tbarbertab

Members
  • Content Count

    15
  • Joined

  • Last visited

Community Reputation

0 Neutral

About tbarbertab

  • Rank
    Member

Profile Information

  • Location
    North Carolina
  1. Hi, I have now uninstalled / reinstalled and it is working okay. Thanks. Interestingly, today a very similar piece of malware showed up on my work computer. Having been through this at home, I was able to quickly eliminate it. I did not get the browser redirects or the download problems I had at home though. Thanks
  2. I do have one small problem. Last week, I manually installed the Adaware service and successfully ran Adaware. Today, I was going to run Adaware again, but found that the service was stopped. When manually attempting to start the service, it appears to run for a few seconds then stops. Any ideas? Thanks
  3. Hi, I installed the Recovery Console from my Windows XP install CD. I also uninstalled my CA Security suite. At that point, DDS.com ran fine. I was also able to download files again. Everything seemed to be working fine at that point, so I didn't run Combofix again. I reinstalled CA Security Suite, and things seem normal.
  4. DDS (Ver_10-03-17.01) - NTFSx86 Run by Tracy Barber at 21:29:14.25 on Tue 06/08/2010 Internet Explorer: 6.0.2900.2180 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.289 [GMT -4:00] ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\WINDOWS\System32\CTsvcCDA.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\DSentry.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Documents and Settings\Tracy Barber\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.weather.com/outlook/travel/businesstraveler/local/27455?lswe=27455&lwsa=Weather36HourBusinessTravelerCommand&from=searchbox_localwx uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File TB: Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\windows\downloaded program files\ycomp5_1_1_0.dll TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [DVDSentry] c:\windows\system32\DSentry.exe mRun: [BCMSMMSG] BCMSMMSG.exe mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_01\bin\jusched.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [diagent] "c:\program files\creative\sblive\diagnostics\diagent.exe" startup mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t mPolicies-explorer: <NO NAME> = IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Toolband.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_01\bin\npjpi150_01.dll Trusted Zone: adobe.com\get Trusted Zone: antivirus.com\free Trusted Zone: bobbrinker.com\www Trusted Zone: ca.com\consumerdownloads Trusted Zone: ca.com\shop Trusted Zone: cnet.com\download Trusted Zone: com.com\dw Trusted Zone: cyberdefender.com\download Trusted Zone: doublemyspeed.com\www Trusted Zone: download.com\software-files Trusted Zone: flashmemorytoolkit.com\www Trusted Zone: golfwrx.com\forums Trusted Zone: google.com\dl Trusted Zone: google.com\earth Trusted Zone: intuit.com Trusted Zone: intuit.com\ttlc Trusted Zone: macromedia.com Trusted Zone: microsoft.com Trusted Zone: microsoft.com\www Trusted Zone: paragon-software.com\dl Trusted Zone: paragon-software.com\www.dl Trusted Zone: turbotax.com Trusted Zone: turner.com\i.cdn Trusted Zone: wwwspy-botsd.com DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxp://activation.rr.com/install/download/tgctlcm.cab DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} - hxxp://tdserver.bitstream.com/tdserver.cab DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} - hxxp://download.mcafee.com/molbin/Shared/MGBrwFld.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409 DPF: {32564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv8dmo.cab DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scanner/SysProExe.cab DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120182069906 DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} - hxxp://216.249.24.142/code/PWActiveXImgCtl.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126662025265 DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} - hxxp://cs5b.instantservice.com/jars/customerxsigned33.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {9B1489B1-58D3-11BD-B52D-0000E839A1CB} - hxxp://www.21cd.com/WEBnewszine/WEBnewszine.CAB DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37605.6007986111 DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} - hxxp://tools.ebayimg.com/eps/activex/EPSControl_v1-0-3-0.cab DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/toolbar/yiebio5_1_1_0.cab DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\tracyb~1\applic~1\mozilla\firefox\profiles\tjm7t8bc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/local/27405 FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-1-31 40560] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-31 64288] S3 NUVision;Pinnacle LINX;c:\windows\system32\drivers\nuvision.sys --> c:\windows\system32\drivers\NUVision.sys [?] S4 AAWService;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352320] S4 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-17 135664] S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] =============== Created Last 30 ================ 2066-11-26 19:12:24 79947 -c--a-w- c:\windows\fw20.vxd 2010-06-08 22:09:09 0 d-sh--r- C:\cmdcons 2010-06-08 22:09:06 0 d-----w- c:\windows\setup.pss 2010-06-08 22:08:49 0 d-----w- c:\windows\setupupd 2010-06-08 00:21:49 98816 ----a-w- c:\windows\sed.exe 2010-06-08 00:21:49 77312 ----a-w- c:\windows\MBR.exe 2010-06-08 00:21:49 256512 ----a-w- c:\windows\PEV.exe 2010-06-08 00:21:49 161792 ----a-w- c:\windows\SWREG.exe 2010-06-07 02:59:49 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-06-07 02:35:13 2 --shatr- c:\windows\winstart.bat 2010-06-07 02:34:32 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-06-03 05:39:37 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-01 01:20:05 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-01 01:13:26 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-31 20:05:03 0 d-----w- c:\docume~1\tracyb~1\applic~1\Malwarebytes 2010-05-31 19:42:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 19:42:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 19:42:15 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-05-31 19:42:14 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 18:35:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-31 11:38:42 0 d-----w- C:\Downloads 2010-05-30 21:40:46 6153376 ----a-w- c:\temp\mbam-setup.exe 2010-05-30 19:49:42 0 d-----w- C:\RootkitBuster 2010-05-30 16:21:37 0 d-----w- C:\spy 2010-05-30 00:50:12 11 ----a-w- C:\AuResult.ini ==================== Find3M ==================== 2010-05-21 18:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2003-01-16 00:44:02 1231153 -c--a-w- c:\program files\QUICKENW.QIF ============= FINISH: 21:30:44.09 ===============
  5. 1) Had to run CombFix in safe mode. 2) It still thought that CA Anti-virus was running (How can this be?) 3) After the scan, DDS.com still won't run. 4) Tried to install the Windows Recovery Console from my Windows XP setup disk. Would not run. 5) Good news, the browser redirects seem to be gone. 6) Still can't download files in the browser. ***** ComboFix 10-06-03.01 - Tracy Barber 06/07/2010 20:33:04.1.1 - x86 MINIMAL Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.511.375 [GMT -4:00] Running from: c:\documents and settings\Tracy Barber\Desktop\Tracy.exe AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Start Menu\Programs\CyberDefender c:\documents and settings\All Users\Start Menu\Programs\CyberDefender\Registry Cleaner\CyberDefender Registry Cleaner.lnk c:\documents and settings\All Users\Start Menu\Programs\CyberDefender\Registry Cleaner\Uninstall CyberDefender Registry Cleaner.lnk c:\documents and settings\Tracy Barber\Application Data\CyberDefender c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\lastresults.cdr c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1251667481.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1251670094.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1251718023.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1252180029.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1252186328.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1252186883.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1252582828.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1257166845.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1259794699.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1263741762.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1269514185.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1269515236.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1269516942.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1271936545.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1275165097.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1275237896.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\Regclean\1275879006.reg c:\documents and settings\Tracy Barber\Application Data\CyberDefender\Registry Cleaner\SystemRestore.dat c:\program files\CyberDefender c:\program files\CyberDefender\Registry Cleaner\BeforeUninstall.exe c:\program files\CyberDefender\Registry Cleaner\CDRC.dll c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe c:\program files\CyberDefender\Registry Cleaner\InstallTask.exe c:\program files\CyberDefender\Registry Cleaner\startcdrc.exe c:\program files\CyberDefender\Registry Cleaner\toolbar_v2cdsite.exe c:\program files\CyberDefender\Registry Cleaner\unins000.dat c:\program files\CyberDefender\Registry Cleaner\unins000.exe c:\program files\CyberDefender\Registry Cleaner\unins000.msg c:\windows\a3kebook.ini c:\windows\akebook.ini c:\windows\ANS2000.INI c:\windows\patch.exe c:\windows\system32\5p6lmnr6.dat c:\windows\system32\Data c:\windows\system32\lfd32.ini c:\windows\system32\winsusrm.dll Infected copy of c:\windows\system32\drivers\agp440.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 ))))))))))))))))))))))))))))))) . 2010-06-07 02:59 . 2010-06-07 02:59 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-06-07 02:35 . 2010-06-07 02:35 2 --shatr- c:\windows\winstart.bat 2010-06-07 02:34 . 2010-05-21 16:16 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-06-03 05:39 . 2010-06-01 01:19 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-06-01 01:20 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-01 01:13 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe 2010-06-01 01:13 . 2010-06-01 01:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} 2010-05-31 20:05 . 2010-05-31 20:05 -------- d-----w- c:\documents and settings\Tracy Barber\Application Data\Malwarebytes 2010-05-31 19:42 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-31 19:42 . 2010-05-31 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-05-31 19:42 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-31 19:42 . 2010-05-31 19:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-05-31 18:35 . 2010-05-31 18:35 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-05-31 11:38 . 2010-06-03 01:50 -------- d-----w- C:\Downloads 2010-05-30 22:33 . 2010-05-30 23:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-05-30 21:40 . 2010-05-30 01:25 6153376 ----a-w- c:\temp\mbam-setup.exe 2010-05-30 19:49 . 2010-05-30 19:52 -------- d-----w- C:\RootkitBuster 2010-05-30 16:21 . 2010-06-07 02:38 -------- d-----w- C:\spy . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-05 01:11 . 2002-12-14 04:07 -------- d-----w- c:\program files\QUICKENW 2010-06-04 02:02 . 2008-11-15 15:46 746216 ----a-w- c:\windows\system32\drivers\vetefile.sys 2010-06-04 02:02 . 2008-11-15 15:46 130280 ----a-w- c:\windows\system32\drivers\veteboot.sys 2010-06-01 01:13 . 2005-01-16 16:53 -------- d-----w- c:\program files\Lavasoft 2010-06-01 01:11 . 2008-03-09 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-05-31 18:39 . 2008-12-29 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-05-30 01:12 . 2008-11-15 17:27 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-05-28 15:57 . 2008-11-15 15:46 111952 ----a-w- c:\windows\system32\isafprod.dll 2010-05-12 15:21 . 2009-10-03 00:23 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-01 17:46 . 2010-05-01 17:43 -------- d-----w- c:\program files\iTunes 2010-05-01 17:46 . 2010-05-01 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} 2010-05-01 17:44 . 2010-05-01 17:44 -------- d-----w- c:\program files\iPod 2010-05-01 17:44 . 2008-05-30 23:22 -------- d-----w- c:\program files\Common Files\Apple 2010-05-01 17:27 . 2002-12-25 14:50 -------- d-----w- c:\program files\QuickTime 2010-05-01 17:17 . 2010-05-01 17:17 -------- d-----w- c:\program files\Bonjour 2010-05-01 17:07 . 2010-05-01 17:07 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-10 18:45 . 2010-03-10 18:45 6 ----a-w- c:\windows\Fonts\wfonts.key 2010-03-10 08:02 . 2002-08-29 11:00 417792 ----a-w- c:\windows\system32\vbscript.dll 2003-01-16 00:44 . 2003-01-16 00:43 1231153 -c--a-w- c:\program files\QUICKENW.QIF . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560] "nwiz"="nwiz.exe" [2003-10-06 741376] "DVDSentry"="c:\windows\System32\DSentry.exe" [2002-08-15 28672] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2002-04-10 22:44 679936 ----a-w- c:\program files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2009-09-04 16:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-04-13 06:29 47392 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfasem] 2009-08-11 22:20 636144 ----a-w- c:\program files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\capfupgrade] 2009-08-11 22:20 337136 ----a-w- c:\program files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAPPActiveProtection] 2010-05-27 19:10 333136 ----a-w- c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAVRID] 2010-05-28 15:57 271696 ----a-w- c:\program files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cctray] 2010-05-28 15:57 374096 ----a-w- c:\program files\CA\eTrust Internet Security Suite\casc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent] 2002-04-03 06:01 135264 ----a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-04-28 19:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4] 2006-03-21 18:19 69632 ----a-w- c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-05 20:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2003-09-30 05:14 155648 ------w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2004-12-07 02:31 36975 ----a-w- c:\program files\Java\jre1.5.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WinDefend"=2 (0x2) "AAWService"=2 (0x2) "iPod Service"=3 (0x3) "IntuitUpdateService"=2 (0x2) "Creative Service for CDROM Access"=2 (0x2) "CaCCProvSP"=3 (0x3) "C-DillaCdaC11BA"=2 (0x2) "Apple Mobile Device"=2 (0x2) "gusvc"=3 (0x3) "gupdate"=2 (0x2) "VETMSGNT"=2 (0x2) "ccSchedulerSVC"=2 (0x2) "CAISafe"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R0 hotcore3;hc3ServiceName;c:\windows\SYSTEM32\DRIVERS\hotcore3.sys [1/31/2010 10:42 AM 40560] R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [5/31/2010 9:20 PM 64288] S0 KmxStart;KmxStart;c:\windows\SYSTEM32\DRIVERS\KmxStart.sys [6/25/2009 2:10 PM 108024] S1 KmxAgent;KmxAgent;c:\windows\SYSTEM32\DRIVERS\KmxAgent.sys [6/25/2009 2:10 PM 73720] S1 KmxFile;KmxFile;c:\windows\SYSTEM32\DRIVERS\KmxFile.sys [6/25/2009 2:10 PM 55288] S1 KmxFw;KmxFw;c:\windows\SYSTEM32\DRIVERS\KmxFw.sys [6/25/2009 2:10 PM 115704] S2 KmxCF;KmxCF;c:\windows\SYSTEM32\DRIVERS\KmxCF.sys [6/25/2009 2:10 PM 145912] S2 KmxSbx;KmxSbx;c:\windows\SYSTEM32\DRIVERS\KmxSbx.sys [7/30/2008 2:38 PM 58872] S2 UmxAgent;HIPS Event Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxAgent.exe [6/25/2009 2:10 PM 875000] S2 UmxCfg;HIPS Configuration Interpreter;c:\program files\CA\SharedComponents\HIPSEngine\UmxCfg.exe [6/25/2009 2:10 PM 760664] S2 UmxPol;HIPS Policy Manager;c:\program files\CA\SharedComponents\HIPSEngine\UmxPol.exe [6/25/2009 2:10 PM 207352] S3 KmxCfg;KmxCfg;c:\windows\SYSTEM32\DRIVERS\KmxCfg.sys [6/25/2009 2:10 PM 205304] S3 NUVision;Pinnacle LINX;c:\windows\system32\DRIVERS\NUVision.sys --> c:\windows\system32\DRIVERS\NUVision.sys [?] S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe [11/15/2008 11:49 AM 222544] S4 ccSchedulerSVC;CA Common Scheduler Service;c:\program files\CA\eTrust Internet Security Suite\ccschedulersvc.exe [11/15/2008 11:45 AM 128240] S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/17/2010 10:25 AM 135664] S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\AD-Aware\Ad-AwareAdmin.exe [2010-02-04 02:25] 2010-06-05 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] 2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 14:25] 2010-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-17 14:25] 2010-06-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.weather.com/outlook/travel/businesstraveler/local/27455?lswe=27455&lwsa=Weather36HourBusinessTravelerCommand&from=searchbox_localwx uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie mSearch Bar = hxxp://www.google.com/ie uInternet Connection Wizard,ShellNext = hxxp://www.dellnet.com/ uInternet Settings,ProxyOverride = <local> uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html LSP: c:\windows\system32\VetRedir.dll Trusted Zone: adobe.com\get Trusted Zone: antivirus.com\free Trusted Zone: bobbrinker.com\www Trusted Zone: ca.com\consumerdownloads Trusted Zone: ca.com\shop Trusted Zone: cnet.com\download Trusted Zone: com.com\dw Trusted Zone: cyberdefender.com\download Trusted Zone: doublemyspeed.com\www Trusted Zone: download.com\software-files Trusted Zone: flashmemorytoolkit.com\www Trusted Zone: golfwrx.com\forums Trusted Zone: google.com\dl Trusted Zone: google.com\earth Trusted Zone: intuit.com Trusted Zone: intuit.com\ttlc Trusted Zone: macromedia.com Trusted Zone: microsoft.com Trusted Zone: microsoft.com\www Trusted Zone: paragon-software.com\dl Trusted Zone: paragon-software.com\www.dl Trusted Zone: turbotax.com Trusted Zone: turner.com\i.cdn Trusted Zone: wwwspy-botsd.com DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {9B1489B1-58D3-11BD-B52D-0000E839A1CB} - hxxp://www.21cd.com/WEBnewszine/WEBnewszine.CAB DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} FF - ProfilePath - c:\documents and settings\Tracy Barber\Application Data\Mozilla\Firefox\Profiles\tjm7t8bc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/local/27405 FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file) SafeBoot-Lavasoft Ad-Aware Service MSConfigStartUp-CyberDefender Registry Cleaner - c:\program files\CyberDefender\Registry Cleaner\CDregclean.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-06-07 20:46 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(252) c:\windows\system32\l3codeca.acm c:\windows\system32\ctmp3.acm . Completion time: 2010-06-07 20:52:11 ComboFix-quarantined-files.txt 2010-06-08 00:51 Pre-Run: 12,432,760,832 bytes free Post-Run: 12,442,222,592 bytes free - - End Of File - - 648159FFDDCC15ED2C9DD2C3236E6BB8
  6. Combofix thinks that my CA Antivirus scanner is running, even though I disabled it. I tried simply disabling CA altogether using msconfig, disabling all CA entries in Startup and Services. With this done, Combofix would not run. It would open the initial Combofix loading box, then terminate. Not sure how to proceed...
  7. Still could not get DDS.scr or DDS.com to run. Runs fine on my work computer. Strange...
  8. OTL logfile created on: 6/3/2010 6:18:55 PM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\spy Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 24.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 8.29 Gb Free Space | 14.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TRACY Current User Name: Tracy Barber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Processes (SafeList) ==========[/color] PRC - C:\spy\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\CA\eTrust Internet Security Suite\casc.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\cavrid.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.) PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.) PRC - C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe (CA, Inc.) PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA) PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA) PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA) PRC - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA) PRC - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe (Computer Associates International, Inc.) PRC - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) PRC - C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio) [color="#E56717"]========== Modules (SafeList) ==========[/color] MOD - C:\spy\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.) MOD - C:\WINDOWS\SYSTEM32\msscript.ocx (Microsoft Corporation) [color="#E56717"]========== Win32 Services (SafeList) ==========[/color] SRV - (AAWService) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (VETMSGNT) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\vetmsg.exe (CA, Inc.) SRV - (PPCtlPriv) -- C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe (CA, Inc.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (CaCCProvSP) -- C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe (CA, Inc.) SRV - (ccSchedulerSVC) -- C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe (Computer Associates International, Inc.) SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.) SRV - (UmxAgent) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe (CA) SRV - (UmxCfg) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe (CA) SRV - (UmxPol) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe (CA) SRV - (UmxFwHlp) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe (CA) SRV - (CAISafe) -- C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe (Computer Associates International, Inc.) SRV - (ITMRTSVC) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe (CA, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV - (C-DillaCdaC11BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE (Macrovision) SRV - (NMSSvc) Intel® -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe (Intel Corporation) [color="#E56717"]========== Driver Services (SafeList) ==========[/color] DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (Uim_IM) -- C:\WINDOWS\SYSTEM32\DRIVERS\Uim_IM.sys (Paragon) DRV - (UimBus) -- C:\WINDOWS\SYSTEM32\DRIVERS\UimBus.sys (Windows ® 2000 DDK provider) DRV - (hotcore3) -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys (Paragon Software Group) DRV - (KmxCF) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxCF.sys (CA) DRV - (KmxFw) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxFw.sys (CA) DRV - (KmxFile) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxFile.sys (CA) DRV - (KmxCfg) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxCfg.sys (CA) DRV - (KmxStart) -- C:\WINDOWS\System32\DRIVERS\kmxstart.sys (CA) DRV - (KmxAgent) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxAgent.sys (CA) DRV - (KmxSbx) -- C:\WINDOWS\SYSTEM32\DRIVERS\KmxSbx.sys (CA) DRV - (Cdralw2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdr4_xp.sys (Sonic Solutions) DRV - (VETMONNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VetMonNT.1 (Computer Associates International, Inc.) DRV - (VETEFILE) -- C:\WINDOWS\SYSTEM32\DRIVERS\VetEFile.1 (Computer Associates International, Inc.) DRV - (VETEBOOT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VetEBoot.1 (Computer Associates International, Inc.) DRV - (VET-FILT) -- C:\WINDOWS\SYSTEM32\DRIVERS\Vet-Filt.1 (Computer Associates International, Inc.) DRV - (VETFDDNT) -- C:\WINDOWS\SYSTEM32\DRIVERS\VetFDDNT.1 (Computer Associates International, Inc.) DRV - (VET-REC) -- C:\WINDOWS\SYSTEM32\DRIVERS\Vet-Rec.1 (Computer Associates International, Inc.) DRV - (gameenum) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys (Microsoft Corporation) DRV - (61883) -- C:\WINDOWS\SYSTEM32\DRIVERS\61883.sys (Microsoft Corporation) DRV - (Avc) -- C:\WINDOWS\SYSTEM32\DRIVERS\avc.sys (Microsoft Corporation) DRV - (MSDV) -- C:\WINDOWS\SYSTEM32\DRIVERS\msdv.sys (Microsoft Corporation) DRV - (amdagp) -- C:\WINDOWS\System32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (iAimFP4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys (Intel® Corporation) DRV - (iAimFP3) -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys (Intel® Corporation) DRV - (iAimTV4) -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys (Intel® Corporation) DRV - (iAimTV3) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys (Intel® Corporation) DRV - (iAimTV1) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys (Intel® Corporation) DRV - (iAimTV0) -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys (Intel® Corporation) DRV - (iAimFP0) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys (Intel® Corporation) DRV - (iAimFP1) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys (Intel® Corporation) DRV - (iAimFP2) -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys (Intel® Corporation) DRV - (i81x) -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys (Intel® Corporation) DRV - (nv) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation) DRV - (BCMModem) -- C:\WINDOWS\SYSTEM32\DRIVERS\BCMSM.sys (Broadcom Corporation) DRV - (CdaC15BA) -- C:\WINDOWS\SYSTEM32\DRIVERS\CdaC15BA.SYS () DRV - (P16X) Creative SB Live! Series (WDM) -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys (Creative Technology Ltd.) DRV - (omci) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation) DRV - (NMSCFG) -- C:\WINDOWS\SYSTEM32\DRIVERS\NMSCFG.SYS (Intel Corporation) DRV - (dvd_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Dvd_2k.sys (Roxio) DRV - (mmc_2K) -- C:\WINDOWS\SYSTEM32\DRIVERS\Mmc_2k.sys (Roxio) DRV - (pwd_2k) -- C:\WINDOWS\SYSTEM32\DRIVERS\pwd_2K.sys (Roxio) DRV - (cdudf_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.sys (Roxio) DRV - (UdfReadr_xp) -- C:\WINDOWS\SYSTEM32\DRIVERS\udfreadr_xp.sys (Roxio) DRV - (NUVision) -- C:\WINDOWS\SYSTEM32\NUVision.ax (Zoran Ltd.) DRV - (Sparrow) -- C:\WINDOWS\System32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\System32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\System32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\System32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\System32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (MODEMCSA) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation) DRV - (ultra) -- C:\WINDOWS\System32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\System32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\System32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\System32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\System32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\System32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\System32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\System32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\System32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\System32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (EL90XBC) -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS (3Com Corporation) DRV - (PfModNT) -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS (Creative Technology Ltd.) [color="#E56717"]========== Standard Registry (SafeList) ==========[/color] [color="#E56717"]========== Internet Explorer ==========[/color] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dellnet.com"]http://www.dellnet.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://www.google.com"]http://www.google.com[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"]http://www.google.com/search?q={searchTerm...tf8&oe=utf8[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.weather.com/outlook/travel/businesstraveler/local/27455?lswe=27455&lwsa=Weather36HourBusinessTravelerCommand&from=searchbox_localwx"]http://www.weather.com/outlook/travel/busi...archbox_localwx[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [url="http://www.google.com/ie"]http://www.google.com/ie[/url] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> [color="#E56717"]========== FireFox ==========[/color] FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/local/27405" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/05/31 19:55:56 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/31 19:55:56 | 000,000,000 | ---D | M] [2008/08/31 14:14:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tracy Barber\Application Data\Mozilla\Extensions [2010/06/02 19:00:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tracy Barber\Application Data\Mozilla\Firefox\Profiles\tjm7t8bc.default\extensions [2010/04/27 21:05:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tracy Barber\Application Data\Mozilla\Firefox\Profiles\tjm7t8bc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2008/08/31 14:14:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2005/12/05 22:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll [2009/01/25 10:40:03 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll O1 HOSTS File: ([2009/05/11 20:11:11 | 000,305,759 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 123haustiereundmehr.com O1 - Hosts: 10529 more lines... O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll () O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe (CA, Inc.) O4 - HKLM..\Run: [capfupgrade] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfupgrade.exe (CA, Inc.) O4 - HKLM..\Run: [CAPPActiveProtection] C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe (CA, Inc.) O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe (CA, Inc.) O4 - HKLM..\Run: [cctray] C:\Program Files\CA\eTrust Internet Security Suite\casc.exe (CA, Inc.) O4 - HKLM..\Run: [CyberDefender Registry Cleaner] File not found O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd) O4 - HKLM..\Run: [DVDSentry] C:\WINDOWS\SYSTEM32\DSentry.exe (Dell - Advanced Desktop Engineering) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe (Sun Microsystems, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = _ [binary data] O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\NPJPI150_01.dll (Sun Microsystems, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries0000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries0000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries0000000002 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries0000000003 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O10 - Protocol_Catalog9\Catalog_Entries0000000023 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.) O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: adobe.com ([get] http in Trusted sites) O15 - HKCU\..Trusted Domains: antivirus.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: bobbrinker.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: ca.com ([consumerdownloads] http in Trusted sites) O15 - HKCU\..Trusted Domains: ca.com ([shop] http in Trusted sites) O15 - HKCU\..Trusted Domains: cnet.com ([download] http in Trusted sites) O15 - HKCU\..Trusted Domains: com.com ([dw] http in Trusted sites) O15 - HKCU\..Trusted Domains: cyberdefender.com ([download] http in Trusted sites) O15 - HKCU\..Trusted Domains: doublemyspeed.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: download.com ([software-files] * in Trusted sites) O15 - HKCU\..Trusted Domains: flashmemorytoolkit.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: golfwrx.com ([forums] http in Trusted sites) O15 - HKCU\..Trusted Domains: google.com ([dl] http in Trusted sites) O15 - HKCU\..Trusted Domains: google.com ([earth] http in Trusted sites) O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKCU\..Trusted Domains: macromedia.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([www] http in Trusted sites) O15 - HKCU\..Trusted Domains: paragon-software.com ([dl] http in Trusted sites) O15 - HKCU\..Trusted Domains: paragon-software.com ([www.dl] * in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: turner.com ([i.cdn] http in Trusted sites) O15 - HKCU\..Trusted Domains: wwwspy-botsd.com ([]http in Trusted sites) O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [url="http://activation.rr.com/install/download/tgctlcm.cab"]http://activation.rr.com/install/download/tgctlcm.cab[/url] (Support.com Configuration Class) O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} [url="http://support.dell.com/systemprofiler/SysPro.CAB"]http://support.dell.com/systemprofiler/SysPro.CAB[/url] (SysProWmi Class) O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} [url="http://tdserver.bitstream.com/tdserver.cab"]http://tdserver.bitstream.com/tdserver.cab[/url] (TDServer Control) O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} [url="http://download.mcafee.com/molbin/Shared/MGBrwFld.cab"]http://download.mcafee.com/molbin/Shared/MGBrwFld.cab[/url] (BrowseFolderPopup Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http
  9. OTL Extras logfile created on: 6/3/2010 6:18:55 PM - Run 1 OTL by OldTimer - Version 3.2.5.3 Folder = C:\spy Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 511.00 Mb Total Physical Memory | 124.00 Mb Available Physical Memory | 24.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 49.00% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 55.84 Gb Total Space | 8.29 Gb Free Space | 14.84% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: TRACY Current User Name: Tracy Barber Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal [color="#E56717"]========== Extra Registry (SafeList) ==========[/color] [color="#E56717"]========== File Associations ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color="#E56717"]========== Shell Spawning ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color="#E56717"]========== Security Center Settings ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\CA Personal Firewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [color="#E56717"]========== Authorized Applications List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe" = C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe:*:Disabled:TrueVector Service -- File not found "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation) "C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found "C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe Deduction Maximizer 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) [color="#E56717"]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{01001202-823E-46CD-A70E-BEE818F97169}" = Microsoft Encarta Encyclopedia Standard 2002 "{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II "{052A55B1-0182-4551-93CD-2D078A120CAB}" = TurboTax 2008 wnciper "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP160" = Canon MP160 "{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center "{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2681A52E-FCFA-4982-A030-7B652BDD346C}" = CA Personal Firewall "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0 "{3248F0A8-6813-11D6-A77B-00B0D0150010}" = J2SE Runtime Environment 5.0 Update 1 "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset "{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine "{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport "{3A90BE50-EAA2-012B-AE2D-000000000000}" = TurboTax 2009 wnciper "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008 "{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Dell Modem-On-Hold "{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support "{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic "{60fa7bf1-3044-4718-9857-21eb48df6789}" = Microsoft Visual C++ 2005 Redistributable "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6DE18AB5-540B-4981-87D5-6CF7E923D983}_is1" = CyberDefender Registry Cleaner "{70B4227A-CA3A-4516-9E93-D419ECEE2834}" = EZ Movie & Photo Burner "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com "{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper "{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation) "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour "{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AE}" = URGE "{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002 "{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live! "{98DF85D9-96C0-4F57-A92E-C3539477EF5E}" = DVDSentry "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime "{9E9CAC61-DB2E-11DE-BE15-005056C00008}" = Paragon Backup and Recoveryâ„¢ 10 Compact Edition "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A1B7B9B3-E1D2-41CA-9B4A-F18DC2710704}" = Microsoft Works 6.0 "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2 "{AEAD18F3-6481-4ef4-96B5-A24D5ADAC30D}" = CA Anti-Spyware "{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper "{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English) "{BA165460-FCF7-4D6C-A7A2-F2321700720F}" = MobileMe Control Panel "{BB46245B-CECA-406F-8790-3ABA0D01012F}" = Roxio VideoWave Movie Creator "{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C3A439E4-7303-491F-A678-CEA36A87D517}" = Microsoft Works Suite Add-in for Microsoft Word "{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe "{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 "{DC19E750-988B-4005-A355-85EF66055EFE}" = Works Suite OS Pack "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools "{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect "{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp "{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP "{F05A5232-CE5E-4274-AB27-44EB8105898D}" = CA Pest Patrol Realtime Protection "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "ArcSoft Camera Suite" = ArcSoft Camera Suite "BCM V.92 56K Modem" = BCM V.92 56K Modem "Bonus Swings" = Bonus Swings "Cameron Doan CD" = Cameron Doan CD "Canon Digital Camera USB WIA Driver" = Canon Digital Camera USB WIA Driver "Canon MP160 User Registration" = Canon MP160 User Registration "Canon PhotoStitch 3.1" = Canon Utilities PhotoStitch 3.1 "Canon Utilities RAW Image Converter" = Canon Utilities RAW Image Converter "CanonMyPrinter" = Canon My Printer "CdaC13Ba" = SafeCast Shared Components "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "cSwing" = cSwing "cSwing Library" = cSwing Library "Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver "DemoApp" = FE Convert Drop "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "eTrust Suite Personal" = CA Internet Security Suite "HijackThis" = HijackThis 2.0.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705 "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MP Navigator 3.0" = Canon MP Navigator 3.0 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "NVIDIA" = NVIDIA Windows 2000/XP Display Drivers "NVIDIA Display Driver" = NVIDIA Display Driver "PhotoRecord" = Canon PhotoRecord "Picasa 3" = Picasa 3 "PPTView97" = Microsoft PowerPoint Viewer 97 "PROSet" = Intel® PRO Ethernet Adapter and Software "Quicken WillMaker Plus 2008" = Quicken WillMaker Plus 2008 "QuicktimeAlt_is1" = QuickTime Alternative 1.76 "RemoteCapture" = Canon Utilities RemoteCapture 2.2 "Shockwave" = Shockwave "Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4 "TurboTax 2008" = TurboTax 2008 "TurboTax 2009" = TurboTax 2009 "TurboTax Deluxe 2007" = TurboTax Deluxe 2007 "VETWIN32Vp5" = CA Anti-Virus "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0.0 (Pre-Release 5348) "Yahoo! Companion" = Yahoo! Companion "ZoomBrowserEXDeInstall" = Canon Utilities ZoomBrowser EX [color="#E56717"]========== Last 10 Event Log Errors ==========[/color] [ Application Events ] Error - 5/31/2010 7:52:26 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:01:07 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000 Description = Error - 5/31/2010 9:14:24 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:20:21 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:28:39 PM | Computer Name = TRACY | Source = UmxAgent | ID = 99 Description = Sync event client C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe registration timeout Error - 5/31/2010 9:36:26 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:37:06 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/2/2010 10:19:56 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/2/2010 10:20:42 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/3/2010 5:58:08 PM | Computer Name = TRACY | Source = UmxAgent | ID = 99 Description = Sync event client C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe registration timeout [ Application Events ] Error - 5/31/2010 7:52:26 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:01:07 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000 Description = Error - 5/31/2010 9:14:24 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:20:21 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:28:39 PM | Computer Name = TRACY | Source = UmxAgent | ID = 99 Description = Sync event client C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe registration timeout Error - 5/31/2010 9:36:26 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 5/31/2010 9:37:06 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/2/2010 10:19:56 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/2/2010 10:20:42 PM | Computer Name = TRACY | Source = Lavasoft Ad-Aware Service | ID = 0 Description = Error - 6/3/2010 5:58:08 PM | Computer Name = TRACY | Source = UmxAgent | ID = 99 Description = Sync event client C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe registration timeout [ System Events ] Error - 5/31/2010 9:26:00 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 5/31/2010 9:26:00 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 5/31/2010 9:26:26 PM | Computer Name = TRACY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1058 Error - 6/2/2010 6:30:29 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 6/2/2010 6:30:29 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/2/2010 6:31:39 PM | Computer Name = TRACY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1058 Error - 6/2/2010 6:36:17 PM | Computer Name = TRACY | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 6/3/2010 5:51:57 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 6/3/2010 5:51:57 PM | Computer Name = TRACY | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 6/3/2010 5:52:24 PM | Computer Name = TRACY | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1058 < End of report >
  10. Ran DDS but it didn't create any *.txt files...Still working on it. GMER 1.0.15.15281 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2010-06-02 19:20:13 Windows 5.1.2600 Service Pack 2 Running: ri0zejxs.exe; Driver: C:\DOCUME~1\TRACYB~1\LOCALS~1\Temp\fxtdipog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateKey [0xB6BDAB35] SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwCreateSymbolicLinkObject [0xB6BDB856] SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwMakeTemporaryObject [0xB6BDBBA7] SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenKey [0xB6BDAA99] SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwOpenSection [0xB6BDB57B] SSDT \SystemRoot\System32\DRIVERS\kmxagent.sys (HIPS Agent Driver/CA) ZwSetInformationProcess [0xF04391DC] SSDT \SystemRoot\System32\DRIVERS\KmxSbx.sys (HIPS Registry, Spawning and Devices Guard driver/CA) ZwSetSystemInformation [0xB6BDB983] SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8706BFE] ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6B45340, 0x121A5F, 0xF8000020] .text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF9D6380, 0x25BA81, 0xF8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\svchost.exe[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 007B000A .text C:\WINDOWS\System32\svchost.exe[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007C000A .text C:\WINDOWS\System32\svchost.exe[436] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 007A000C .text C:\WINDOWS\System32\svchost.exe[436] USER32.dll!GetCursorPos 7E41BD76 5 Bytes JMP 02E1000A .text C:\WINDOWS\System32\svchost.exe[436] ole32.dll!CoCreateInstance 774FFAC3 5 Bytes JMP 00B3000A .text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B1000A .text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B7000A .text C:\WINDOWS\Explorer.EXE[784] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B0000C .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FB000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FC000A .text C:\Program Files\Mozilla Firefox\firefox.exe[4080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00FA000C ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F84E5FE0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMCoSendComplete] [F84E6450] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\nic1394.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCoSendComplete] [F84E6450] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\rasl2tp.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F84E5FE0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisClOpenAddressFamily] [F84E5EA0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCoSendComplete] [F84E6450] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F84E5FE0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspptp.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\TDI.SYS[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMAssociateMiniport] [F84E8210] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisIMRegisterLayeredMiniport] [F84E89E0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisClOpenAddressFamily] [F84E5EA0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisInitializeWrapper] [F84E7EB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCoSendComplete] [F84E6450] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMSetAttributesEx] [F84E82F0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMCmRegisterAddressFamily] [F84E5FE0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisMRegisterMiniport] [F84E8920] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\raspti.sys[NDIS.SYS!NdisTerminateWrapper] [F84E8500] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCmRegisterAddressFamily] [F84E5F40] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisClOpenAddressFamily] [F84E5EA0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisReturnPackets] [F84E6F30] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F84E7DB0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F84E7830] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [F84E5EA0] kmxstart.sys (HIPS Core Driver/CA) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F84E7F60] kmxstart.sys (HIPS Core Driver/CA) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [100104E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [1000FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [10010300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [1000FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [1000FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [100106B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [1000F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Outlook Express\msimn.exe[468] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [1000FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [012A04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [012A04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [012A0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0129FC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [012A0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [0129FFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [0129FA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [012A06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [0129FE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\WINDOWS\Explorer.EXE[784] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [0129F890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [00FE04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [00FE0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [00FDFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [00FE04E0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [00FDFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [00FDFC10] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [00FE0300] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [00FDFFA0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [00FDFA00] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [00FE06B0] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [00FDF890] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) IAT C:\Program Files\Mozilla Firefox\firefox.exe[4080] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [00FDFE20] C:\Program Files\CA\SharedComponents\PPRT\bin\CACheck.dll (API interceptors/CA, Inc.) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.) Device \Driver\Tcpip \Device\Ip kmxfw.sys (HIPS Firewall Driver/CA) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat VET-REC.SYS (CA Antivirus File Protection Driver/Computer Associates International, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\172A967CC1E79F843B13746400DDC460\[email protected]_Install 1019171709 ---- EOF - GMER 1.0.15 ----
  11. My system caught the [b]Antispyware Soft[/b] malware program. I was able to remove most of it, but I was left with two problems : 1) Browser redirects (IE and Firefox). These occur when doing web searches then clicking a link. 2) Can't download *.exe files in either browser. Can't find any security setting that would disable downloads. I've scanned my system with Spybot, Windows Defender, CA Antivirus, CA Anti-spyware, and Malwarebytes. I can't get Ad-Aware to install the service, so I haven't been able to check the system with Ad-Aware. Thanks in advance! Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 10:04:13 PM, on 5/31/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe C:\Program Files\CA\eTrust Internet Security Suite\ccschedulersvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfsem.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe C:\Program Files\CA\eTrust Internet Security Suite\casc.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CA\eTrust Internet Security Suite\ccprovsp.exe C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPCtlPriv.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Tracy Barber\Desktop\HiJackThis_v2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dellnet.com"]http://www.dellnet.com[/url] R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.weather.com/outlook/travel/businesstraveler/local/27455?lswe=27455&lwsa=Weather36HourBusinessTravelerCommand&from=searchbox_localwx"]http://www.weather.com/outlook/travel/busi...archbox_localwx[/url] R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [url="http://www.dellnet.com/"]http://www.dellnet.com/[/url] O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\WINDOWS\Downloaded Program Files\ycomp5_1_1_0.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe" O4 - HKLM\..\Run: [cctray] C:\Program Files\CA\eTrust Internet Security Suite\casc.exe O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe O4 - HKLM\..\Run: [CAPPActiveProtection] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\CAPPActiveProtection.exe" O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\eTrust Internet Security Suite\CA Personal Firewall\capfasem.exe O4 - HKLM\..
  12. I've read the pinned topic : [url="http://www.lavasoftsupport.com/index.php?showtopic=26559"]http://www.lavasoftsupport.com/index.php?showtopic=26559[/url] ....and tried to setup the service manually. Doesn't seem to like the command line listed in the pinned topic listed above. What else can I try? Thanks ps : running Windows XP
  13. Just downloaded AE last night. On startup, an error message pops up indicating that it was unable to connect to the service. I looked in my services folder and can see no lavasoft services available. How can this be? Thanks