TechSpot

Google results are redirecting

Inactive
By poorskull
Mar 15, 2011
  1. Hi there, looks like I've got one of these... Firefox is my primary browser, and after months of non-use I checked IE and it's also exhibiting the same behavior. Hoping you guys can work your magic. (Apologies in advance if I manage to prove incompetent)

    ===============================

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 6062

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    3/15/2011 7:10:35 AM
    mbam-log-2011-03-15 (07-10-35).txt

    Scan type: Quick scan
    Objects scanned: 156257
    Time elapsed: 9 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{549B5CA7-4A86-11D7-A4DF-000874180BB3} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ===========================================

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-03-15 10:53:33
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-00FJA0 rev.13.03G13
    Running: nrp7jync.exe; Driver: C:\DOCUME~1\Joe\LOCALS~1\Temp\uwtdakow.sys


    ---- System - GMER 1.0.15 ----

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

    ---- Kernel code sections - GMER 1.0.15 ----

    init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF629549E]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
    .text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\System32\svchost.exe[984] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
    .text C:\WINDOWS\System32\svchost.exe[984] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00ED000A
    .text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CC000A
    .text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CD000A
    .text C:\WINDOWS\Explorer.EXE[1068] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C
    ? C:\WINDOWS\System32\svchost.exe[2316] image checksum mismatch; number of sections mismatch; time/date stamp mismatch; unknown module: oleaut32.dllunknown module: oleaut32.dllunknown module: comctl32.dllunknown module: oleaut32.dllunknown module: oleaut32.dll

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] [00401004] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7453060A
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 676E6972
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] [00401010] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 69570A0B
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 74536564
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 676E6972
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] [00401020] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!OpenThreadToken] 6156070C
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 6E616972
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] [00408D74] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] [00401030] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] 6C4F0A0C
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 72615665
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrlenW] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalFree] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThread] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [00401088] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LCMapStringW] [00403600] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!FreeLibrary] [00403604] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcpyW] [00403608] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] [004035FC] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] [0040338C] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!ExitProcess] [004033A8] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] [004033E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InitializeCriticalSection] 624F5407
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 7463656A
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetErrorMode] [00401094] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 4F540707
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 63656A62
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] 40108874
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 06000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetTickCount] 74737953
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] 00006D65
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] [004010B4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 49490A0F
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 7265746E
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 65636166
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000001
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtQuerySecurityObject] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 79530646
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtOpenKey] 6D657473
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscat] FFFF0003
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcscpy] [004010E4] C:\WINDOWS\System32\svchost.exe (Generic Host Process for Win32 Services/Microsoft Corporation)
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 4449090F
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCompareUnicodeString] 61707369
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitUnicodeString] B0686374
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlInitializeSid] 01004010
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 00020400
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!NtClose] 000000C0
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] 46000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetDaclSecurityDescriptor] 73795306
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlQueryInformationAcl] 046D6574
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlGetAce] 90FFFF00
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] 244483CC
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!wcslen] BDE9F804
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 83000048
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [ntdll.dll!RtlCopySid] F8042444
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 24448300
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] E5E9F804
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] CC000048
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 401111CC
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 40111B00
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] 40112500
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 00000100
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 00000000
    IAT C:\WINDOWS\System32\svchost.exe[2316] @ C:\WINDOWS\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 00000000

    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 32: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 59: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 60: rootkit-like behavior; copy of MBR
    Disk \Device\Harddisk0\DR0 sector 61: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
     
  2. poorskull

    poorskull TS Rookie Topic Starter

    ---- Files - GMER 1.0.15 ----

    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\01\11-{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}-v1-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v11-Downloaded.frx 112 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\12\12-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v12-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v12-Downloaded.frx 5149291 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\13\13-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v13-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v13-Downloaded.frx 112 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\14\14-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v14-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v14-Downloaded.frx 125646 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\15\15-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v15-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v15-Downloaded.frx 129788 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\16\16-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v16-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v16-Downloaded.frx 130524 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\16\16-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v16-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v16-Downloaded.frx 371650 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\17\17-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v17-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v17-Downloaded.frx 127879 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\17\17-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v17-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v17-Downloaded.frx 513808 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\18\18-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v18-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v18-Downloaded.frx 124237 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\18\18-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v18-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v18-Downloaded.frx 748481 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\19\19-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v19-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v19-Downloaded.frx 122015 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\19\19-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v19-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v19-Downloaded.frx 675874 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\20\20-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v20-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v20-Downloaded.frx 131776 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\20\20-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v20-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v20-Downloaded.frx 696085 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\21\21-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v21-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v21-Downloaded.frx 132250 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\22\22-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v22-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v22-Downloaded.frx 132089 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\22\22-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v22-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v22-Downloaded.frx 206465 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\23\23-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v23-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v23-Downloaded.frx 112717 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\24\24-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v24-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v24-Downloaded.frx 114085 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\24\24-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v24-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v24-Downloaded.frx 118530 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\25\25-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v25-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v25-Downloaded.frx 119586 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\25\34-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v25-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v34-Downloaded.frx 117552 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\26\26-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v26-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v26-Downloaded.frx 125604 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\26\35-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v26-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v35-Downloaded.frx 121626 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\27\27-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v27-{54F0CAA7-2D86-4167-A9B6-2B7656A46523}-v27-Downloaded.frx 130179 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\27\36-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v27-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v36-Downloaded.frx 135353 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\28\37-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v28-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v37-Downloaded.frx 136499 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\29\32-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v29-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v32-Downloaded.frx 142338 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\30\31-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v30-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v31-Downloaded.frx 112 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\39\44-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v39-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v44-Downloaded.frx 127012 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\40\45-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v40-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v45-Downloaded.frx 127503 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\41\46-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v41-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v46-Downloaded.frx 120075 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\42\47-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v42-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v47-Downloaded.frx 121794 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\43\48-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v43-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v48-Downloaded.frx 123561 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\49\49-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v49-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v49-Downloaded.frx 115044 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\52\52-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v52-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v52-Downloaded.frx 119006 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\53\53-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v53-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v53-Downloaded.frx 283656 bytes
    File C:\My Backup -- 09-12-20 0344PM\My old Documents and Settings\...\Local Settings\Application Data\Microsoft\Messenger\...@hotmail.com\SharingMetadata\...@hotmail.com\DFSR\Staging\CS{56D50C6E-4790-5EA6-0EA2-200CEC318AC0}\54\54-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v54-{AA1E7B3B-041A-44E3-BEEF-E2097A227859}-v54-Downloaded.frx 287303 bytes

    ---- EOF - GMER 1.0.15 ----

    ====================================

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/20/2009 7:10:58 PM
    System Uptime: 3/15/2011 7:53:40 AM (4 hours ago)
    .
    Motherboard: First International Computer, Inc. | | AU31
    Processor: AMD Athlon(tm) XP 2800+ | Socket A | 2088/166mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 75 GiB total, 7.014 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP412: 12/15/2010 5:15:56 PM - System Checkpoint
    RP413: 12/16/2010 1:33:49 AM - Software Distribution Service 3.0
    RP414: 12/17/2010 2:10:47 PM - System Checkpoint
    RP415: 12/20/2010 2:02:12 PM - System Checkpoint
    RP416: 12/21/2010 3:34:40 PM - System Checkpoint
    RP417: 12/22/2010 11:07:50 PM - System Checkpoint
    RP418: 12/24/2010 10:29:39 AM - System Checkpoint
    RP419: 12/25/2010 6:31:45 PM - System Checkpoint
    RP420: 12/26/2010 7:25:42 PM - System Checkpoint
    RP421: 12/27/2010 10:36:58 PM - System Checkpoint
    RP422: 12/30/2010 2:08:18 AM - Software Distribution Service 3.0
    RP423: 1/1/2011 11:19:30 PM - System Checkpoint
    RP424: 1/4/2011 12:03:29 PM - System Checkpoint
    RP425: 1/10/2011 11:56:34 AM - System Checkpoint
    RP426: 1/12/2011 3:00:40 AM - Software Distribution Service 3.0
    RP427: 1/21/2011 8:53:39 AM - System Checkpoint
    RP428: 1/22/2011 10:30:12 AM - System Checkpoint
    RP429: 1/23/2011 11:28:44 AM - System Checkpoint
    RP430: 1/25/2011 7:01:07 PM - System Checkpoint
    RP431: 1/27/2011 12:12:08 AM - System Checkpoint
    RP432: 1/31/2011 10:09:01 PM - System Checkpoint
    RP433: 2/3/2011 2:55:02 PM - System Checkpoint
    RP434: 2/4/2011 8:55:21 PM - System Checkpoint
    RP435: 2/6/2011 9:36:56 AM - System Checkpoint
    RP436: 2/7/2011 11:44:22 PM - System Checkpoint
    RP437: 2/9/2011 3:01:41 AM - Software Distribution Service 3.0
    RP438: 2/10/2011 12:05:59 PM - System Checkpoint
    RP439: 2/12/2011 3:31:38 AM - System Checkpoint
    RP440: 2/13/2011 12:04:49 PM - System Checkpoint
    RP441: 2/14/2011 9:35:57 PM - System Checkpoint
    RP442: 2/16/2011 10:25:05 PM - System Checkpoint
    RP443: 2/17/2011 11:49:26 PM - System Checkpoint
    RP444: 2/19/2011 8:56:29 PM - System Checkpoint
    RP445: 2/21/2011 4:29:40 PM - System Checkpoint
    RP446: 2/22/2011 7:31:05 PM - System Checkpoint
    RP447: 2/24/2011 2:00:25 PM - System Checkpoint
    RP448: 2/25/2011 7:55:51 PM - System Checkpoint
    RP449: 2/26/2011 8:23:23 PM - System Checkpoint
    RP450: 3/1/2011 10:43:12 PM - System Checkpoint
    RP451: 3/3/2011 10:24:58 PM - System Checkpoint
    RP452: 3/5/2011 7:35:26 PM - System Checkpoint
    RP453: 3/8/2011 3:00:48 AM - Software Distribution Service 3.0
    RP454: 3/9/2011 10:27:16 AM - Installed Compatibility Pack for the 2007 Office system
    RP455: 3/9/2011 10:18:35 PM - Software Distribution Service 3.0
    RP456: 3/10/2011 3:02:01 AM - Software Distribution Service 3.0
    RP457: 3/11/2011 7:56:06 PM - System Checkpoint
    RP458: 3/15/2011 5:13:04 AM - Installed Java(TM) 6 Update 24
    RP459: 3/15/2011 5:20:37 AM - Removed Java 2 Runtime Environment, SE v1.4.2
    RP460: 3/15/2011 6:17:01 AM - Removed Adobe Reader 7.0
    RP461: 3/15/2011 6:18:11 AM - Installed Adobe Reader X.
    .
    ==== Installed Programs ======================
    .
    .
    µTorrent
    AAC Decoder
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Reader X
    Amazon MP3 Downloader 1.0.10
    Amazon Unbox Video
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AutoUpdate
    Bonjour
    Bulent's Screen Recorder
    Canon Easy-PhotoPrint EX
    Canon MP Navigator EX 4.0
    Canon MP495 series MP Drivers
    Canon MP495 series User Registration
    Canon My Printer
    Canon Solution Menu EX
    Charter Security Suite
    Compatibility Pack for the 2007 Office system
    Coupon Printer for Windows
    DivX Codec
    DivX Converter
    DivX Player
    DivX Plus DirectShow Filters
    DivX Plus Web Player
    DivX Version Checker
    F-Secure PSC Prerequisites
    GIMP 2.6.8
    H.264 Decoder
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Format 11 SDK (KB939209)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    ICQ
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 24
    Last.fm 1.5.4.27091
    Learn2 Player (Uninstall Only)
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Corporation
    Microsoft LifeCam
    Microsoft Money 2004
    Microsoft Money 2004 System Pack
    Microsoft Office Professional Edition 2003
    Microsoft Silverlight
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works 7.0
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    MKV Splitter
    Mozilla Firefox (3.6.15)
    MSVCRT
    Multimedia Keyboard Driver
    NVIDIA Display Driver
    NVIDIA Ethernet Driver
    NVIDIA nForce Drivers
    PeerBlock 1.0.0 (r181)
    Play Wireless USB Adapter
    PowerDVD
    QuickTime
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 8 (KB2183461)
    Security Update for Windows Internet Explorer 8 (KB2360131)
    Security Update for Windows Internet Explorer 8 (KB2416400)
    Security Update for Windows Internet Explorer 8 (KB2482017)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Internet Explorer 8 (KB978207)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player (KB979402)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2479943)
    Security Update for Windows XP (KB2481109)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB913433)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371-v2)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    Segoe UI
    Skype™ 4.1
    SoftV92 Data Fax Modem with SmartCP
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 8 (KB975364)
    Update for Windows Internet Explorer 8 (KB976662)
    Update for Windows Internet Explorer 8 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB953356)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB961503)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VC80CRTRedist - 8.0.50727.4053
    Veetle TV 0.9.18
    VLC media player 1.0.3
    WebFldrs XP
    Winamp
    Winamp Application Detect
    Windows Backup Utility
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Movie Maker 2.0
    Windows XP Service Pack 3
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/9/2011 3:21:15 AM, error: F-Secure Gatekeeper [1] -
    3/15/2011 7:56:07 AM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}
    3/15/2011 7:56:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the iPod Service service to connect.
    3/15/2011 7:56:05 AM, error: Service Control Manager [7000] - The iPod Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/15/2011 7:26:56 AM, error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    3/15/2011 7:15:10 AM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
    3/15/2011 6:43:21 AM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:21 AM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:15 AM, error: Service Control Manager [7034] - The Amazon Unbox Video Service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:13 AM, error: Service Control Manager [7034] - The Belkin WLAN service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:06 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:06 AM, error: Service Control Manager [7034] - The MSCamSvc service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:43:01 AM, error: Service Control Manager [7034] - The F-Secure Management Agent service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:42:57 AM, error: Service Control Manager [7034] - The FSGKHS service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:42:42 AM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    3/15/2011 6:42:42 AM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    3/15/2011 5:21:29 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    3/15/2011 5:05:34 AM, error: PlugPlayManager [11] - The device Root\LEGACY_FSBL\0000 disappeared from the system without first being prepared for removal.
    .
    ==== End Of File ===========================
     
  3. poorskull

    poorskull TS Rookie Topic Starter

    Bear with me as I'm having considerable difficulty posting the last portion. I keep on getting a page that says "The Connection Was Reset" after clicking reply.



    Edit: I'm REALLY sorry about the size of my ever-shrinking replies. Shortening them seems to be the only way the board will take them.
     
  4. poorskull

    poorskull TS Rookie Topic Starter

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by Joe at 11:29:34.26 on Tue 03/15/2011
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.133 [GMT -5:00]
    .
    AV: Charter Security Suite 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: Charter Security Suite 9.01 *Disabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
    C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
    C:\Program Files\Charter Security Suite\Anti-Virus\FSGK32.EXE
    C:\WINDOWS\System32\svchost.exe -k itlsvc
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Microsoft LifeCam\MSCamS32.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Belkin\F7D4101\V1\wlansrv.exe
    C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\sstray.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\vVX1000.exe
    C:\Program Files\Belkin\F7D4101\V1\PBN.exe
    C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Windows NT\Accessories\wordpad.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Charter Security Suite\Common\FSLAUNCH.EXE
    C:\Documents and Settings\Joe\Desktop\dds.scr
    .
     
  5. poorskull

    poorskull TS Rookie Topic Starter

    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.emachines.com/
    uSearch Bar = hxxp://www.google.com/ie
    uInternet Connection Wizard,ShellNext = hxxp://www.emachines.com/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Browsing Protection Class: {c6867eb7-8350-4856-877f-93cf8ae3dc9c} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\drop down deals\YontooIEClient.dll
    BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File
    TB: Browsing Protection Toolbar: {265eee8e-3228-44d3-aea5-f7fdf5860049} - c:\program files\charter security suite\nrs\iescript\baselitmus.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    mRun: [<NO NAME>]
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [nForce Tray Options] sstray.exe /r
    mRun: [CHotkey] zHotkey.exe
    mRun: [VX1000] c:\windows\vVX1000.exe
    mRun: [F-Secure Manager] "c:\program files\charter security suite\common\FSM32.EXE" /splash
     
  6. poorskull

    poorskull TS Rookie Topic Starter

    mRun: [F-Secure TNB] "c:\program files\charter security suite\fsgui\TNBUtil.exe" /CHECKALL /WAITFORSW
    mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\playwi~1.lnk - c:\program files\belkin\f7d4101\v1\PBN.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
    IE: {6224f700-cba3-4071-b251-47cb894244cd} - c:\program files\icq\ICQ.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
     
  7. Broni

    Broni Malware Annihilator Posts: 47,082   +259

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    DDS.txt log is incomplete.
    Please, repost it.
    If you still have some problems with posting it, attach it.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.