 19:46:08.0812 2204 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/07 19:46:09.0968 2204 UDFReadr (e3f66ac25ac2a0b7fda19df4651def82) C:\WINDOWS\system32\drivers\UDFReadr.sys

2011/07/07 19:46:10.0953 2204 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/07 19:46:12.0156 2204 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys

2011/07/07 19:46:12.0937 2204 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/07 19:46:13.0687 2204 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/07 19:46:14.0125 2204 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/07 19:46:15.0453 2204 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/07 19:46:16.0453 2204 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/07 19:46:17.0125 2204 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/07 19:46:17.0953 2204 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/07 19:46:18.0531 2204 VF0350Afx (e8532ccc886588219bceb3ea6f9f5339) C:\WINDOWS\system32\Drivers\V0350Afx.sys

2011/07/07 19:46:19.0296 2204 VF0350Vfx (86326062a90494bdd79ce383511d7d69) C:\WINDOWS\system32\DRIVERS\V0350VFx.sys

2011/07/07 19:46:19.0953 2204 VF0350Vid (0bfd58f9ad1e953f475526e12b81a85a) C:\WINDOWS\system32\DRIVERS\V0350Vid.sys

2011/07/07 19:46:20.0687 2204 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys

2011/07/07 19:46:21.0390 2204 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/07 19:46:21.0921 2204 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/07 19:46:22.0484 2204 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/07 19:46:23.0343 2204 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/07/07 19:46:24.0421 2204 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/07 19:46:25.0062 2204 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

2011/07/07 19:46:25.0734 2204 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2011/07/07 19:46:26.0265 2204 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/07 19:46:26.0859 2204 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/07 19:46:26.0953 2204 MBR (0x1B8) (2a38a2f9deea228d8e1783700ed15448) \Device\Harddisk0\DR0

2011/07/07 19:46:26.0953 2204 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/07 19:46:26.0953 2204 Boot (0x1200) (b1681f4205fba2e7c3cf6c8e06d55a1c) \Device\Harddisk0\DR0\Partition0

2011/07/07 19:46:26.0968 2204 ================================================================================

2011/07/07 19:46:26.0968 2204 Scan finished

2011/07/07 19:46:26.0968 2204 ================================================================================

2011/07/07 19:46:26.0984 3420 Detected object count: 1

2011/07/07 19:46:26.0984 3420 Actual detected object count: 1

2011/07/07 19:46:51.0500 3420 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/07 19:46:51.0500 3420 \Device\Harddisk0\DR0 - ok

2011/07/07 19:46:51.0500 3420 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/07 19:47:06.0531 2764 Deinitialize success

I ran the combofix and while it was running it restarted my computer. My computer has several programs installed that run when it is started. While I was worried that this might effect combofix (which continued to run after the restart), all seemed to go smoothly.

Combofix log:

ComboFix 11-07-07.05 - TPLGuest 07/07/2011 20:05:32.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1088 [GMT -6:00]

Running from: c:\documents and settings\TPLGuest\Desktop\ComboFix.exe

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\Tarma Installer

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\documents and settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

c:\documents and settings\TPLGuest\Application Data\19ridof.log

c:\documents and settings\TPLGuest\Application Data\Adobe\plugs

c:\documents and settings\TPLGuest\Application Data\Adobe\shed

c:\documents and settings\TPLGuest\g2mdlhlpx.exe

c:\program files\whitesmoketoolbar\vmNTemplatex.dll

c:\windows\system32\gotomon.log

c:\windows\system32\spool\prtprocs\w32x86\GoToPrintProcessor.dll

c:\windows\ujujubijameh.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_6TO4

-------\Legacy_ITLPERF

-------\Legacy_MOUSEDRIVER

-------\Service_6to4

-------\Service_itlperf

.

.

((((((((((((((((((((((((( Files Created from 2011-06-08 to 2011-07-08 )))))))))))))))))))))))))))))))

.

.

2011-07-08 01:49 . 2011-07-08 01:49 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}

2011-07-08 01:25 . 2011-07-08 01:25 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}

2011-07-07 23:01 . 2011-07-07 23:01 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}

2011-07-07 04:06 . 2011-07-07 04:06 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}

2011-07-06 20:05 . 2011-07-06 20:05 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}

2011-07-06 15:46 . 2011-07-06 15:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-07-06 15:46 . 2011-07-06 15:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-07-06 15:09 . 2011-07-06 15:09 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}

2011-07-06 14:21 . 2011-07-06 14:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-07-06 12:59 . 2011-07-06 12:59 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}

2011-07-06 06:43 . 2011-07-06 06:43 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}

2011-07-01 19:01 . 2011-07-01 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-29 03:20 . 2011-06-29 03:20 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}

2011-06-28 04:58 . 2011-06-28 04:58 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}

2011-06-28 02:33 . 2011-06-28 02:33 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}

2011-06-27 04:56 . 2011-06-27 04:56 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}

2011-06-25 16:12 . 2011-06-25 16:12 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}

2011-06-25 15:28 . 2011-06-25 15:28 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}

2011-06-25 03:37 . 2011-06-25 03:37 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}

2011-06-25 00:21 . 2011-06-25 00:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-06-25 00:07 . 2011-06-25 00:07 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}

2011-06-24 21:08 . 2011-06-24 21:08 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}

2011-06-24 18:42 . 2011-06-24 18:42 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}

2011-06-24 12:51 . 2011-06-24 12:51 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}

2011-06-24 04:39 . 2011-06-24 04:39 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}

2011-06-23 23:01 . 2011-06-23 23:01 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}

2011-06-23 18:34 . 2011-06-23 18:34 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}

2011-06-23 17:27 . 2011-06-23 17:27 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}

2011-06-22 01:02 . 2011-06-22 01:02 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}

2011-06-21 02:55 . 2011-06-21 02:55 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}

2011-06-17 18:59 . 2011-06-17 18:59 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}

2011-06-17 14:23 . 2011-06-17 14:23 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}

2011-06-17 04:39 . 2011-06-17 04:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-06-17 04:01 . 2011-06-17 04:01 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}

2011-06-16 01:47 . 2011-06-16 01:47 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}

2011-06-15 19:32 . 2011-06-15 19:32 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}

2011-06-15 16:03 . 2011-06-15 16:03 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-06-15 15:14 . 2011-06-15 15:15 -------- d-----w- c:\program files\QuickTime

2011-06-15 14:54 . 2011-06-15 14:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-15 14:46 . 2011-06-15 14:46 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\Secunia PSI

2011-06-15 14:46 . 2011-06-15 14:46 -------- d-----w- c:\program files\Secunia

2011-06-15 13:37 . 2011-06-15 13:37 -------- d-----w- c:\documents and settings\TPLGuest\Application Data\whitesmoketoolbar

2011-06-15 13:37 . 2011-06-15 13:37 -------- d-----w- c:\documents and settings\TPLGuest\Application Data\vmntemplate

2011-06-15 13:37 . 2011-06-15 13:37 -------- d-----w- c:\documents and settings\LocalService\Application Data\whitesmoketoolbar

2011-06-15 13:37 . 2011-07-08 02:09 -------- d-----w- c:\program files\whitesmoketoolbar

2011-06-15 13:23 . 2011-06-15 13:23 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}

2011-06-15 08:38 . 2011-06-15 08:38 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}

2011-06-15 06:04 . 2011-06-15 06:04 -------- d-----w- c:\documents and settings\TPLGuest\Application Data\Malwarebytes

2011-06-15 06:04 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-15 06:04 . 2011-06-15 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-15 06:04 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-15 06:04 . 2011-06-15 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-15 06:02 . 2011-06-15 06:02 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}

2011-06-15 05:56 . 2011-06-15 05:56 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}

2011-06-15 05:12 . 2011-06-17 20:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-06-15 05:12 . 2011-06-15 05:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-06-15 04:25 . 2011-06-15 04:25 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}

2011-06-15 04:10 . 2011-06-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-08 02:16 . 2008-01-28 23:05 12000 ----a-w- c:\windows\system32\drivers\CDProbe.SYS

2011-06-15 15:26 . 2010-08-10 05:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-15 15:26 . 2007-07-16 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-24 39816]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 39408]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CleanIt"="c:\program files\CleanIt\cleanit.exe" [2001-08-13 61440]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-12 16267776]

"NDPS"="c:\windows\system32\dpmw32.exe" [2006-08-09 32859]

"NWTRAY"="NWTRAY.EXE" [2006-08-09 28672]

"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2007-11-09 233472]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-19 98304]

"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-6-2 77824]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 01000000

"NoRecentDocsNetHood"= 01000000

"NoSMMyDocs"= 01000000

"NoSMMyPictures"= 01000000

"NoNetworkConnections"= 01000000

"NoStrCmpLogical"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AllAlertsDisabled"=dword:00000001

"TermService"=dword:00000001

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Novell\\GroupWise\\ADDRBOOK.EXE"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Novell\\GroupWise\\grpwise.exe"=

"c:\\Novell\\GroupWise\\notify.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 12:44 AM 993848]

R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [1/28/2008 5:05 PM 12000]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 4:43 PM 105592]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]

R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [3/1/2009 11:42 AM 142656]

R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [3/1/2009 11:41 AM 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [3/1/2009 11:41 AM 170368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c99b98886fb008;Google Update Service (gupdate1c99b98886fb008);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 6:39 PM 133104]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2/10/2011 2:19 AM 30312]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 6:39 PM 133104]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/25/2006 6:26 PM 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/15/2011 12:04 AM 22712]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/10/2011 2:19 AM 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/10/2011 2:19 AM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/10/2011 2:19 AM 121576]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/15/2011 12:04 AM 366640]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WUAUSERV

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-08 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 02:50]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:39]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: facebook.com\upload

Trusted Zone: facebook.com\www

Trusted Zone: geocortex.com\resources

Trusted Zone: geocortex.net\redtail.tpl

Trusted Zone: ipkey.com\ssl

Trusted Zone: montereybayaquarium.org\www

Trusted Zone: parkscore.org

Trusted Zone: philzone.com\www

Trusted Zone: santafeopera.org\c1047

Trusted Zone: tpl.org

Trusted Zone: tplgis.org

Trusted Zone: umn.edu\dgisuserv01.uservices

Trusted Zone: united.com\travel

Trusted Zone: united.com\www

Trusted Zone: usaa.com\www

Trusted Zone: wunderground.com\stationdata

Trusted Zone: wunderground.com\www

Trusted Zone: tpl.org

TCP: DhcpNameServer = 192.168.10.1

DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - hxxp://24.227.71.42:1024/img/NetCamPlayerWeb.ocx

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://ssl.ipkey.com/MLWebCacheCleaner.cab

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\PageRage\YontooIEClient.dll

HKLM-Run-Njicerulaze - c:\windows\ujujubijameh.dll

Notify-itlntfy - itlnfw32.dll

SafeBoot-WebrootSpySweeperService

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{889DF~1\Setup.exe

AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe

AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-07 20:18

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3452)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\centenn.ial\AUDIT\cagent32.exe

c:\centenn.ial\AUDIT\xferwan.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\NWTRAY.EXE

c:\windows\system32\rundll32.exe

c:\program files\Skype\Phone\Skype.exe

c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe

c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe

c:\program files\Citrix\ICA Client\PNAMAIN.EXE

c:\program files\Citrix\ICA Client\WFCRUN32.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2011-07-07 20:24:20 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-08 02:24

.

Pre-Run: 2,143,686,656 bytes free

Post-Run: 2,755,670,016 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 2CF01C23D1E97FA3ABCBD8D9D4B7FFCA

And here is the security check Log:

Results of screen317's Security Check version 0.99.17

Windows XP Service Pack 2

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

Symantec AntiVirus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 26

Java 6 Update 3

Out of date Java installed!

Adobe Flash Player

````````````````````````````````

Process Check:

objlist.exe by Laurent

Symantec AntiVirus DefWatch.exe

Symantec AntiVirus SavRoam.exe

Symantec AntiVirus Rtvscan.exe

TPLGuest Desktop malware reply1\SecurityCheck.exe

``````````End of Log````````````

Once again I really appreciate your help.

Smitty

Link to post
Share on other sites

Please do the following ;):

Locate the following file (in bold):

C:\Windows\System32\Drivers\ITLPERF.sys

Once you have highlighted it, Right-Click and select Copy.

Then, save it to your Desktop.

Repeat the same procedure for the following file:

C:\Windows\System32\Drivers\MOUSEDRIVER.sys

C:\Windows\System32\Drivers\6to4.sys

Leaving the 3 copied files on your Desktop, please do the following:

----------

Please go to http://www.virustotal.com,

Click on Browse

Then, upload the following file(s) for review (in bold):

(these are the ones you've pasted to your Desktop)

ITLPERF.sys

MOUSEDRIVER.sys

6to4.sys

NOTE: You'll only be able to have one file scanned at a time.

Please include both online file scan results in your next reply ;).

==============================

Please download and install Revo Uninstaller (Freeware) from here. Then please run Revo Uninstaller and select whitesmoke Toolbar.

Please click Uninstall icon to uninstall the selected program.

2ev563d.gif

Please choose Advanced.

aubbd2.gif

Then click Next and follow the prompts.

Please click Select All (1.) and Delete (2.)

2hdphqf.gif

to delete all registry items, folders and files listed by Revo.

If asked to restart the computer, please do so immediately.

==============================

I see that you have a P2P (Peer-to-Peer) file sharing program installed (uTorrent). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

==============================

Please include all 3 online file scan reports, as well as if you were successful in removing the WhiteSmoke Toolbar in your next reply ;)

Link to post
Share on other sites

So Revo uninstaller said that it sucessfully removed the whitesmoke toolbar. :)

Concerning the P2P software - I had actually removed it because I had seen another post in which the OP wa told to remove it before they were helped. The primary / only reason I use it is to be able to download live music recordings of shows I have been to and or am interested in. I actually only go to a few sharing sites (for eg: bt.etree.org). I definitely understand that P2P is one of the leading causes of folks computer probs.

What are my next steps?

smitty

Link to post
Share on other sites

So Revo uninstaller said that it sucessfully removed the whitesmoke toolbar. :)

Glad to hear that! :)

Let's see if we can find those files ;):

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

    :filefind
    ITLPERF.sys
    MOUSEDRIVER.sys
    6to4.sys


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found at on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

No go with systemlook.

SystemLook 04.09.10 by jpshortstuff

Log created at 23:39 on 07/07/2011 by TPLGuest

Administrator - Elevation successful

========== filefind ==========

Searching for "ITLPERF.sys "

No files found.

Searching for "MOUSEDRIVER.sys "

No files found.

Searching for "6to4.sys"

No files found.

-= EOF =-

Link to post
Share on other sites

Please Launch Malwarebytes' Anti-Malware.

  • Please click Check for Updates to see if any updates are found. If so, please allow MBAM to download and install them.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a location you will remember.
  • Copy and Paste that log into your next reply.

Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK for either of the prompts and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so immediately.

Link to post
Share on other sites

No malicious software found.

SystemLook 04.09.10 by jpshortstuff

Log created at 23:39 on 07/07/2011 by TPLGuest

Administrator - Elevation successful

========== filefind ==========

Searching for "ITLPERF.sys "

No files found.

Searching for "MOUSEDRIVER.sys "

No files found.

Searching for "6to4.sys"

No files found.

-= EOF =-

Link to post
Share on other sites

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7031

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/8/2011 1:02:26 AM

mbam-log-2011-07-08 (01-02-26).txt

Scan type: Full scan (C:\|)

Objects scanned: 247042

Time elapsed: 1 hour(s), 1 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

D-Fred-

Sorry about the confusion. I was trying to talk my wife through posting the log and there were some mix ups. Here is the latest log using the most upto date DB for malwarebytes.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 7047

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

7/8/2011 8:29:04 AM

mbam-log-2011-07-08 (08-29-03).txt

Scan type: Full scan (C:\|)

Objects scanned: 248463

Time elapsed: 1 hour(s), 2 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Sorry about the confusion. I was trying to talk my wife through posting the log and there were some mix ups.

No worries, it happens :)

We have some more cleanup to do ;):

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Folder::

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}

c:\documents and settings\TPLGuest\Application Data\whitesmoketoolbar

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar

Driver::

MOUSEDRIVER

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now ;)

Link to post
Share on other sites

here is the log. When the script started, it said that combofix needed an update and downloaded the update.

ComboFix 11-07-08.03 - TPLGuest 07/08/2011 17:54:31.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1108 [GMT -6:00]

Running from: c:\documents and settings\TPLGuest\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\TPLGuest\Desktop\CFScript.txt

AV: Symantec AntiVirus Corporate Edition *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\dtx.ini

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\guid.dat

c:\documents and settings\LocalService\Application Data\whitesmoketoolbar\setupCfg.xml

c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{10A646F3-9019-4B16-87CD-10BB74465267}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{1F8E4187-9C5E-4A57-A3F1-EC021C0619B5}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{2FAC46F4-4BCC-4F64-A623-E9E3A50C341A}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{351D9D63-723B-4A5D-8EF4-5885C22C07D4}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3612359B-26A6-4F87-B499-8988C372746A}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{39FE54FA-8D82-4B9F-B7C5-54F0827F0DD7}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{3DBC7264-DAE2-4B89-8738-34D685D6D7E0}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{406A9476-AEE7-4A9E-921D-77C8C216B449}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{43C774E2-AFF5-4B22-A061-840EB4E0B54C}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{51E5C2EA-8037-4421-9BF8-88E018FBB361}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{600D4134-EB03-42A1-AFE4-C2CB6962B5CB}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{615DF874-2262-4536-B0E0-516AAFDDA224}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6245161E-2C41-4D59-80E7-3F4FEFA12616}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{62721289-3381-4F4A-8E55-4F8CE130363E}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{6DF57174-38F6-4FAF-B566-EEFE4E96E144}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{72746D0F-66C7-46EC-B043-13AE14C2A66A}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7A4FD7CF-E14B-4219-9FC5-6E0526D13E12}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7C14F13D-D840-4519-9200-A819DCA8F160}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{7DAA8AC4-FBED-4D33-8E34-3EA8A14BED0A}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{94AE5960-64DA-450A-90F8-47B3B7E9FC35}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{9F934399-84DC-4E7A-B436-AF462E6CF742}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{A9896DF7-2FDE-4187-B302-DA95EBF129DD}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AA28FB6E-4748-45DF-84F2-2F741695E882}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{AAD4A146-432A-4517-9B45-8A23DE794066}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B710F3D6-8A44-4295-9081-DF83767031EF}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{B9D7C463-41BF-48B7-BD61-AD05255FCFB2}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C1102FD4-5CCD-480E-B7D8-9598870150F0}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C6B96261-05CE-4D48-A890-C587E0164E04}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{C83637F8-5B9D-4CF4-A606-F0EB4BB9BA29}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D6CC4D94-280C-4B5F-9359-D0F31625203C}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{D8FB52F9-9157-4795-AC11-CCB37BA8E159}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{DC8A3974-5B6C-477E-8D2B-22C636CFB119}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E236DB29-70EC-4114-8BC5-1BF2A2EB64B4}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E2D288F3-F402-4802-A22E-18A0A398A6EB}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{E319E19C-5844-4810-8723-7F2EF81D0D84}\install.rdf

c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}

c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}\chrome.manifest

c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}\chrome\content\_cfg.js

c:\documents and settings\TPLGuest\Local Settings\Application Data\{F643DEEF-B2D8-45C6-9471-279AA88AA86E}\install.rdf

c:\windows\vb.ini

.

.

((((((((((((((((((((((((( Files Created from 2011-06-09 to 2011-07-09 )))))))))))))))))))))))))))))))

.

.

2011-07-08 03:57 . 2011-07-08 03:57 -------- d-----w- c:\program files\VS Revo Group

2011-07-06 15:46 . 2011-07-06 15:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple Computer

2011-07-06 15:46 . 2011-07-06 15:46 -------- d-----w- c:\documents and settings\LocalService\Application Data\Apple Computer

2011-07-06 14:21 . 2011-07-06 14:21 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2011-07-01 19:01 . 2011-07-01 19:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-25 00:21 . 2011-06-25 00:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Identities

2011-06-17 04:39 . 2011-06-17 04:39 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll

2011-06-15 15:15 . 2011-06-15 15:15 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll

2011-06-15 15:14 . 2011-06-15 15:15 -------- d-----w- c:\program files\QuickTime

2011-06-15 14:54 . 2011-06-15 14:54 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-15 14:46 . 2011-06-15 14:46 -------- d-----w- c:\documents and settings\TPLGuest\Local Settings\Application Data\Secunia PSI

2011-06-15 14:46 . 2011-06-15 14:46 -------- d-----w- c:\program files\Secunia

2011-06-15 13:37 . 2011-06-15 13:37 -------- d-----w- c:\documents and settings\TPLGuest\Application Data\vmntemplate

2011-06-15 06:04 . 2011-06-15 06:04 -------- d-----w- c:\documents and settings\TPLGuest\Application Data\Malwarebytes

2011-06-15 06:04 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-15 06:04 . 2011-06-15 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2011-06-15 06:04 . 2011-05-29 15:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-15 06:04 . 2011-06-15 16:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-15 05:12 . 2011-06-17 20:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-06-15 05:12 . 2011-06-15 05:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-06-15 04:10 . 2011-06-15 05:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-09 00:05 . 2008-01-28 23:05 12000 ----a-w- c:\windows\system32\drivers\CDProbe.SYS

2011-06-15 15:26 . 2010-08-10 05:39 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-06-15 15:26 . 2007-07-16 23:56 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr

.

.

((((((((((((((((((((((((((((( SnapShot@2011-07-08_02.18.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-09 00:04 . 2011-07-09 00:04 16384 c:\windows\temp\Perflib_Perfdata_18c.dat

- 2011-05-11 07:38 . 2011-05-11 07:38 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2011-07-08 09:01 . 2011-07-08 09:01 38240 c:\windows\Installer\{90120000-0020-0409-0000-0000000FF1CE}\O12ConvIcon.exe

+ 2010-05-27 01:30 . 2011-07-08 09:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

- 2010-05-27 01:30 . 2011-04-21 05:38 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll

+ 2008-01-30 20:26 . 2011-07-09 00:06 1984 c:\windows\system32\d3d9caps.dat

- 2008-01-30 20:26 . 2011-07-08 02:17 1984 c:\windows\system32\d3d9caps.dat

+ 2009-11-20 17:00 . 2011-07-09 00:04 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat

- 2009-11-20 17:00 . 2011-07-08 02:15 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat

+ 2011-04-29 18:28 . 2011-04-29 18:28 1995264 c:\windows\Installer\16134de.msp

+ 2011-04-29 18:33 . 2011-04-29 18:33 8173568 c:\windows\Installer\16134cc.msp

+ 2006-08-07 19:54 . 2011-07-08 09:01 47716296 c:\windows\system32\MRT.exe

+ 2011-07-08 09:00 . 2011-07-08 09:00 20333056 c:\windows\Installer\16134d7.msp

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"GoToMeeting"="c:\program files\Citrix\GoToMeeting\457\g2mstart.exe" [2010-07-24 39816]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-03 39408]

"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CleanIt"="c:\program files\CleanIt\cleanit.exe" [2001-08-13 61440]

"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-22 52840]

"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-15 125632]

"RTHDCPL"="RTHDCPL.EXE" [2006-10-12 16267776]

"NDPS"="c:\windows\system32\dpmw32.exe" [2006-08-09 32859]

"NWTRAY"="NWTRAY.EXE" [2006-08-09 28672]

"Discovery User Input"="c:\discovery\User Input\userin32.exe" [2007-11-09 233472]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]

"EPSON Stylus Photo RX620 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9HA.EXE" [2004-05-19 98304]

"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Online plug-in.lnk - c:\windows\Installer\{E5F3D1E9-006E-4435-85D6-483B66376655}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-6-2 77824]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"CompatibleRUPSecurity"= 1 (0x1)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoWinKeys"= 01000000

"NoRecentDocsNetHood"= 01000000

"NoSMMyDocs"= 01000000

"NoSMMyPictures"= 01000000

"NoNetworkConnections"= 01000000

"NoStrCmpLogical"= 01000000

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

"AllAlertsDisabled"=dword:00000001

"TermService"=dword:00000001

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Novell\\GroupWise\\ADDRBOOK.EXE"=

"c:\\WINDOWS\\system32\\dpmw32.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Novell\\GroupWise\\grpwise.exe"=

"c:\\Novell\\GroupWise\\notify.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

"AllowInboundTimestampRequest"= 1 (0x1)

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [10/5/2009 10:08 AM 65584]

R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 8:48 PM 116416]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 12:44 AM 993848]

R3 CdProbe;CdProbe;c:\windows\system32\drivers\CDProbe.SYS [1/28/2008 5:05 PM 12000]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/10/2011 4:43 PM 105592]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 2:30 AM 15544]

R3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [3/1/2009 11:42 AM 142656]

R3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [3/1/2009 11:41 AM 7424]

R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [3/1/2009 11:41 AM 170368]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]

S2 gupdate1c99b98886fb008;Google Update Service (gupdate1c99b98886fb008);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 6:39 PM 133104]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2/10/2011 2:19 AM 30312]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/2/2009 6:39 PM 133104]

S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/25/2006 6:26 PM 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/15/2011 12:04 AM 22712]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/10/2011 2:19 AM 96488]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/10/2011 2:19 AM 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/10/2011 2:19 AM 121576]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/15/2011 12:04 AM 366640]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - uphcleanhlp

.

Contents of the 'Scheduled Tasks' folder

.

2011-07-09 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-04 02:50]

.

2011-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:39]

.

2011-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-03 00:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = <local>

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

Trusted Zone: facebook.com\upload

Trusted Zone: facebook.com\www

Trusted Zone: geocortex.com\resources

Trusted Zone: geocortex.net\redtail.tpl

Trusted Zone: ipkey.com\ssl

Trusted Zone: montereybayaquarium.org\www

Trusted Zone: parkscore.org

Trusted Zone: philzone.com\www

Trusted Zone: santafeopera.org\c1047

Trusted Zone: tpl.org

Trusted Zone: tplgis.org

Trusted Zone: umn.edu\dgisuserv01.uservices

Trusted Zone: united.com\travel

Trusted Zone: united.com\www

Trusted Zone: usaa.com\www

Trusted Zone: wunderground.com\stationdata

Trusted Zone: wunderground.com\www

Trusted Zone: tpl.org

TCP: DhcpNameServer = 192.168.10.1

DPF: {1D9EFA3B-4E85-41A8-9092-14012CD447C9} - hxxp://24.227.71.42:1024/img/NetCamPlayerWeb.ocx

DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} - hxxps://ssl.ipkey.com/MLWebCacheCleaner.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-08 18:08

Windows 5.1.2600 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'explorer.exe'(3524)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Symantec Shared\ccSetMgr.exe

c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe

c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\centenn.ial\AUDIT\cagent32.exe

c:\centenn.ial\AUDIT\xferwan.exe

c:\program files\Symantec AntiVirus\DefWatch.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe

c:\program files\Symantec AntiVirus\Rtvscan.exe

c:\program files\UPHClean\uphclean.exe

c:\program files\Citrix\ICA Client\ssonsvr.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\NWTRAY.EXE

c:\program files\Skype\Phone\Skype.exe

c:\program files\Citrix\GoToMeeting\457\g2mcomm.exe

c:\program files\Citrix\GoToMeeting\457\g2mlauncher.exe

c:\program files\Citrix\ICA Client\PNAMAIN.EXE

c:\program files\Citrix\ICA Client\WFCRUN32.EXE

c:\program files\iPod\bin\iPodService.exe

c:\program files\Skype\Plugin Manager\skypePM.exe

.

**************************************************************************

.

Completion time: 2011-07-08 18:12:34 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-09 00:12

ComboFix2.txt 2011-07-08 02:24

.

Pre-Run: 2,690,539,520 bytes free

Post-Run: 2,699,485,184 bytes free

.

- - End Of File - - 924FF930E1A3EBD4FDD2861CDE4AA9DC

Link to post
Share on other sites

Looking good! Let's run some online scans to see if there's any traces left ;):

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

---------

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

---------

Please include both the ESET and BitDefender reports in your next reply ;)

Link to post
Share on other sites

Here is the EST Log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=170cd0fd1e11df4ebe982a23eae19f09

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-09 02:15:27

# local_time=2011-07-08 08:15:27 (-0700, Mountain Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 2

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=73538

# found=2

# cleaned=2

# scan_time=2423

C:\FascinateRoot_v02\rage.bin Android/Exploit.RageCage.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Here is BitDefender Log:

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Fri Jul 08 20:23:25 2011

Machine ID: 12124FEB

No infection found.

-------------------

Processes

---------

Centennial Discovery® 1876 C:\CENTENN.IAL\AUDIT\cagent32.exe

Centennial Discovery® 1896 C:\CENTENN.IAL\AUDIT\xferwan.exe

Citrix ICA Client 3836 C:\Program Files\Citrix\ICA Client\concentr.exe

Citrix ICA Client 2376 C:\Program Files\Citrix\ICA Client\pnamain.exe

Citrix ICA Client 3304 C:\Program Files\Citrix\ICA Client\ssonsvr.exe

Citrix ICA Client 2612 C:\Program Files\Citrix\ICA Client\wfcrun32.exe

Client and Host Security Platform 440 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

Client and Host Security Platform 1220 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

Client and Host Security Platform 1164 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

EPSON Status Monitor 3 2892 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE

GoToMeeting 392 C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

GoToMeeting 188 C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

GoToMeeting 3716 C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

HP PML 528 C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

Intel® Common User Interface 3440 C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface 3568 C:\WINDOWS\system32\igfxpers.exe

iTunes 3212 C:\Program Files\iPod\bin\iPodService.exe

iTunes 3808 C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE 6 U26 396 C:\Program Files\Java\jre6\bin\jqs.exe

Java Platform SE Auto Updater 2 0 3860 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Live! Cam Console Auto Launcher 2868 C:\WINDOWS\V0350Mon.exe

Microsoft® Windows® Operating System 3524 C:\WINDOWS\explorer.exe

Microsoft® Windows® Operating System 2164 C:\WINDOWS\system32\alg.exe

Microsoft® Windows® Operating System 556 C:\WINDOWS\system32\csrss.exe

Microsoft® Windows® Operating System 2124 C:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System 636 C:\WINDOWS\system32\lsass.exe

Microsoft® Windows® Operating System 624 C:\WINDOWS\system32\services.exe

Microsoft® Windows® Operating System 508 C:\WINDOWS\system32\smss.exe

Microsoft® Windows® Operating System 1396 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 792 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1496 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1112 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1808 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 1044 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 868 C:\WINDOWS\system32\svchost.exe

Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\winlogon.exe

NDPS RPM & Notification Listener 2024 C:\WINDOWS\system32\dpmw32.exe

Novell Client for Windows 3204 C:\WINDOWS\system32\nwtray.exe

Realtek HD Audio Sound Effect Manager 2876 C:\WINDOWS\RTHDCPL.exe

Secunia PSI Agent 1084 C:\Program Files\Secunia\PSI\psia.exe

Secunia PSI Tray 2328 C:\Program Files\Secunia\PSI\psi_tray.exe

Skype 3540 C:\Program Files\Skype\Phone\Skype.exe

Skype Extras Manager 4016 C:\Program Files\Skype\Plugin Manager\skypePM.exe

Skype Toolbars 212 C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

SPBBC 1324 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

Symantec AntiVirus 1952 C:\Program Files\Symantec AntiVirus\DefWatch.exe

Symantec AntiVirus 1544 C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Symantec AntiVirus 828 C:\PROGRA~1\SYMANT~1\VPTray.exe

Symantec SAVRoam 552 C:\Program Files\Symantec AntiVirus\SavRoam.exe

User Profile Hive Cleanup Service 1656 C:\Program Files\UPHClean\uphclean.exe

(verified) Apple Mobile Device Service 1852 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(verified) Google Update 320 C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Google Update 1916 C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier 3700 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft® Windows® Operating System 2812 C:\WINDOWS\system32\wuauclt.exe

(verified) Windows® Internet Explorer 3684 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 1724 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 2936 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process GoogleUpdate.exe (320) connected on port 80 (HTTP) --> 74.125.224.207

Process svchost.exe (936) connected on port 80 (HTTP) --> 74.125.166.216

Process Skype.exe (3540) connected on port 443 (HTTP over SSL) --> 67.149.20.27

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 74.125.224.197

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 204.2.160.42

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 66.235.142.2

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 204.2.160.42

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 204.2.160.241

Process iexplore.exe (3684) connected on port 80 (HTTP) --> 69.171.228.12

Process svchost.exe (868) listens on ports: 135 (RPC)

Process Rtvscan.exe (1544) listens on ports: 2967 (Symantec AV)

Process dpmw32.exe (2024) listens on ports: 3017

Process Skype.exe (3540) listens on ports: 80 (HTTP), 45433

Autoruns and critical files

---------------------------

Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

Centennial Discovery® C:\Discovery\User Input\userin32.exe

Citrix ICA Client C:\Program Files\Citrix\ICA Client\concentr.exe

CleanIt C:\Program Files\CleanIt\cleanit.exe

Client and Host Security Platform C:\Program Files\Common Files\Symantec Shared\ccApp.exe

EPSON Status Monitor 3 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE

GoToMeeting C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

Live! Cam Console Auto Launcher C:\WINDOWS\V0350Mon.exe

Microsoft Office 2000 C:\Program Files\Microsoft Office\Office\OSA9.EXE

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

NDPS RPM & Notification Listener C:\WINDOWS\system32\dpmw32.exe

Novell Client for Windows C:\WINDOWS\system32\nwtray.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.exe

Secunia PSI Tray C:\Program Files\Secunia\PSI\psi_tray.exe

Skype C:\Program Files\Skype\\Phone\Skype.exe

Symantec AntiVirus C:\Program Files\Symantec AntiVirus\VPTray.exe

Symantec AntiVirus C:\WINDOWS\system32\NavLogon.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.DLL

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

Akamai Download Manager ActiveX Control C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

Akamai Download Manager ActiveX Control C:\WINDOWS\Downloaded Program Files\Manager.exe

atcliun C:\WINDOWS\Downloaded Program Files\atcliun.exe

ATLCamImage Module C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx

AtMgr Module C:\WINDOWS\Downloaded Program Files\atmgr.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx

Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader55.ocx

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll

Java Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

Java Platform SE 6 U26 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

MLWebCacheCleaner Module C:\WINDOWS\Downloaded Program Files\MLWebCacheCleaner.DLL

NetCamPlayerWeb ActiveX Control Module C:\WINDOWS\Downloaded Program Files\NetCamPlayerWeb.ocx

Novell Client for Windows C:\WINDOWS\system32\netware\NWWS2NDS.DLL

Novell Client for Windows C:\WINDOWS\system32\netware\NWWS2SAP.DLL

Novell Client for Windows C:\WINDOWS\system32\netware\NWWS2SLP.DLL

Picasa C:\Program Files\Google\Picasa3\npPicasa3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

Skype Toolbars C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Software Manager C:\WINDOWS\Downloaded Program Files\isusweb.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\atgpcext.dll

WebEx Download Module C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

XTSAC ActiveX Control Module C:\WINDOWS\Downloaded Program Files\xTSAC.ocx

(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

Scan

----

MD5: 61315142259b4d68ac741110ed1e6a93 C:\CENTENN.IAL\AUDIT\cagent32.exe

MD5: 6022b3007dd48a7ed1ca7fdbe7537c26 C:\CENTENN.IAL\AUDIT\xferwan.exe

MD5: a5cb9cd961b2ba4dee18d55a76fb25d3 C:\Discovery\User Input\userin32.exe

MD5: c138177955f42c2c96d74ef7ae4ac738 C:\Documents and Settings\All Users\Application Data\Skype\Plugins\Plugins\F57B48ADF2224F088EDD1A2B9BAD84E8\Games\53F537B72987463CB06D78F5541A3239\skGamesUpdate.dll

MD5: d8152dd555441e438b1511994ad3415f C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

MD5: 686e674adc01db0a9679522c4eacf96a C:\Program Files\Citrix\GoToMeeting\457\g2m.dll

MD5: 43ad0e9020bb05923201a11577ef143d C:\Program Files\Citrix\GoToMeeting\457\g2mcomm.exe

MD5: 7872c15982d651fa025a9fbf7b92f725 C:\Program Files\Citrix\GoToMeeting\457\G2MIMessenger.dll

MD5: 43ad0e9020bb05923201a11577ef143d C:\Program Files\Citrix\GoToMeeting\457\g2mlauncher.exe

MD5: 287eac0c2cfa896adf7b9b0864997d83 C:\Program Files\Citrix\GoToMeeting\457\G2MOutlookAddin.dll

MD5: 01ed488dc414b6a70edeca05c1c8ae40 C:\Program Files\Citrix\GoToMeeting\457\G2MResource.dll

MD5: 43ad0e9020bb05923201a11577ef143d C:\Program Files\Citrix\GoToMeeting\457\g2mstart.exe

MD5: d7a2b18aab3f2819adf925e573aa7d0f C:\Program Files\Citrix\ICA Client\acrdlg.dll

MD5: f2dd35f4ddec004cdc16f625368383a3 C:\Program Files\Citrix\ICA Client\CCMProxy.dll

MD5: 333c3dd085b6d34e136e12f3a7074c0b C:\Program Files\Citrix\ICA Client\CCMSDK.dll

MD5: 13075d6ef3c74f0d6567a7ed8d755f3e C:\Program Files\Citrix\ICA Client\concentr.exe

MD5: f35c2ee114ab989c6a992b1232624cb8 C:\Program Files\Citrix\ICA Client\confmgr.dll

MD5: 267a3dd52fdc0c1d8f11711245e42e1a C:\Program Files\Citrix\ICA Client\CST.dll

MD5: 12b1f693549b2befc70b08ab5e1bc866 C:\Program Files\Citrix\ICA Client\ctxlogging.dll

MD5: 98704ce3af8c6377549525f70f1bc3c4 C:\Program Files\Citrix\ICA Client\ctxmui.dll

MD5: 860ce2d85382b89aa80a02eb21e7ceb5 C:\Program Files\Citrix\ICA Client\icafile.dll

MD5: c64335c729f01d45a39aa2ee9e169ef8 C:\Program Files\Citrix\ICA Client\pnamain.exe

MD5: 164663c916fa84e4834740dc7e12de67 C:\Program Files\Citrix\ICA Client\ProgressNotificationCommon.dll

MD5: e74e080c4837b8ed4c683e2de7c33d56 C:\Program Files\Citrix\ICA Client\resource\en\concenUI.DLL

MD5: 0a5571cd070ad88c1868ae7cd74b76a4 C:\Program Files\Citrix\ICA Client\resource\en\CSTUI.DLL

MD5: 3307c6a3c997d5d00db55e6ed7607594 C:\Program Files\Citrix\ICA Client\resource\en\ctxmuiUI.DLL

MD5: a91e1ed1b933ef6e8b318ba6165f92b1 C:\Program Files\Citrix\ICA Client\resource\en\pnamaiUI.dll

MD5: 93ee0bdd5b0616ab32a0d95ce0d8ebe0 C:\Program Files\Citrix\ICA Client\resource\en\ProgressNotificationCommonUI.dll

MD5: a0de17817bd4e08e72654cc08223efd8 C:\Program Files\Citrix\ICA Client\resource\en\statuiUI.DLL

MD5: 1065948fb36a5d563101d1271b92cc3f C:\Program Files\Citrix\ICA Client\resource\en\WFCRUNUI.DLL

MD5: 92b19ae73ca7d6a582889bb0b8821495 C:\Program Files\Citrix\ICA Client\ssonsvr.exe

MD5: 235f7bc3368d712fee8b2dcf13f24731 C:\Program Files\Citrix\ICA Client\statuin.dll

MD5: 497c55b1109c3378b3e0201bae17c0ef C:\Program Files\Citrix\ICA Client\wfcrun32.exe

MD5: cbae10843147b67e4fb17319afe836f8 C:\Program Files\Citrix\ICA Client\WFCWINN.dll

MD5: 5c72edfb23bbeeb4e3b5422d2d8b0eec C:\Program Files\CleanIt\cleanit.exe

MD5: 48345bd51975e9883dd2da45d7d1b294 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: 56ff2d47d9f0e776431b40e4f76a4a68 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 7caac9543318a1ee9056859f073a00da C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 6c74d73032bd60694ccf485a6dfcdbd3 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: 3808dd8f3b80549c140d22147441b1fb C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 12562870da441564f4cf80ccbea646fe C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: f64a630c746dcefb640fe724f911d317 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 87305fef54f6787331812deec2620b70 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe

MD5: 8ee77a87d72bd9f9bbf6d1741cd79eeb C:\Program Files\Common Files\Lanovation\PrismXL\PRISMXL.SYS

MD5: ef773f873f64a3ddced9f2dbd40cba6e C:\Program Files\Common Files\Symantec Shared\ccAlert.dll

MD5: ae0f500ea5e01afef0bb9051969804b2 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

MD5: ea8670a06cd1efd512884c3283deac2e C:\Program Files\Common Files\Symantec Shared\ccDec.dll

MD5: 180f0dc022fd27f5ef8aa179a3e334a5 C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll

MD5: 04945313bc60488e0c14ad1167160659 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

MD5: 9885dcb7f5fb550d9822b485a18e6ad7 C:\Program Files\Common Files\Symantec Shared\ccL40.dll

MD5: 29c9d9b10aef1d3bf64cf0f3be458d2e C:\Program Files\Common Files\Symantec Shared\ccProSub.dll

MD5: f47d1f3b41c00f4acf0a350dea30236f C:\Program Files\Common Files\Symantec Shared\ccScan.dll

MD5: 30390fdef803eb3c87ec8a9b8e191519 C:\Program Files\Common Files\Symantec Shared\ccSet.dll

MD5: 84f572454b354d3d7e2d1f9e65a3df11 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll

MD5: 2203161ec24c210d51db69c604f4a504 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

MD5: 9617743fa5d8770414858bbd58673095 C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll

MD5: 545446ba4583b471739affe9625f7d39 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll

MD5: dcfd4b0b4654f6a070873c8c75a458df C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll

MD5: a0e10b03c91da932c85875e0587f30c7 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll

MD5: 33b3051f2a2bef1474dcbd8879f62aab C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll

MD5: e58c5c07812e99ffce7a9a88495c39ca C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll

MD5: b1c720d4d4fe004625808915f8d85377 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll

MD5: aadaf917cb38a78cfadbed3855ec00a3 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll

MD5: ec9759527c5cf7737cee852f02e7b44f C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll

MD5: c39654b3bffabc6b60d1be622c2df891 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll

MD5: b2fff046e2fcbf005235840a056a3560 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll

MD5: d044057f830e44f2761eb6ead555d6f3 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll

MD5: 22439d1a72ed0293cd4ed6c4d8b0d7fd C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll

MD5: 0acc49e7fe0ebf8d0886b6e435f51e45 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll

MD5: 175a9c7f4695c289a719ebe73dace28d C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll

MD5: 6cf6e9a539cbb5d855ffa7c5b057b4a2 C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll

MD5: ab2f99fc684eeb007cf048666c4cd7d8 C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll

MD5: bf4d6c3965216739da4d8b162a87d4a1 C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL

MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: a16722715d3206ab7e1a6463ce0b747e C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

MD5: 81ddefd9384fb19a89ff580ce2c9af2b C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll

MD5: ef9760a364d836a0ce6149ebdf71524d C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

MD5: e8ca507335c5aa7be0a05b11a3a3d625 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll

MD5: 0a6bcab3bb4ad9d25e833fb3f840cae0 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

MD5: 73cdc02c00d576a6cb076a07e8879b82 c:\program files\common files\symantec shared\ssc\ScsComms.dll

MD5: d15b1116878b1b46a7ff120357710e7c C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll

MD5: 99af34f5c84a1d38d55a0baa51eef59a C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

MD5: be7e2883db31917705b6da9bf8c5d97d C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110708.001\CCERASER.DLL

MD5: db7d1a51056505da83fb9fa26b0eb8ef C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110708.001\ECMSVR32.DLL

MD5: b2d872bcc254f3751d8ba12c2c544d12 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110708.001\NAVENG32.DLL

MD5: 420fbd8528978c83ec381904d2612046 C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110708.001\NAVEX32A.DLL

MD5: df48a64d6d562934569d1530fbdd6e59 C:\Program Files\Common Files\System\wab32.dll

MD5: efbbd69c13aa55b9d32a9bff2186e838 C:\Program Files\Common Files\System\wab32res.dll

MD5: 27ee63046e4a98f15624f9b09a9c8788 C:\Program Files\FileZilla FTP Client\fzshellext.dll

MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: f67a9f35ab9414f06fae3cc0361ce82e C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_2F821985C9445066.dll

MD5: dd1d6ab37ccd88b5bf5cddf9fdb8ac7a C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll

MD5: 21fcfc6fff22de67d60b475f74538163 C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll

MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll

MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll

MD5: 45d7f2fabdfd500e3c35dc068b552544 C:\Program Files\Google\Picasa3\npPicasa3.dll

MD5: 070d588ceeb2f486a949a9b0895fc7b7 C:\Program Files\Google\Update\1.3.21.57\goopdate.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: 73b631cd71747217c15dad197ba02f60 C:\Program Files\Google\Update\1.3.21.57\psmachine.dll

MD5: ad7125bc367bdc060729984ec2e5377a C:\Program Files\Internet Explorer\ieproxy.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: bb0ee0c172e3d626263299ef1832fd40 C:\Program Files\Internet Explorer\xpshims.dll

MD5: d631aa342bc7a1d594dd86d006604e07 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 0dfe1995b5b20143206a9a7dd455ac2e C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: 68a553bdfa855c4f1074696682fcdeb6 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 50083450c9ac100ad0ffcc0862120dd1 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files\Java\jre6\bin\jp2ssv.dll

MD5: 9dba73c2f1e76ec4cb837e67c5743596 C:\Program Files\Java\jre6\bin\jqs.exe

MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

MD5: 2c003d049cd5e45bb88b6f8583561035 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

MD5: 1365bb2a78db638870337422b54ddbac C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: ec60491a5ff57700f10fe0403f7dcad4 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

MD5: 74e6e96c6f0e2eca4edbb7f7a468f259 C:\Program Files\Messenger\msmsgs.exe

MD5: 9b8fda60acf4812124b9e04270645379 C:\Program Files\Microsoft Office\Office\OSA9.EXE

MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe

MD5: 8e6c1915eddd719c4bfe99eccd7216a7 C:\Program Files\Secunia\PSI\psi_tray.exe

MD5: 2d0599dd0124764fc939c59985c860de C:\Program Files\Secunia\PSI\psia.exe

MD5: f063ba8d99b2d42e4e18393f67c20797 C:\Program Files\Skype\Toolbars\Shared\NameParserComponent2.dll

MD5: df2737d5190be416306408c55cbb6c12 C:\Program Files\Symantec AntiVirus\Cliproxy.dll

MD5: 383047f10315dda64069061dbe76e705 C:\Program Files\Symantec AntiVirus\DefUtDCD.dll

MD5: 9709d3d9e592d3217353f3fafe29faa3 C:\Program Files\Symantec AntiVirus\DefWatch.exe

MD5: dece4bcb913effe06ad7ed9b81009aea C:\Program Files\Symantec AntiVirus\I2ldvp3.dll

MD5: 77edda1025d63ffac011d44e58903be4 C:\Program Files\Symantec AntiVirus\IMail.dll

MD5: 3b79ee1e931136361b7027df12445907 C:\Program Files\Symantec AntiVirus\NAVLU.dll

MD5: 67ce32e7d0cb24b74f65ad3db96c1db6 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL

MD5: 0023cc5610b9c48cf68571dee4c686fc C:\Program Files\Symantec AntiVirus\Rtvscan.exe

MD5: 213de5c1e80fd0fe13abd0bae60af029 C:\Program Files\Symantec AntiVirus\SavEmail.dll

MD5: 5387eae86fb5f6b72052f5273bdd3e86 C:\Program Files\Symantec AntiVirus\SavRoam.exe

MD5: 12b6e269ef8ac8ea36122544c8a1b6d8 C:\Program Files\Symantec AntiVirus\savrt.sys

MD5: e8d8d57b398825bdea011c5be81afe5a C:\Program Files\Symantec AntiVirus\SAVRT32.DLL

MD5: 97e5b6f3f95465e1f59360b59d8ec64e C:\Program Files\Symantec AntiVirus\Savrtpel.sys

MD5: 7e3121f21e64bc9cf12435d8546aec15 C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll

MD5: 4279e452e99a4f044ce37f03d57fa612 C:\Program Files\Symantec AntiVirus\VPTray.exe

MD5: 3f9a3232e5f942874488981f3242c989 C:\Program Files\UPHClean\uphclean.exe

MD5: f48bc749da57bd827aafa3fbca7acd66 C:\Program Files\WinZip\WZSHLSTB.DLL

MD5: 920d9701bba90dbb7ccfd3536ea4d6f9 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110708.001\naveng.sys

MD5: 31b1a9b53c3319b97f7874347cd992d2 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110708.001\navex15.sys

MD5: fb3a35318ca7f6a10fa3c3826a69affe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

MD5: 4279e452e99a4f044ce37f03d57fa612 C:\PROGRA~1\SYMANT~1\VPTray.exe

MD5: fb537f29a827d78f756154cf397a113f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: c41203e76f7f4cfd5a81966ba3c129ba C:\WINDOWS\AppPatch\AcLayers.DLL

MD5: 123e9fe2fce131e9ef172d7bc0724e6f C:\WINDOWS\Downloaded Program Files\atcliun.exe

MD5: af1d847dfc0287573e853d919c11e0db C:\WINDOWS\Downloaded Program Files\atgpcdec.dll

MD5: 72d62c535550728b5f99e837d53bc2c4 C:\WINDOWS\Downloaded Program Files\atgpcext.dll

MD5: 2e5c464b6f4b544a65eb6e0c265ae83e C:\WINDOWS\Downloaded Program Files\atmgr.exe

MD5: 797d3e4250f49846deb64f42df23e1d8 C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx

MD5: 1699f5fb619b69aac989dd68a3cf989c C:\WINDOWS\Downloaded Program Files\DownloadManagerV2.ocx

MD5: 01e2eca759056f23c73a035fdabb2d6d C:\WINDOWS\Downloaded Program Files\dwusplay.exe

MD5: cd6a2096ea1ec09e8bfaf154faaff881 C:\WINDOWS\Downloaded Program Files\ieatgpc.dll

MD5: d2d7620df69eb31f940df65e0fe527d2 C:\WINDOWS\Downloaded Program Files\Manager.exe

MD5: bfbf09cc0fd82abcfd534c875e42a90e C:\WINDOWS\Downloaded Program Files\MLWebCacheCleaner.DLL

MD5: dcf814aa35a9bcf01fb702471e837138 C:\WINDOWS\Downloaded Program Files\NetCamPlayerWeb.ocx

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 4bedc532aac0b82a273f649fa05b03a5 C:\WINDOWS\Downloaded Program Files\xTSAC.ocx

MD5: 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe

MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: cebed017c4965fc4407ccd986ae0a528 C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

MD5: 3b21ca4f5dc3e0f4749507d65a0fe574 C:\WINDOWS\RTHDCPL.exe

MD5: 875d770f477e0ae0088be1810d537b23 C:\WINDOWS\system32\ACTIVEDS.dll

MD5: 13510490bea0997db625daa0178cbfca C:\WINDOWS\system32\actxprxy.dll

MD5: e8e57b0f9eb03d1aabec28d550c75116 C:\WINDOWS\system32\ADVAPI32.dll

MD5: f1958fbf86d5c004cf19a5951a9514b7 C:\WINDOWS\system32\alg.exe

MD5: eca24ab73fcffa754d4070cdb03529e3 C:\WINDOWS\system32\Apphelp.dll

MD5: 9c3c12975c97119412802b181fbeeffe C:\WINDOWS\System32\appmgmts.dll

MD5: 7eedfddc9de2f088bd159ddc8180a813 C:\WINDOWS\system32\AUTHZ.dll

MD5: e3cfccdda4edd1d0dc9168b2e18f27b8 c:\windows\system32\browser.dll

MD5: b99ff349bf53bd91fbddcd6b1ede8980 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 08f0190ae201ec331b4ca3b0fa2d2cce C:\WINDOWS\System32\Cabinet.dll

MD5: 61a68bd36f37e9f589308303db1e25f5 C:\WINDOWS\system32\CALWIN32.DLL

MD5: 3c946e1943ca16f6cc95463c2840305e C:\WINDOWS\system32\CBA.DLL

MD5: ad44c5bc21213f394f6afcb55cc39293 c:\windows\system32\certcli.dll

MD5: 0fcb11b39af688035e1cde754684ee5c c:\windows\system32\CFGMGR32.dll

MD5: ec8a848fc4f17f3b3d9da4a0c43fb930 C:\WINDOWS\system32\CLBCATQ.DLL

MD5: 5135e9cac4e66abcb81445de4d65aee5 C:\WINDOWS\system32\CLNWIN32.DLL

MD5: 98c1ff6676e02d43da208802286a6ee7 C:\WINDOWS\System32\CLUSAPI.DLL

MD5: 540bd070657e80f0dd8616d3cb681520 C:\WINDOWS\system32\CLXWIN32.DLL

MD5: 69d7630b2b64c48121adee09e73e339f C:\WINDOWS\system32\colbact.DLL

MD5: b0124cb21d28b1c9f678b566b6b57d92 C:\WINDOWS\system32\comctl32.dll

MD5: 6728270cb7dbb776ed086f5ac4c82310 C:\WINDOWS\system32\COMRes.dll

MD5: 75deb92422d955373825a11f9f74ec6a C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: 1ecb753d7ceec8f5a94c9781ca64ec44 c:\windows\system32\credui.dll

MD5: cad4aa32e7eca00c23cc39c0eb833f9d C:\WINDOWS\system32\cryptnet.dll

MD5: 10654f9ddcea9c46cfb77554231be73b c:\windows\system32\cryptsvc.dll

MD5: 587729679b4fe04ce06a5c61d6c56dcd C:\WINDOWS\system32\cscdll.dll

MD5: f12b178b1678d778cfd3ff1fc38c71fb C:\WINDOWS\system32\csrss.exe

MD5: 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe

MD5: 5fcd3a21a155beb3c7f75ed1a4ef4ec2 C:\WINDOWS\system32\cusrvc.exe

MD5: 8e19878192348e8bd426a389c942808e C:\WINDOWS\system32\D3DIM700.DLL

MD5: 6479a184873f7ca797ff0375d711e9a6 C:\WINDOWS\system32\dbghelp.dll

MD5: 7ed462f353b3d915a418a689fa881f96 C:\WINDOWS\system32\DDRAW.dll

MD5: ad805da7015d155ef9899f73a1c27753 C:\WINDOWS\system32\ddrawex.dll

MD5: 6cd4a623e07139ccb76d32a828733496 C:\WINDOWS\system32\devenum.dll

MD5: 3f15a1dbd86f7bdaf404648282d11ece c:\windows\system32\dhcpcsvc.dll

MD5: d803bdb34c060035d4753dda046d5c72 C:\WINDOWS\system32\DNSAPI.dll

MD5: 6333c7e182e5b6247500188d28214def c:\windows\system32\dnsrslvr.dll

MD5: 6cd5917c85d363fd012a4369fb87997b C:\WINDOWS\system32\DPAWIN32.dll

MD5: 43eba1d39bc5524cd6cc07d713bd073a C:\WINDOWS\system32\DPLMW32.DLL

MD5: 52e02509ecbd66881520a7cb4ac0ca28 C:\WINDOWS\system32\DPLWIN32.dll

MD5: 24224854ca4818020eeca6dc8b49ec57 C:\WINDOWS\system32\dpmw32.exe

MD5: fe009b5bae5241fc2f9a3c33edd51a31 C:\WINDOWS\system32\DPPWIN32.dll

MD5: 2f2f2477d8f737716a759e94ac9012ee C:\WINDOWS\system32\DPRPCW32.dll

MD5: 1eae80d0db323be1e4b6bbe662b7369f C:\WINDOWS\system32\DPSWIN32.dll

MD5: 0f2d66d5f08ebe2f77bb904288dcf6f0 C:\WINDOWS\system32\drivers\ac97intc.sys

MD5: 0ea9b1f0c6c90a509c8603775366adb7 C:\WINDOWS\system32\DRIVERS\adpu320.sys

MD5: 6a0397376853e604de8e1e7a87fc08ac C:\WINDOWS\System32\drivers\afd.sys

MD5: 3a3a82ffd268bcfb7ae6a48cecf00ad9 C:\WINDOWS\system32\DRIVERS\b57xp32.sys

MD5: 50ab02a4235f0f180f32bb3b24f7c160 C:\WINDOWS\system32\DRIVERS\CDProbe.SYS

MD5: 7b53584d94e9d8716b2de91d5f1cb42d C:\WINDOWS\system32\DRIVERS\cdrom.sys

MD5: cb6ff7012bb5d59d7c12350db795ce1f C:\WINDOWS\system32\DRIVERS\ctxusbm.sys

MD5: 17aaca24903e6d5faece3c35de01d3dd C:\WINDOWS\system32\DRIVERS\e1e5132.sys

MD5: 2a013e7530beab6e569faa83f517e836 C:\WINDOWS\system32\drivers\HdAudio.sys

MD5: c865d1f6d03595df213dc3c67e4e4c58 C:\WINDOWS\system32\DRIVERS\HECI.sys

MD5: 06b7ef73ba5f302eecc294cdf7e19702 C:\WINDOWS\system32\DRIVERS\i81xnt5.sys

MD5: 9a883c3c4d91292c0d09de7c728e781c C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: 2cdf483f8fc2bf3f7b93e3bdd734cfbd C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS

MD5: 2d722b2b54ab55b2fa475eb58d7b2aad C:\WINDOWS\system32\DRIVERS\intelide.sys

MD5: 3d2c13377763eeac0ca6fb46f57217ed C:\WINDOWS\system32\drivers\mbam.sys

MD5: a44f0bcf8abdba07b49b12712deeed9c C:\WINDOWS\system32\drivers\nicm.sys

MD5: 3e16eff2a6fed2d8d7f5a66dfe65d183 C:\WINDOWS\system32\DRIVERS\p3.sys

MD5: d24dfd16a1e2a76034df5aa18125c35d C:\WINDOWS\system32\DRIVERS\psi_mf.sys

MD5: d9b34325ee5df78b8f28a3de9f577c7d C:\WINDOWS\system32\DRIVERS\RimSerial.sys

MD5: 6d6b57808c923a4d79cc8f47307753c9 C:\WINDOWS\system32\drivers\RtkHDAud.sys

MD5: dd8d9c597af7cd2f6b70a3d6a4a1acea C:\WINDOWS\System32\Drivers\ssadadb.sys

MD5: 406776fe3c2b66796bac1a7afb9ac8a1 C:\WINDOWS\system32\DRIVERS\ssadbus.sys

MD5: b19532d015a5d295e2aa34bb521202cf C:\WINDOWS\system32\DRIVERS\ssadmdfl.sys

MD5: 2aebf9108e6f435458b9499c27394da4 C:\WINDOWS\system32\DRIVERS\ssadmdm.sys

MD5: ffe42941e0326c322f40b0b79a46493c C:\WINDOWS\system32\DRIVERS\sscdbus.sys

MD5: a68e7d87adfbb8c50d88cd58230c6819 C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys

MD5: b534b24151281856ec2f69ed3d6d60dd C:\WINDOWS\system32\DRIVERS\sscdmdm.sys

MD5: 49b20b430a4f219173f823536944474a C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

MD5: f2b7e8416f508368ac6730e2ae1c614f C:\WINDOWS\system32\DRIVERS\symmpi.sys

MD5: 626f733be7f951116c5c0804b068666c C:\WINDOWS\System32\Drivers\SYMREDRV.SYS

MD5: cb7cc4ddbe09e224d4cd876760ba982c C:\WINDOWS\System32\Drivers\SYMTDI.SYS

MD5: 744e57c99232201ae98c49168b918f48 C:\WINDOWS\system32\DRIVERS\tcpip.sys

MD5: 45a0d14b26c35497ad93bce7e15c9941 C:\WINDOWS\system32\drivers\usbaudio.sys

MD5: e8532ccc886588219bceb3ea6f9f5339 C:\WINDOWS\system32\Drivers\V0350Afx.sys

MD5: 86326062a90494bdd79ce383511d7d69 C:\WINDOWS\system32\DRIVERS\V0350VFx.sys

MD5: 0bfd58f9ad1e953f475526e12b81a85a C:\WINDOWS\system32\DRIVERS\V0350Vid.sys

MD5: 7b5b44efe5eb9dadfb8ee29700885d23 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys

MD5: eb1f6bab6c22ede0ba551b527475f7e9 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys

MD5: 03ce989d846c1aa81145cb22fcb86d06 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys

MD5: 0308aef61941e4af478fa1a0f83812f5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys

MD5: 714038a8aa5de08e12062202cd7eaeb5 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys

MD5: 7bb3aa595e4507a788de1cdc63f4c8c4 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys

MD5: d83bdd5c059667a2f647a6be5703a4d2 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys

MD5: ed968d23354daa0d7c621580c012a1f6 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys

MD5: d738273f218a224c1ddac04203f27a84 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys

MD5: 352fa0e98bc461ce1ce5d41f64db558d C:\WINDOWS\system32\DRIVERS\wATV06nt.sys

MD5: 791cc45de6e50445be72e8ad6401ff45 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys

MD5: 0052d118995cbab152daabe6106d1442 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys

MD5: ae2c8544e747c20062db27456ea2d67a C:\WINDOWS\system32\DRIVERS\wmiacpi.sys

MD5: 525849b4469de021d5d61b4db9be3a9d C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys

MD5: 589c2bcdb5bd602bf7b63d210407ef8c C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys

MD5: 55e148c01296696588eafa425782c3e8 C:\WINDOWS\system32\DSOUND.dll

MD5: cacd2c63a79268d131ea37e85524cc44 C:\WINDOWS\system32\dssenh.dll

MD5: acc3d7d867010e03d862ab9764e42550 C:\WINDOWS\system32\dxdiagn.dll

MD5: c46049174399eca9ecc37adeb0b5c24d C:\WINDOWS\system32\E_FLM9HA.DLL

MD5: 50de118da580208b914b40dd47c90d52 c:\windows\system32\ESENT.dll

MD5: 8614c95547998749f8ab3abc52a6d7f9 C:\WINDOWS\system32\FLTLIB.DLL

MD5: 6052410cb57d5522574e8ddaefbc9d87 C:\WINDOWS\system32\GDI32.dll

MD5: d0127023af6070d5b479b1ae65b107a2 C:\WINDOWS\system32\hccutils.DLL

MD5: bf29524acb31d3034dff887dfe6179a7 C:\WINDOWS\system32\HHCTRL.OCX

MD5: dde4a991f26179573d2cfa7a093f56fa C:\WINDOWS\system32\hkcmd.exe

MD5: 765b30c776a1780b46b479fe614f707c C:\WINDOWS\system32\hnetcfg.dll

MD5: c51a3d62b0f81897eb0cef4e47392cb8 C:\WINDOWS\system32\HPBHealr.dll

MD5: a246f118b3247c456dc68c5b7d929e75 C:\WINDOWS\system32\HPBMMON.DLL

MD5: aae2820726ff1346b501610cc56a9d9c C:\WINDOWS\system32\hpdomon.dll

MD5: c437623934b6416193e461b7053ba58e C:\WINDOWS\system32\HPLTLM2.DLL

MD5: 39860787f4e6de9a35ab1e74330cc788 C:\WINDOWS\system32\iepeers.dll

MD5: 58c8809d7486db2d9c6a24a8630a5478 C:\WINDOWS\system32\igfxdev.dll

MD5: eaf47a526b911b0961d3feceb442e0c4 C:\WINDOWS\system32\igfxpers.exe

MD5: 09a350f25d94d18190a8988e25671844 C:\WINDOWS\system32\igfxsrvc.dll

MD5: e79977b1ecc05c53f0194750457bbb37 C:\WINDOWS\system32\igfxtray.exe

MD5: 5afce94e8286b2f57a04da37f01bf21a C:\WINDOWS\system32\IMAGEHLP.dll

MD5: 87ca7ce6469577f059297b9d6556d66d C:\WINDOWS\system32\IMM32.DLL

MD5: f14a6bd840e4d7cd4c0535cb3cef2887 C:\WINDOWS\system32\inetpp.dll

MD5: 07f4744b94778c46c70ce98546b18fa9 C:\WINDOWS\system32\IPHLPAPI.DLL

MD5: 36cc8c01b5e50163037bef56cb96deff c:\windows\system32\ipnathlp.dll

MD5: 1efbd57fa79b96f638f3f72dcc393f34 C:\WINDOWS\system32\kerberos.dll

MD5: b6acaed7588295129791e0e6a2b0fade C:\WINDOWS\system32\kernel32.dll

MD5: c5245f09c55fe9d49db96cef768dd360 C:\WINDOWS\system32\ksproxy.ax

MD5: 648bf0b4dde4f7a1156dae7174d36efa C:\WINDOWS\system32\LINKINFO.dll

MD5: 2e632f071817ad3758c386571cbd9858 C:\WINDOWS\system32\localspl.dll

MD5: 7ae1cf048b3f557849af73d1f3cab8b4 C:\WINDOWS\system32\LOCWIN32.DLL

MD5: 43fceef75fd6208925ddd4fff8c36723 C:\WINDOWS\system32\logon.scr

MD5: 7db59fff2af32c27eb2276424fa5eddb C:\WINDOWS\system32\logonui.exe

MD5: 8185eee4e645f74c9ff30271365e0aba C:\WINDOWS\system32\LSASRV.dll

MD5: 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx

MD5: caafe622ea3f28fde49790999e813e98 C:\WINDOWS\system32\MAPBASE.dll

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\system32\MFC71.DLL

MD5: dd7a348fbb1491208d908a36a2900371 C:\WINDOWS\system32\mgmtapi.dll

MD5: 0346da24de3c85909717d5997510a31f C:\WINDOWS\system32\MLANG.dll

MD5: 2cfe80aa3428c09e6de67fac50da65cf C:\WINDOWS\system32\MPR.dll

MD5: 9f78f329b1858e845087b923b4dba0f3 C:\WINDOWS\system32\MPRAPI.dll

MD5: a9753f3343eb7a8bc3b498841c8be6fd C:\WINDOWS\system32\MSCTF.dll

MD5: ca6abe0b5e79b99bf98d24e7bb68d7db C:\WINDOWS\system32\MsgSys.dll

MD5: 892f4bc54d486feb4df03e4e2ecb14e0 C:\WINDOWS\system32\msi.dll

MD5: d3ad4f21dd60b4b9bfeb415564a6c308 C:\WINDOWS\system32\msimtf.dll

MD5: b0c7f57d956a08ca4a6dd032d35c83ff C:\WINDOWS\system32\MSOERT2.dll

MD5: f5ee7cacd1784241f138a5e55b715897 c:\windows\system32\mstlsapi.dll

MD5: 9eea0ca999a33c9d2eabe82e4c624cc3 C:\WINDOWS\system32\MSUTB.dll

MD5: 8bcc4cb5ae075bfa6dde97cc3dac1dc6 C:\WINDOWS\system32\msv1_0.dll

MD5: 1f57eb5b92b2ac7f9d71a77d184d8c13 C:\WINDOWS\system32\MSVCP60.dll

MD5: b0fefa816d61ec66aa765ddf534eab5e C:\WINDOWS\system32\msvcrt.dll

MD5: 9cab732c554bc1191e68d1efb102da45 C:\WINDOWS\system32\MSVFW32.dll

MD5: 1dfca7713ea5a70d5d93b436aea0317a C:\WINDOWS\system32\mswsock.dll

MD5: 99f43b9b76c88acead42fe84744f8c87 C:\WINDOWS\system32\MTXCLU.DLL

MD5: 8dc664b45019f14485cfbf84d8b90036 C:\WINDOWS\System32\mtxoci.dll

MD5: 3637ec6c50e02bb6fd80dd41cf47853e C:\WINDOWS\system32\NavLogon.dll

MD5: 915261f4240f2d9a17b190b669eb9532 C:\WINDOWS\system32\NCPWIN32.dll

MD5: 50cc65164c62e0df30096139b0b3dbf0 C:\WINDOWS\system32\ndppnt.dll

MD5: e3ae8dc04643850d2dfd431443558b28 c:\windows\system32\netcfgx.dll

MD5: 6c476d33d82f1054849790181e8f7772 C:\WINDOWS\system32\netlogon.dll

MD5: 36739b39267914ba69ad0610a0299732 c:\windows\system32\netman.dll

MD5: bf52a4d4eb4cfb3109667e429b93e21a c:\windows\system32\netshell.dll

MD5: 2cd673a16887a31533ab4f2eafffa69e C:\WINDOWS\system32\NetWare\nwdhcp.sys

MD5: 235f7f351f34588620f82ccc4a88b8a9 C:\WINDOWS\system32\NetWare\nwdns.sys

MD5: 7bbf493e2b4979312fa5b350fcf5a4c4 C:\WINDOWS\system32\NetWare\nwfilter.sys

MD5: 927c58b8dcf8e058459325a8b03ccd96 C:\WINDOWS\system32\NetWare\nwfs.sys

MD5: baa75acf404bebce7065663664a7c3e4 C:\WINDOWS\system32\NetWare\NWHOST.sys

MD5: 2726a6792bbb080ff345ed9a8111360f C:\WINDOWS\system32\NetWare\NWSAP.sys

MD5: 0c19ea7bf54f23ef37d8a14c61f64891 C:\WINDOWS\system32\NetWare\nwsipx32.sys

MD5: 0b5c354bebc5381b59a196bd7e517814 C:\WINDOWS\system32\NetWare\nwslp.sys

MD5: 172308996609da67e99c87fa784df8bc C:\WINDOWS\system32\NetWare\NWSNS.sys

MD5: 2016cb1171a76be4d85bc119d687b305 C:\WINDOWS\system32\netware\NWWS2NDS.DLL

MD5: 4be7bc16cc63b602c05379d454eb2fb2 C:\WINDOWS\system32\netware\NWWS2SAP.DLL

MD5: ee40df626e09c60b59964c1e267c999e C:\WINDOWS\system32\netware\NWWS2SLP.DLL

MD5: 16c27d650113b0aa0c8255c561a71cd4 C:\WINDOWS\system32\NetWare\resmgr.sys

MD5: 92a0fe75514b41d811f8876aa739868e C:\WINDOWS\system32\NetWare\srvloc.sys

MD5: fee6cc192ab2d5e1cf3194948c1364a9 C:\WINDOWS\system32\NETWIN32.DLL

MD5: 7de3915878e58c6c2806d1789e2273a8 C:\WINDOWS\system32\NLS\ENGLISH\MAPBASER.DLL

MD5: 3c9c9fe727606b98e4c9a20d256e14c9 C:\WINDOWS\system32\NLS\ENGLISH\NDPPNTR.DLL

MD5: a5c65ce8e28f3e0b482d22e38984474f C:\WINDOWS\system32\NLS\ENGLISH\NOVNPNTR.DLL

MD5: fca7a6e90ad6eac4b4970f5612233b52 C:\WINDOWS\system32\NLS\ENGLISH\NWGINAR.DLL

MD5: 3b84f944c492e991de445a82318599ec C:\WINDOWS\system32\NLS\ENGLISH\NWSHLXNR.DLL

MD5: 90406df67e925a31bac28b4f009acfca C:\WINDOWS\system32\NLS\ENGLISH\NWSPOOLR.DLL

MD5: 294dd9b0da548d12d062f4a864fa325d C:\WINDOWS\system32\NOVNPNT.DLL

MD5: 2f868bffbf50524653d7fe0d99afb064 C:\WINDOWS\system32\ntdll.dll

MD5: 6201bacf384292a5fe94ce73364ae53a C:\WINDOWS\system32\NTDSAPI.dll

MD5: daa91b358e685fc6cca9aca72be6fe85 C:\WINDOWS\system32\NTMARTA.DLL

MD5: b62f29c00ac55a761b2e45877d85ea0f C:\WINDOWS\system32\ntmssvc.dll

MD5: 35c33d6a3a3fde320a842df24a652496 C:\WINDOWS\system32\NTS.dll

MD5: 385e9aec6e100dbebee5bd1f27a55e1d C:\WINDOWS\system32\ntshrui.dll

MD5: a368949050530065d89bfa830345c318 C:\WINDOWS\system32\NWGINA.DLL

MD5: 4bf0db3ecdca3748713166dd3a6d6623 C:\WINDOWS\system32\NWSHLXNT.dll

MD5: acd520083396a140449a71afeac9302e C:\WINDOWS\system32\nwspool.dll

MD5: 1c1466c0fd4dfe6d847dda21b64147e3 C:\WINDOWS\system32\NWSRVLOC.dll

MD5: 8ea25db3b87bf8837f8799cda811f719 C:\WINDOWS\system32\nwtray.exe

MD5: f79d7d98cd764499eccbaaf3f800d349 C:\WINDOWS\system32\ODBC32.dll

MD5: c237fb08f52f27823c4e4e6705ecd196 C:\WINDOWS\system32\odbcint.dll

MD5: ab8231d13692ac5088eb9c226b0c0576 C:\WINDOWS\system32\ole32.dll

MD5: 0144abc4c4a624b583d432ee478a711c C:\WINDOWS\system32\OLEAUT32.dll

MD5: b48d3193dd1474dcbcc32bf4779ac698 C:\WINDOWS\system32\olepro32.dll

MD5: c5381a86a4a47fa6e6886774e7f6fb85 C:\WINDOWS\system32\PCTKRNT.SYS

MD5: e7584239b46c4e0702aff5a1c8a410bb C:\WINDOWS\system32\pdh.dll

MD5: 931f84bf591a39f1c0dbc680fd9b09d4 C:\WINDOWS\system32\PDS.DLL

MD5: 2604411db362f3c7d46bab31362f0b55 C:\WINDOWS\system32\perfproc.dll

MD5: 5c112cb49b85449c418814bdfd537379 C:\WINDOWS\system32\Primomonnt.dll

MD5: 4d3ccdf22d2b4bae229ba73b81d13e26 C:\WINDOWS\system32\psbase.dll

MD5: 755d08e9e2ae904f75cb97a53c2ba785 C:\WINDOWS\system32\qcap.dll

MD5: 037438a305f1eff51af788c32eff4360 C:\WINDOWS\system32\qmgrprxy.dll

MD5: b5d08c96b2dadaf5171fb69e341b272b C:\WINDOWS\system32\rasadhlp.dll

MD5: cd1f7ed9842138beadf9ecbf37818bef C:\WINDOWS\system32\RASAPI32.DLL

MD5: 44db7a9bdd2fb58747d123fbf1d35adb C:\WINDOWS\System32\rasauto.dll

MD5: ba5d5fd3cca6f64a429e2e0e1a1a0917 C:\WINDOWS\System32\RASDLG.dll

MD5: 30e244a707e6ce0a4b099cd6384ec6ca C:\WINDOWS\system32\rasman.dll

MD5: 49b5eed5fb89d39456a2f616ccd8ba5d c:\windows\system32\rasmans.dll

MD5: 04ecec0447f79419ad25227205b8277d C:\WINDOWS\System32\rasppp.dll

MD5: 1d536bebc30dd8d0d3b6ff3b0cd2d32b C:\WINDOWS\System32\rastapi.dll

MD5: 899ed710fdc37eb7d0115c2932c2b1eb C:\WINDOWS\system32\REGAPI.dll

MD5: 3151427db7d87107d1c5be58fac53960 c:\windows\system32\regsvc.dll

MD5: 2738c8a33ff07dd3c99c7c8f0a85da72 C:\WINDOWS\System32\RESUTILS.DLL

MD5: b78f5e78d50216a1302f50c12abee801 C:\WINDOWS\system32\RICHED20.DLL

MD5: 2901350e8218e0e4752ca9f2cabd3ad8 C:\WINDOWS\system32\RPCRT4.dll

MD5: 24b5d53b9accc1e2edcf0a878d6659d4 c:\windows\system32\rpcss.dll

MD5: 26acbd865f8cff730f1791c4d0854352 C:\WINDOWS\system32\rsaenh.dll

MD5: ebe12f403fde45e7312e7bf764bfb6c6 C:\WINDOWS\system32\SAMLIB.dll

MD5: e15154e7fda8a580a8f74c7cc16b1ffe C:\WINDOWS\system32\SAMSRV.dll

MD5: 0f78e27f563f2aaf74b91a49e2abf19a C:\WINDOWS\system32\scecli.dll

MD5: 9a42c1f3154545a4d32e5043038b01fa C:\WINDOWS\system32\SCESRV.dll

MD5: 3732492edd6c46454752f9ac78f2539e C:\WINDOWS\system32\schannel.dll

MD5: 92360854316611f6cc471612213c3d92 c:\windows\system32\schedsvc.dll

MD5: d636fa41e50671160d838ea2dace3330 C:\WINDOWS\system32\sclgntfy.dll

MD5: 1d141672ce98383b22a1846e4d43c159 C:\WINDOWS\system32\Secur32.dll

MD5: 4712531ab7a01b7ee059853ca17d39bd C:\WINDOWS\system32\services.exe

MD5: 9858cc4d73a4ccf2f852fae07c11a0b5 C:\WINDOWS\system32\sfc_os.dll

MD5: 559b2d22a1ee947a7eaed530c7ff9320 C:\WINDOWS\system32\SHDOCVW.dll

MD5: 06da8c5383aaf17127fc4b1658ba3f4f C:\WINDOWS\system32\SHELL32.dll

MD5: 43da983415ea533f9e667fdb415f4655 C:\WINDOWS\system32\ShimEng.dll

MD5: 7c972c7f0e3ce48503e1e9fbe9890009 C:\WINDOWS\system32\SHLWAPI.dll

MD5: 53d9184a21c5cbf600d918e51ef3a7e5 C:\WINDOWS\system32\SHSVCS.dll

MD5: bd7fb0957c716f1a60333aee04de2178 C:\WINDOWS\system32\smss.exe

MD5: 0484c838adfc880b74b0e9d2d97738e2 C:\WINDOWS\system32\snmpapi.dll

MD5: c75ca5f225907639fee158c435607319 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATI9HA.EXE

MD5: a38b3ce68e7f126190cde4aa3fdf050f C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

MD5: 3abedd15c57a791b48718ee4de99094f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HPZPP2I7.DLL

MD5: b420fc492e8817514e227a23b18de7ba C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp3zw.DLL

MD5: ee9ae6899ab7c1d81d37f2d285beb86c C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp43e.DLL

MD5: 87b85bc1e1f6e0228876204a20a9c24c C:\WINDOWS\system32\SPOOLSS.DLL

MD5: da81ec57acd4cdc3d4c51cf3d409af9f C:\WINDOWS\system32\spoolsv.exe

MD5: 92bdf74f12d6cbec43c94d4b7f804838 c:\windows\system32\srsvc.dll

MD5: 0cb3af149a0bac0836022ca307c7a0f8 c:\windows\system32\srvsvc.dll

MD5: 4b8d61792f7175bed48859cc18ce4e38 C:\WINDOWS\System32\ssdpsrv.dll

MD5: 297101a925ecffdcdf7f6341ffbb6c1a C:\WINDOWS\system32\stobject.dll

MD5: 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

MD5: 0ff9fa27706fbe9048990c108c0d62f0 C:\WINDOWS\system32\SXS.DLL

MD5: f31ec45a991f386501ebf0399db9fc7e C:\WINDOWS\system32\SYMREDIR.DLL

MD5: 6307a1b82f6ca87d7e0cdf49e6e7bc00 C:\WINDOWS\system32\TAPI32.dll

MD5: fb78839b36025aa286a51289ed28b73e c:\windows\system32\tapisrv.dll

MD5: 16909457828f6eeb01cd46f206ebfa0b C:\WINDOWS\system32\tcpmib.dll

MD5: e6796d51ced309e46d29c0b787735615 C:\WINDOWS\system32\themeui.dll

MD5: 6d9ac544b30f96c57f8206566c1fb6a1 c:\windows\system32\trkwks.dll

MD5: 586211f4ff4bc49cc215c956919cd33b C:\WINDOWS\system32\umpnpmgr.dll

MD5: aca5d98663d879c6baafcea7e2f1b710 C:\WINDOWS\System32\upnphost.dll

MD5: 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\system32\USER32.dll

MD5: 2b9b56a89a8a42e917511972a6db36e3 C:\WINDOWS\system32\USERENV.dll

MD5: 39b1ffb03c2296323832acbae50d2aff c:\windows\system32\userinit.exe

MD5: 2cde496666a975a2ce8f969f3042c8db C:\WINDOWS\system32\uxtheme.dll

MD5: e7f6cd0194dcf6ea6aad87c6406496d3 C:\WINDOWS\system32\VDMDBG.DLL

MD5: 2b281958f5d0cf99ed626e3ef39d5c8d C:\WINDOWS\system32\w32time.dll

MD5: de578e4e6844954823fc7688625f00c8 C:\WINDOWS\system32\wbem\esscli.dll

MD5: 4de2616b80c62930fd337ec395462b21 C:\WINDOWS\system32\wbem\fastprox.dll

MD5: 9a66728efe501d855d0ffe3de023ce32 C:\WINDOWS\system32\wbem\repdrvfs.dll

MD5: 4e39c36213e95fb971a61a247bde2f61 C:\WINDOWS\system32\wbem\wbemcomn.dll

MD5: d18d28cef9fea09359c7de7be3669f66 C:\WINDOWS\system32\wbem\wbemcons.dll

MD5: 36360b625d7290bba2cd03ad4975e1bc C:\WINDOWS\system32\wbem\wbemcore.dll

MD5: 6708e1ddf12cab2d5b5a2b66b76e0038 C:\WINDOWS\system32\wbem\wbemess.dll

MD5: 44266e3a948fa690585b2d7205a672f6 C:\WINDOWS\system32\wbem\wmiprvsd.dll

MD5: 0a1161db4fccf7821736c70d70a0f5a3 C:\WINDOWS\system32\wbem\wmiutils.dll

MD5: 6e2aba80e627a6b2caccc6d0c60874b1 C:\WINDOWS\system32\wdigest.dll

MD5: 265f534ef76832435afbf771ec97176d c:\windows\system32\webclnt.dll

MD5: b6763f8534ac547cf1af98afdff2edc8 c:\windows\system32\wiaservc.dll

MD5: a1c10f87248529173f39f4b4734df14b C:\WINDOWS\system32\win32spl.dll

MD5: 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

MD5: 90fdaa22f38d9e911f91fa3b8a1f7e5d C:\WINDOWS\system32\WINMM.dll

MD5: 2c8fdb176f22629ea5342db474fac391 C:\WINDOWS\System32\winrnr.dll

MD5: 7bcb23fa39ce266af4347a6beab60f8c C:\WINDOWS\system32\WINSCARD.DLL

MD5: 3e958ebbe7da5691e8b08429a7edb44b C:\WINDOWS\system32\winsrv.dll

MD5: 7bc4ba4c33adf3ef5cd370d99bc60b04 C:\WINDOWS\system32\WINSTA.dll

MD5: 10f36fa092d7a309a0647fcdc764ae6c C:\WINDOWS\system32\WLDAP32.dll

MD5: a599e5e366c1408e48aa5d37882d4e3e C:\WINDOWS\system32\WlNotify.dll

MD5: 4d59daa66c60858cdf4f67a900f42d4a c:\windows\system32\wscsvc.dll

MD5: 310b84ed9452d97b408589ed28860902 C:\WINDOWS\system32\wsnmp32.dll

MD5: 9a9bbc71d0ebcd400a33abcd5f0ab39c c:\windows\system32\WZCSAPI.DLL

MD5: 5a91e6feab9f901302fa7ff768c0120f c:\windows\system32\wzcsvc.dll

MD5: eef46dab68229a14da3d8e73c99e2959 C:\WINDOWS\System32\xmlprov.dll

MD5: 1320aea7057a26a671d9548cc7bebda5 C:\WINDOWS\system32\xpsp2res.dll

MD5: 6ddeb7da0b74f9212f54ade82d836268 C:\WINDOWS\V0350Mon.exe

MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL

MD5: c4e80875c1cf1222fc5efd0314ae5c01 C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\COMCTL32.dll

No file uploaded.

Scan finished - communication took 4 sec

Total traffic - 0.02 MB sent, 1.95 KB recvd

Scanned 776 files and modules - 39 seconds

==============================================================================

Link to post
Share on other sites

Your logs appear to be clean! :)

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again ;):

:excl:Please consider updating to the latest Windows Service Pack.

Windows Service Pack 3 (SP3) contains critical security updates released since SP1 and SP2 plus support for new types of hardware and emerging hardware standards.

Please visit: Windows Update to download the latest Service Pack. NOTE: you will have to install SP2 and a number of other updates before SP3. However, all of this will leave you much safer than before.

-------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Link to post
Share on other sites

D-Fred -

So I was able to install all of the updates. After the Win SP3 loaded it attempted to restart the machine, but it stalled on the windows splash screen asking to "please wait..". I turned off the computer and then restarted it. This second time it started normally.

We ran the defogger at the beginning of the process. Do I need to rerun it?

Thank you so much for taking the time to help me with all of this. I am now thinking of checking which programs are auto starting etc. so I can reduce the number of services running in the background (hopefully increasing the speed of my computer - I will also backup and remove some of the data on my HDD so I can Defrag the drive). Is there a thread that has directions that you would recommend?

Thank you-

Smitty

Link to post
Share on other sites

We ran the defogger at the beginning of the process. Do I need to rerun it?

Nope, you should be fine ;)

Is there a thread that has directions that you would recommend?

For Defragging, I don't believe we do.

Here is a useful link by Microsoft: 6 ways to speed up your PC

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled :):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.