ComboFix 10-04-03.02 - Tim Brugnoli 04/06/2010 6:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1547 [GMT -4:00]
Running from: c:\documents and settings\Tim Brugnoli\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tim Brugnoli\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((( Files Created from 2010-03-06 to 2010-04-06 )))))))))))))))))))))))))))))))
.
2010-04-06 10:14 . 2010-02-04 21:13 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\NAVENG.SYS
2010-04-06 10:14 . 2010-02-04 21:13 1324720 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\NAVEX15.SYS
2010-04-06 10:14 . 2009-11-07 02:30 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\NAVENG32.DLL
2010-04-06 10:14 . 2009-11-07 02:30 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\NAVEX32A.DLL
2010-04-06 10:14 . 2009-12-09 23:57 2747440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\CCERASER.DLL
2010-04-06 10:14 . 2009-11-07 02:30 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\EECTRL.SYS
2010-04-06 10:14 . 2009-11-07 02:30 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\ECMSVR32.DLL
2010-04-06 10:14 . 2009-11-07 02:30 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20100405.038\ERASER.SYS
2010-04-05 22:08 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSvix86.sys
2010-04-05 22:08 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\Scxpx86.dll
2010-04-05 22:08 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSxpx86.dll
2010-04-05 22:07 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSXpx86.sys
2010-04-05 22:07 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100402.001\IDSviA64.sys
2010-04-05 21:57 . 2010-04-05 21:57 -------- d-----w- c:\program files\ESET
2010-04-01 05:35 . 2010-04-03 21:26 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-01 00:25 . 2010-04-01 00:25 388096 ----a-r- c:\documents and settings\Tim Brugnoli\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-04-01 00:25 . 2010-04-01 00:25 -------- d-----w- c:\program files\TrendMicro
2010-03-31 21:13 . 2010-03-31 21:13 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-31 01:03 . 2004-08-04 02:59 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-03-31 01:03 . 2004-08-04 02:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-03-31 01:03 . 2004-08-04 03:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-03-27 15:11 . 2010-03-27 15:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-03-26 09:34 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSvix86.sys
2010-03-26 09:34 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys
2010-03-26 09:34 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\Scxpx86.dll
2010-03-26 09:34 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSxpx86.dll
2010-03-26 09:34 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSviA64.sys
2010-03-24 20:38 . 2010-03-24 20:38 536112 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys
2010-03-24 20:38 . 2010-03-24 20:38 201616 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHRules.dll
2010-03-24 20:38 . 2010-03-24 20:38 1407888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHEngine.dll
2010-03-24 20:38 . 2010-03-24 20:38 678960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx64.sys
2010-03-24 20:38 . 2010-03-24 20:38 611216 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\bbRGen.dll
2010-03-23 22:37 . 2010-03-23 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-23 22:37 . 2010-03-23 22:37 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-23 22:36 . 2010-03-24 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-06 02:42 . 2004-08-12 13:36 872064 ----a-w- c:\windows\system32\drivers\iaStor.sys
2010-04-04 16:35 . 2006-02-21 01:29 -------- d-----w- c:\program files\Agent
2010-04-04 14:22 . 2004-08-12 13:24 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2010-04-04 03:33 . 2009-01-02 23:11 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-04-04 03:06 . 2006-02-21 22:31 -------- d-----w- c:\program files\EasyAgent
2010-03-31 21:13 . 2010-03-02 02:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-30 04:46 . 2010-03-02 02:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2010-03-02 02:26 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-02 02:26 . 2010-03-02 02:26 -------- d-----w- c:\documents and settings\Tim Brugnoli\Application Data\Malwarebytes
2010-03-02 02:26 . 2010-03-02 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-25 06:24 . 2004-08-12 13:33 916480 ------w- c:\windows\system32\wininet.dll
2007-08-25 03:52 . 2008-02-11 05:37 300400 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-04-04_18.07.41 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-06 10:38 . 2010-04-06 10:38 16384 c:\windows\Temp\Perflib_Perfdata_6d4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell Photo AIO Printer 942"="c:\program files\Dell Photo AIO Printer 942\dlbubmgr.exe" [2004-08-31 294912]
"DellMCM"="c:\program files\Dell Photo AIO Printer 942\memcard.exe" [2004-07-27 262144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-11-11 4612096]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"P17Helper"="P17.dll" [2004-06-10 60928]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"InCD"=c:\program files\Ahead\InCD\InCD.exe
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"iRiver Updater"=\Updater.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_06\bin\jusched.exe
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"UIUCU"=c:\docume~1\TIMBRU~1\LOCALS~1\Temp\UIUCU.EXE -CLEAN_UP -S
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~1\mimboot.exe
"BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
"<NO NAME>"=
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1105000.07F\symds.sys [1/11/2010 5:07 PM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1105000.07F\symefa.sys [1/11/2010 5:07 PM 172592]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20100324.001\BHDrvx86.sys [3/24/2010 4:38 PM 536112]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1105000.07F\cchpx86.sys [1/11/2010 5:07 PM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1105000.07F\ironx86.sys [1/11/2010 5:07 PM 116272]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe [1/11/2010 5:07 PM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [10/17/2009 10:38 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20100326.001\IDSXpx86.sys [3/26/2010 5:34 AM 329592]
S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [11/20/2009 8:57 PM 627072]
.
Contents of the 'Scheduled Tasks' folder
2009-12-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 16:34]
2010-03-30 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Tim Brugnoli.job
- c:\program files\Norton Internet Security\Engine\17.5.0.127\navw32.exe [2010-01-11 06:08]
2010-01-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 20:07]
2009-05-05 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-05 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.optimum.net/News/Weather?sta ... nton,%20NJuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Tim Brugnoli\Application Data\Mozilla\Firefox\Profiles\ik58xs29.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.optimum.net/News/Weather?sta ... nton,%20NJFF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-04-06 06:55
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x88ACDAC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba7117b4
\Driver\iaStor -> iaStor.sys @ 0xba648b10
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058241c
ParseProcedure -> ntkrnlpa.exe @ 0x8058155c
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.5.0.127\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(724)
c:\windows\system32\WININET.dll
- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\WININET.dll
- - - - - - - > 'explorer.exe'(3004)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-06 06:59:46
ComboFix-quarantined-files.txt 2010-04-06 10:59
ComboFix2.txt 2010-04-06 10:10
ComboFix3.txt 2010-04-04 18:11
Pre-Run: 180,674,846,720 bytes free
Post-Run: 180,633,370,624 bytes free
- - End Of File - - 918B30357A7400B75D31063E18120D18
OTL Extras logfile created on: 4/6/2010 7:02:13 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tim Brugnoli\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 168.25 Gb Free Space | 72.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRUGNOLI
Current User Name: Tim Brugnoli
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Generate MD5 Signatures] -- "C:\Program Files\Michael K. Weise\mkw Audio Compression Toolkit\mkwACT.exe" (Michael K. Weise)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{072D2077-9E22-4F7F-B817-A92CA6CCC843}" = iriver Music Manager
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{20C53FA2-4307-4671-A93F-9463B29DFCF1}" = Symantec Technical Support Web Controls
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8
"{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{F574616C-4C15-49CE-9C98-E998CD80264A}" = BlackBerry Device Software Updater
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"CSCLIB" = Canon Camera Support Core Library
"Dell Photo AIO Printer 942" = Dell Photo AIO Printer 942
"EOS Utility" = Canon Utilities EOS Utility
"ESET Online Scanner" = ESET Online Scanner v3
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"FLAC" = FLAC Installer 1.1.1a (remove only)
"FLVPlayer" = FLV Player 1.3.3
"Forte Agent" = Forté Agent
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"Intel(R) 537EP V9x DF PCI Modem" = Intel(R) 537EP V9x DF PCI Modem
"Linksys Wireless Manager" = Linksys Wireless Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mkwACT" = mkw Audio Compression Toolkit
"mkwMFCRTL" = mkw Runtime Libraries
"MLUpdater" = iRiver Updater
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"Mozilla Thunderbird (2.0.0.23)" = Mozilla Thunderbird (2.0.0.23)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = Nero Digital
"NIS" = Norton Internet Security
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = NeroMIX
"NMPUninstallKey" = Nero Media Player
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoStitch" = Canon Utilities PhotoStitch
"QuickPar" = QuickPar 0.9
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Shutterfly Plugin" = Shutterfly Plugin
"WGA" = Windows Genuine Advantage Validation Tool
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
========== Last 10 Event Log Errors ========== [ Application Events ]
Error - 11/27/2009 9:45:51 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 11/27/2009 10:08:46 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 11/30/2009 4:26:51 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 3/30/2010 10:14:50 PM | Computer Name = BRUGNOLI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module urlmon.dll, version 8.0.6001.18904, fault address 0x0002df76.
Error - 4/3/2010 9:26:23 PM | Computer Name = BRUGNOLI | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.
Error - 4/3/2010 9:31:20 PM | Computer Name = BRUGNOLI | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.
Error - 4/4/2010 11:53:28 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 489
Description = wuauclt (2360) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 4/4/2010 11:53:28 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 455
Description = wuaueng.dll (2360) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 4/4/2010 11:53:39 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 489
Description = wuauclt (2360) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 4/4/2010 11:53:39 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 455
Description = wuaueng.dll (2360) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
[ Application Events ]
Error - 11/27/2009 9:45:51 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 11/27/2009 10:08:46 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 11/30/2009 4:26:51 PM | Computer Name = BRUGNOLI | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.
Error - 3/30/2010 10:14:50 PM | Computer Name = BRUGNOLI | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module urlmon.dll, version 8.0.6001.18904, fault address 0x0002df76.
Error - 4/3/2010 9:26:23 PM | Computer Name = BRUGNOLI | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.
Error - 4/3/2010 9:31:20 PM | Computer Name = BRUGNOLI | Source = Userenv | ID = 1007
Description = Windows cannot determine the associated site for this computer. (The
RPC server is too busy to complete this operation. ). Group Policy processing aborted.
Error - 4/4/2010 11:53:28 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 489
Description = wuauclt (2360) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 4/4/2010 11:53:28 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 455
Description = wuaueng.dll (2360) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
Error - 4/4/2010 11:53:39 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 489
Description = wuauclt (2360) An attempt to open the file "C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 4/4/2010 11:53:39 AM | Computer Name = BRUGNOLI | Source = ESENT | ID = 455
Description = wuaueng.dll (2360) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
occurred while opening logfile C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log.
[ System Events ]
Error - 4/5/2010 8:05:54 PM | Computer Name = BRUGNOLI | Source = SRTSP | ID = 524292
Description = Error loading virus definitions.
Error - 4/5/2010 8:05:54 PM | Computer Name = BRUGNOLI | Source = SRTSP | ID = 524293
Description = Error loading Symantec real time Anti-Virus driver.
Error - 4/5/2010 8:10:04 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).
Error - 4/5/2010 8:10:04 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7034
Description = The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly.
It has done this 1 time(s).
Error - 4/5/2010 8:10:04 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 4/5/2010 8:10:04 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7034
Description = The Pure Networks Platform Service service terminated unexpectedly.
It has done this 1 time(s).
Error - 4/5/2010 8:10:05 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7034
Description = The InCD Helper service terminated unexpectedly. It has done this
1 time(s).
Error - 4/5/2010 10:43:22 PM | Computer Name = BRUGNOLI | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde
Error - 4/5/2010 10:43:29 PM | Computer Name = BRUGNOLI | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.
Error - 4/6/2010 6:22:02 AM | Computer Name = BRUGNOLI | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000243'
while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped
monitoring the volume.
< End of report >
OTL logfile created on: 4/6/2010 7:02:13 AM - Run 1
OTL by OldTimer - Version 3.2.1.0 Folder = C:\Documents and Settings\Tim Brugnoli\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.82 Gb Total Space | 168.25 Gb Free Space | 72.27% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BRUGNOLI
Current User Name: Tim Brugnoli
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan
========== Processes (SafeList) ========== PRC - [2010/04/06 06:32:31 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\OTL.exe
PRC - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccsvchst.exe
PRC - [2009/02/16 05:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/10/24 09:14:36 | 000,206,112 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/06/17 08:56:14 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2004/08/31 10:34:08 | 000,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmon.exe
PRC - [2004/08/31 10:18:44 | 000,294,912 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe
PRC - [2004/07/27 10:08:22 | 000,262,144 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 942\memcard.exe
PRC - [2003/09/17 10:43:36 | 000,057,344 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe
========== Modules (SafeList) ========== MOD - [2010/04/06 06:32:31 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\OTL.exe
MOD - [2009/12/17 02:08:57 | 000,407,408 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\asoehook.dll
MOD - [2009/07/12 04:02:02 | 000,653,120 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcr90.dll
MOD - [2009/07/12 04:02:00 | 000,569,664 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\microsoft.vc90.crt\msvcp90.dll
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- -- (RoxLiveShare9)
SRV - [2009/12/09 05:05:51 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ccSvcHst.exe -- (NIS)
SRV - [2008/12/12 19:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/01/29 17:09:02 | 000,394,704 | ---- | M] (Symantec, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe -- (Symantec RemoteAssist)
SRV - [2006/03/23 17:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2005/09/30 19:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [On_Demand | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/06/17 08:55:58 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
SRV - [2004/07/01 16:45:46 | 000,421,888 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\System32\dlbucoms.exe -- (dlbu_device)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
http://www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL =
http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.optimum.net/News/Weather?sta ... nton,%20NJIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.optimum.net/News/Weather?station=D-KTTN&location=Trenton,%20NJ"
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.5
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/10/16 22:35:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2010/01/13 18:15:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/30 21:12:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/10/17 11:53:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2008/08/27 21:39:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Mozilla\Extensions
[2010/04/03 12:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Mozilla\Firefox\Profiles\ik58xs29.default\extensions
[2009/10/13 06:34:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tim Brugnoli\Application Data\Mozilla\Firefox\Profiles\ik58xs29.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/23 18:17:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/08/24 23:52:00 | 000,300,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Mozilla Firefox\components\coFFPlgn.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll
O1 HOSTS File: ([2009/11/21 07:38:13 | 000,719,797 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1
http://www.007guard.comO1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1
http://www.008k.comO1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1
http://www.00hq.comO1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1
http://www.032439.comO1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1
http://www.0scan.comO1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1
http://www.1000gratisproben.comO1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1
http://www.1001namen.comO1 - Hosts: 127.0.0.1
http://www.100888290cs.comO1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1
http://www.100sexlinks.comO1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1
http://www.10sek.comO1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1
http://www.1-2005-search.comO1 - Hosts: 12234 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\ipsbho.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.5.0.127\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Dell Photo AIO Printer 942] C:\Program Files\Dell Photo AIO Printer 942\dlbubmgr.exe ()
O4 - HKLM..\Run: [DellMCM] C:\Program Files\Dell Photo AIO Printer 942\memcard.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE}
https://www-secure.symantec.com/techsup ... SupCtl.cab (Reg Error: Key error.)
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8}
https://www-secure.symantec.com/techsup ... mAData.cab (ActiveDataInfo Class)
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345}
https://www-secure.symantec.com/techsup ... gctlsi.cab (Symantec SmartIssue)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345}
https://www-secure.symantec.com/techsup ... gctlsr.cab (Symantec Script Runner Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
http://update.microsoft.com/microsoftup ... 1007452875 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C}
https://a248.e.akamai.net/f/248/5462/2h ... mDlBrg.cab (Reg Error: Key error.)
O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525}
http://cdn.digitalcity.com/radio/ampx/a ... _en_dl.cab (IWinAmpActiveX Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009}
http://liveca12.custhelp.com/7530-b327h ... a/RntX.cab (Live Collaboration)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tim Brugnoli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tim Brugnoli\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/20 17:35:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/02/20 12:21:24 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17465059307421696)
========== Files/Folders - Created Within 14 Days ========== [2010/04/06 06:32:31 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\OTL.exe
[2010/04/05 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/04/05 15:37:27 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\TFC.exe
[2010/04/05 06:44:02 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Tim Brugnoli\Desktop\Copy of TDSSKiller.exe
[2010/04/05 06:43:06 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Tim Brugnoli\Desktop\TDSSKiller.exe
[2010/04/04 13:56:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/04/04 13:24:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/04/04 13:24:49 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/04/04 13:24:49 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/04/04 13:24:49 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/04/04 13:24:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/04/04 13:23:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/04/03 23:04:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tim Brugnoli\Desktop\New Folder
[2010/04/03 17:26:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/04/03 17:08:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/04/03 12:58:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/04/01 01:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/31 20:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2010/03/31 19:53:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tim Brugnoli\Recent
[2010/03/30 22:18:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/03/30 21:21:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/30 21:07:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/27 11:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee
[2010/03/23 18:37:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/03/23 18:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/01/23 18:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Mozilla
[2009/12/07 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Help
[2009/12/07 23:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Help
[2009/11/27 13:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/10/26 16:44:11 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
[2008/09/06 09:47:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2007/01/19 23:23:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2007/01/18 21:27:01 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/01/05 11:25:33 | 000,630,784 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Tim Brugnoli\GoToAssist_chat2way__317_en.exe
[2006/08/28 21:53:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006/08/20 23:28:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Talkback
[2006/08/20 23:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla
[2006/02/20 18:00:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
========== Files - Modified Within 14 Days ========== [2010/04/06 06:59:49 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/06 06:55:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/06 06:37:40 | 000,016,052 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/04/06 06:37:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/04/06 06:35:06 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tim Brugnoli\ntuser.ini
[2010/04/06 06:35:05 | 009,961,472 | -H-- | M] () -- C:\Documents and Settings\Tim Brugnoli\NTUSER.DAT
[2010/04/06 06:34:50 | 004,317,300 | -H-- | M] () -- C:\Documents and Settings\Tim Brugnoli\Local Settings\Application Data\IconCache.db
[2010/04/06 06:32:31 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\OTL.exe
[2010/04/05 19:50:27 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\Windows Explorer.lnk
[2010/04/05 15:42:27 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\esetsmartinstaller_enu.exe
[2010/04/05 15:37:28 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tim Brugnoli\Desktop\TFC.exe
[2010/04/05 06:33:29 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\SystemLook.exe
[2010/04/04 13:56:15 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/04/04 13:19:30 | 003,907,280 | R--- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\ComboFix.exe
[2010/04/04 08:13:57 | 000,000,000 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2010/04/03 13:43:29 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\defogger_reenable
[2010/04/03 13:38:16 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\dds.scr
[2010/04/03 13:03:26 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\lmyzwn8q.exe
[2010/04/03 13:02:30 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\Defogger.exe
[2010/04/03 12:31:48 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/31 21:20:05 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\HiJackThis.lnk
[2010/03/30 21:11:19 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/29 20:00:00 | 000,000,758 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Tim Brugnoli.job
[2010/03/25 17:34:54 | 000,000,758 | ---- | M] () -- C:\WINDOWS\dellstat.ini
========== Files Created - No Company Name ========== [2010/04/05 15:38:55 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\esetsmartinstaller_enu.exe
[2010/04/05 06:33:29 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\SystemLook.exe
[2010/04/04 13:56:15 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/04/04 13:56:12 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/04/04 13:24:49 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/04/04 13:24:49 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/04/04 13:24:49 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/04/04 13:24:49 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/04/04 13:24:49 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/04/04 13:19:28 | 003,907,280 | R--- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\ComboFix.exe
[2010/04/03 13:43:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\defogger_reenable
[2010/04/03 13:38:16 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\dds.scr
[2010/04/03 13:03:25 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\lmyzwn8q.exe
[2010/04/03 13:02:30 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\Defogger.exe
[2010/03/31 20:25:16 | 000,002,455 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Desktop\HiJackThis.lnk
[2009/10/26 17:57:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2009/10/26 17:56:43 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2009/10/26 17:56:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/10/26 17:56:42 | 000,060,928 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2009/10/26 17:56:42 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/12/25 10:39:12 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\csdlocalmon.dll
[2008/10/18 18:12:21 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Local Settings\Application Data\rx_image.Cache
[2007/11/28 20:20:37 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2007/10/20 13:32:20 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/29 15:46:38 | 157,801,497 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\__rzi_00.328
[2006/06/04 22:31:05 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/03/23 17:24:52 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006/02/22 20:55:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2006/02/21 21:23:19 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006/02/21 19:36:39 | 000,528,384 | ---- | C] () -- C:\WINDOWS\System32\BladeEnc.dll
[2006/02/21 19:36:39 | 000,120,832 | ---- | C] () -- C:\WINDOWS\System32\ShnDll32.dll
[2006/02/21 18:50:43 | 000,000,149 | ---- | C] () -- C:\Documents and Settings\Tim Brugnoli\default.pls
[2006/02/21 17:16:45 | 000,000,229 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/02/20 20:49:30 | 000,000,758 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006/02/20 20:49:11 | 000,143,360 | R--- | C] () -- C:\WINDOWS\System32\dlbucoin.dll
[2006/02/20 20:49:11 | 000,131,072 | R--- | C] () -- C:\WINDOWS\System32\dlbusnls.dll
[2006/02/20 20:46:36 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbuvs.dll
[2006/02/20 20:46:32 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbucur.dll
[2006/02/20 20:46:32 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbucu.dll
[2006/02/20 20:46:24 | 000,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbujswr.dll
[2006/02/20 20:46:15 | 000,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbuutil.dll
[2006/02/20 19:23:26 | 000,262,144 | ---- | C] () -- C:\Documents and Settings\All Users\ntuser.dat
[2006/02/20 19:23:26 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\All Users\ntuser.dat.LOG
[2006/02/20 18:40:06 | 000,000,072 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/02/20 18:03:23 | 000,001,024 | -H-- | C] () -- C:\Documents and Settings\Tim Brugnoli\ntuser.dat.LOG
[2006/02/20 18:03:23 | 000,000,178 | -HS- | C] () -- C:\Documents and Settings\Tim Brugnoli\ntuser.ini
[2006/02/20 18:03:22 | 009,961,472 | -H-- | C] () -- C:\Documents and Settings\Tim Brugnoli\NTUSER.DAT
========== LOP Check ========== [2009/10/16 22:26:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2009/11/21 19:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/17 11:57:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/18 21:49:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2007/11/23 00:37:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\ImgBurn
[2007/06/18 15:43:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Leadertech
[2008/10/18 23:13:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Musicmatch
[2007/12/15 17:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Netscape
[2009/02/22 21:42:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Opera
[2007/12/22 11:42:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Thunderbird
[2009/11/19 23:38:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tim Brugnoli\Application Data\Tific
[2010/01/18 12:59:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2009/05/05 19:05:26 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe >[2004/03/10 17:16:33 | 000,077,824 | ---- | M] (Moodlogic) -- C:\catgen.exe
[2004/07/01 17:20:20 | 000,212,992 | ---- | M] (Moodlogic) -- C:\Updater.exe
< MD5 for: AGP440.SYS >[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys
< MD5 for: ATAPI.SYS >[2004/08/12 09:29:28 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/12 09:17:27 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\i386\atapi.sys
< MD5 for: EVENTLOG.DLL >[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/12 09:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/12 09:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/12 09:19:04 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
< MD5 for: IASTOR.SYS >[2005/06/17 08:35:20 | 000,504,320 | ---- | M] (Intel Corporation) MD5=384B596BA3A59FFB63C541CC4BF09071 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2005/06/17 08:33:40 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2010/04/05 22:42:29 | 000,872,064 | ---- | M] (Intel Corporation) MD5=9A65E42664D1534B68512CAAD0EFE963 -- C:\WINDOWS\system32\drivers\iaStor.sys
[2004/08/12 09:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys
[2004/08/12 09:36:15 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\iaStor.sys
< MD5 for: NETBT.SYS >[2010/03/31 23:07:54 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\dllcache\netbt.sys
[2010/04/04 10:22:04 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netbt.sys
< MD5 for: NETLOGON.DLL >[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/12 09:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/12 09:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/12 09:24:31 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
< MD5 for: SCECLI.DLL >[2004/08/12 09:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/12 09:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/12 09:27:47 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll
< %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.s > ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >