Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Authentium\AntiVirus5


  • This topic is locked This topic is locked
73 replies to this topic

#1 leslieg

leslieg

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 12 March 2010 - 04:33 PM

My system started crashing while I was playing my game (from installed CD and not online) and I recalled that the last time this happened it was because I had a virus. I looked at what was running in my Task Manager (on start up) and sure enough there was stuff in there I did not recognize...vseamps.exe, vsedsps.exe, vseqrts.exe and possibly lsass.exe, services.exe and smiss,exe.
Upon further internet research I found that the vse...s were probaly coming from Authentium\AntiVirus5, which I would find in the programs/common file. Yep, it is there and it will not let you delete it.
I have System Mechanic, which did not detect it. I have also ran SUPERAnitispyware and A-squared and MBAM. Super does not detect anything and my computer crashes half through running A-squared. When I try to scan just that one file, Super does not show it out there, but A-squared does. It also does not show up in the Unistall programs file.

MBAM detects a Broken.Command (which will not delete), but not a virus or anything.
Also, I WILL NOT let me boot in Safe Mode, either. It tries, but then comes back with a screen that says it could not because of possible new software or something.

I have managed to get a Hijack This file for you, but when I tried to run a DSS and GMER, it keeps crashing the computer. It also crashes when I tried to run a backup using Cobian.


Thank you for everything!

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:35 PM, on 3/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16981)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\twc\medicsp2\bin\sprtcmd.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\My Documents\My Downloads\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
O4 - HKLM\..\Run: [SystemGuardAlerter] "C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\iavlsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1258600680906
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1236839952343
O16 - DPF: {a7846ed2-9de6-4e8a-b116-a8acebfa7db1} - http://rms2.invokesolutions.com/events/bin...1452/MILive.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab
O16 - DPF: {d8aa889b-2c65-47c3-8c16-3dcd4ef76a47} -
O16 - DPF: {DC40FFCC-4638-3E6D-A681-214773309AA4} - http://100.100.100.72/isynergy/HttpViewerD...nergyClient.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iolo FileInfoList Service (iolofileinfolist) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (iolosystemservice) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Guard (IOLO_SRV) - Unknown owner - C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
O23 - Service: vseamps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
O23 - Service: vsedsps - Authentium, Inc - C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
O23 - Service: vseqrts - Unknown owner - C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe

--
End of file - 6149 bytes


MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3860
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/12/2010 2:38:19 PM
mbam-log-2010-03-12 (14-38-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 173699
Time elapsed: 1 hour(s), 17 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: ("%1" /S) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: (NOTEPAD.EXE %1) Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

(It say's that the file is deleted, but it comes right back)

Thanks again!

BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 12 March 2010 - 05:02 PM

Hi again smile.gif


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 12 March 2010 - 07:46 PM

Extras:


OTL Extras logfile created on: 3/12/2010 7:16:40 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 58.51 Gb Free Space | 76.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe" = C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator -- File not found
"C:\WINDOWS\LMI12EE.tmp\lmi_rescue.exe" = C:\WINDOWS\LMI12EE.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue -- (LogMeIn, Inc.)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- File not found
"C:\Program Files\iolo\System Mechanic Professional\SysMech.exe" = C:\Program Files\iolo\System Mechanic Professional\SysMech.exe:*:Enabled:iolo System Shield® -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\OpinionSquare\opnsqr.exe" = C:\Program Files\OpinionSquare\opnsqr.exe:*:Enabled:opnsqr.exe -- File not found
"C:\My Documents\Kodak EasyShare software\bin\EasyShare.exe" = C:\My Documents\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{17690982-3655-4DAF-9AAE-5475AC9B6D85}" = CrystalRuntimeInstaller
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{193DB24F-9A66-4896-8404-22D53EA89075}" = 1400_Help
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{266959FA-0AEE-41D0-A88E-F1EAC10A7C14}" = 1400
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{30DBAD4A-BA6D-4F9D-8AB0-2F6C7B0612A4}" = AVSDK5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{53F6E695-8BE1-4DB0-9896-643D031B63CA}_is1" = Quick Tab Change 2.0
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79.1
"{5B622B7A-60FB-4630-B11D-F121D20BCCD6}" = MarketResearch
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6860ABB0-E624-11D4-ADF9-00A024384E33}" = 602Pro PRINT PACK
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71DFAA65-77FA-41F3-A748-013B5A8524A3}" = Garmin City Navigator North America NT 2010.30
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BED6A90-E6EB-11D2-AA54-0008C7408A5A}" = VBA (2720)
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0AF08BA-3630-4505-BFB2-A41F3837B0D0}" = SFR2
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BBD3F66B-1180-4785-B679-3F91572CD3B4}_is1" = iolo technologies' System Mechanic Professional
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{C510CA36-98D6-4F07-8AFF-81E7399A075B}" = 1400Trb
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 5.2.5
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"Adobe AIR" = Adobe AIR
"adobe flash player activex" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"CobBackup9" = Cobian Backup 9
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Cutter_is1" = Cutter 3
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"HPExtendedCapabilities" = HP Extended Capabilities 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Jewel Quest 2" = Jewel Quest 2 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Outlook 98" = Microsoft Outlook 98
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Office8.0" = Microsoft Office 97, Professional Edition
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! IE Suggest" = Yahoo! Search Suggest Add-on for IE7
"yahoo! messenger" = Yahoo! Messenger
"yahoo! software update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/12/2010 5:08:57 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 5:19:52 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 5:19:52 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:08:49 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:08:49 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:28:21 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:28:21 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:58:47 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 6:58:47 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 3/12/2010 7:14:29 PM | Computer Name = HOME | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 3/12/2010 1:42:24 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2

Error - 3/12/2010 1:43:54 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/12/2010 1:48:03 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2

Error - 3/12/2010 1:49:39 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/12/2010 5:09:07 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2

Error - 3/12/2010 5:10:37 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/12/2010 6:08:59 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2

Error - 3/12/2010 6:10:28 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.

Error - 3/12/2010 6:58:57 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7000
Description = The srenum service failed to start due to the following error: %%2

Error - 3/12/2010 7:00:25 PM | Computer Name = HOME | Source = Service Control Manager | ID = 7022
Description = The Windows Image Acquisition (WIA) service hung on starting.


< End of report >

OTL:

OTL logfile created on: 3/12/2010 7:16:40 PM - Run 1
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 67.00 Mb Available Physical Memory | 15.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 58.51 Gb Free Space | 76.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/03 12:30:41 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/08 10:56:38 | 000,823,216 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2010/01/07 20:27:12 | 000,326,056 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
PRC - [2010/01/07 20:27:06 | 000,490,920 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
PRC - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/10/28 17:11:34 | 000,113,192 | ---- | M] () -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2009/10/28 17:11:32 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2009/10/28 17:11:26 | 000,092,712 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/07 10:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/03/07 10:53:58 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/01/07 20:27:48 | 000,893,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\sguard.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/03/07 10:54:02 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 20:27:12 | 000,326,056 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe -- (IOLO_SRV)
SRV - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (iolosystemservice)
SRV - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (iolofileinfolist)
SRV - [2009/10/28 17:11:34 | 000,113,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2009/10/28 17:11:32 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2009/10/28 17:11:26 | 000,092,712 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (yahooauservice)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 10:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "SnapDollars Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2337696&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trafficswarm.com/cgi-bin/swarm.cgi?858870"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.0
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {90bb40dd-12c4-4cb9-85c7-63a17db85b55}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171

FF - HKLM\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/12/10 17:12:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 23:28:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/07 14:44:05 | 000,000,000 | ---D | M]

[2009/03/11 23:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/12 11:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions
[2009/10/24 20:16:37 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/10/12 19:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
[2009/04/01 12:52:04 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/12/08 10:02:17 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/12/25 14:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/11 11:42:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 21:10:01 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2009/10/21 18:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/12/01 11:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/28 13:32:02 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/02/18 10:21:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/01 14:32:47 | 000,000,000 | ---D | M] (SnapDollars Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}
[2009/07/06 13:32:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/12/26 13:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\[email protected]
[2009/10/24 20:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\[email protected]
[2009/07/29 10:05:00 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\conduit.xml
[2009/07/24 17:01:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\search--win.xml
[2009/10/24 20:16:47 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\surf-canyon.xml
[2009/11/02 00:10:52 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\yahoo.xml
[2010/03/11 20:58:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/04 23:23:15 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2009/12/10 17:37:26 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O4 - HKLM..\RunOnce: [SMRequiresRestart] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1258600680906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236839952343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {a7846ed2-9de6-4e8a-b116-a8acebfa7db1} http://rms2.invokesolutions.com/events/bin...1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {d8aa889b-2c65-47c3-8c16-3dcd4ef76a47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DC40FFCC-4638-3E6D-A681-214773309AA4} http://100.100.100.72/isynergy/HttpViewerD...nergyClient.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/27 10:46:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: ("""autocheck autochk *""") - File not found
O34 - HKLM BootExecute: (autocheck smrgdf C:\Documents and Settings\Administrator\Application Data\iolo\) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/07/27 10:46:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found



CREATERESTOREPOINT
Restore point Set: OTL Restore Point (15202985931964416)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/12 19:15:25 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/12 15:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/03/12 15:01:10 | 010,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Administrator\Desktop\Backup-cbSetup.9.5.1.212.exe
[2010/03/11 15:03:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/02/26 23:22:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\KodakGallery
[2010/02/26 23:21:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\KodakCredentialStore
[2010/02/26 23:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2010/02/26 22:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\ArcSoft
[2010/02/26 22:48:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Print Creations
[2010/02/26 22:48:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Arcsoft
[2010/02/26 22:38:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2010/02/26 22:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ArcSoft
[2010/02/26 22:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2010/01/29 21:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 21:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/20 11:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/14 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2009/12/15 12:00:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/15 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/09/09 10:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/27 19:25:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/10 13:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/03/19 22:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\IEPro
[2009/03/19 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/11/13 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/11/13 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/12 18:33:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/12 18:14:48 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/12 18:14:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/12 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/03/12 17:59:25 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/03/12 17:58:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/12 17:58:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/12 17:58:07 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/12 16:47:12 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/03/12 15:01:16 | 010,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Administrator\Desktop\Backup-cbSetup.9.5.1.212.exe
[2010/03/12 11:49:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/12 11:49:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/03/10 21:29:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/10 21:28:55 | 002,397,184 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/10 21:28:54 | 001,204,224 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/09 19:45:41 | 000,028,631 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\recall list-HydrolyzedVegetableProteinProductsList2010.pdf
[2010/03/07 14:44:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/07 14:09:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/02/26 22:28:15 | 000,001,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/02/26 22:21:55 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/12 16:47:07 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/03/12 12:06:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/03/12 11:49:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/12 11:49:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/03/09 19:45:41 | 000,028,631 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\recall list-HydrolyzedVegetableProteinProductsList2010.pdf
[2010/03/07 14:44:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/03/05 19:22:54 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/02/26 22:28:15 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Kodak EasyShare.lnk
[2010/02/26 22:21:55 | 000,000,452 | ---- | C] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/01/24 20:37:31 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 16:33:22 | 000,000,269 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/01/14 21:51:59 | 002,169,256 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/09/17 19:56:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/09/05 19:04:32 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/04/08 17:54:10 | 000,006,325 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2009/03/31 13:12:42 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 22:39:07 | 000,012,249 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/09 16:54:46 | 000,019,212 | ---- | C] () -- C:\WINDOWS\pmmacros.ini
[2007/03/09 16:54:46 | 000,002,797 | ---- | C] () -- C:\WINDOWS\Formset.ini
[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2006/02/17 14:47:56 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\EXPORTMODELLER.DLL
[2006/02/17 14:47:56 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\CRTSLV.DLL
[2005/07/27 15:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/07/27 12:40:20 | 000,000,100 | ---- | C] () -- C:\WINDOWS\GpsProd.ini
[2005/07/27 12:31:44 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2005/07/27 11:11:28 | 000,001,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/27 11:08:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2005/07/27 11:07:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2005/07/27 11:05:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/04/22 07:00:06 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\zipdll.dll
[2003/01/07 07:54:32 | 000,122,368 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/11 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/10 23:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/09/25 20:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 20:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2010/02/01 21:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabyPanda.AE596E2C895946753C836133BB20D7D0CC6BAC08.1
[2009/12/25 15:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2009/03/12 12:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IEPro
[2010/02/01 15:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2010/01/18 16:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2010/01/14 22:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2009/03/30 09:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MiniDm
[2010/02/13 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/02/13 21:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009/12/13 18:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
[2010/02/26 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2009/12/28 20:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/12 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZipGenius
[2009/12/12 22:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/12/25 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/02/13 21:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/12 18:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/03/20 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/13 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/24 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/03/30 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/13 19:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/26 22:21:55 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/03/12 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\VundoFix.exe:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

Ieas able to get the DDS to run, but still not GMER

DDS:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Administrator at 16:47:58.95 on Fri 03/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.248 [GMT -5:00]

AV: iolo System Shield *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\rundll32.exe
C:\DOCUME~1\ADMINI~1\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn0\yt.dll
BHO: PDF-XChange Viewer IE-Plugin: {c5d07eb6-bbce-4dae-acbb-d13a8d28cb1f} - c:\program files\tracker software\pdf-xchange viewer\pdf-viewer\PDFXCviewIEPlugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - No File
TB: {5BED3930-2E9E-76D8-BACC-80DF2188D455} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [medicsp2] c:\program files\twc\medicsp2\bin\sprtcmd.exe /P medicsp2
mRun: [SystemGuardAlerter] "c:\program files\iolo\system mechanic professional\SystemGuardAlerter.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
LSP: c:\windows\system32\iavlsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1258600680906
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1236839952343
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {a7846ed2-9de6-4e8a-b116-a8acebfa7db1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {d8aa889b-2c65-47c3-8c16-3dcd4ef76a47}
DPF: {DC40FFCC-4638-3E6D-A681-214773309AA4} - hxxp://100.100.100.72/isynergy/HttpViewerDir/iSynergyClient.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli c:\windows\system32\mulifadu.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\7rivjk4s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2337696&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?858870
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7rivjk4s.default\extensions\{0c7e3f01-99e9-4095-9bdc-f84724960b57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\7rivjk4s.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-1-5 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-1-5 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-8 1858144]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [2009-10-28 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [2009-10-28 1117224]
R2 iolofileinfolist;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-14 650672]
R2 iolosystemservice;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-1-14 650672]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [2009-3-30 202280]
R2 vseamps;vseamps;c:\program files\common files\authentium\antivirus5\vseamps.exe [2009-10-28 92712]
R2 vsedsps;vsedsps;c:\program files\common files\authentium\antivirus5\vsedsps.exe [2009-10-28 117288]
R2 vseqrts;vseqrts;c:\program files\common files\authentium\antivirus5\vseqrts.exe [2009-10-28 113192]
R3 ndisrd;ndisrd;c:\windows\system32\drivers\ndisrd.sys [2009-7-1 20480]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S1 3384f7fd;3384f7fd;c:\windows\system32\drivers\3384f7fd.sys --> c:\windows\system32\drivers\3384f7fd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S2 srenum;srenum;c:\windows\system32\drivers\srenum.sys --> c:\windows\system32\drivers\srenum.sys [?]
S3 nielgfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-1-5 12872]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-03-12 20:46:05 0 d-----w- c:\program files\Cobian Backup 9
2010-03-12 16:49:41 0 ----a-w- c:\documents and settings\administrator\defogger_reenable
2010-03-06 00:22:54 448 ----a-w- c:\windows\system32\iolo.ini
2010-02-27 04:21:59 0 d-----w- c:\docume~1\admini~1\applic~1\KodakCredentialStore
2010-02-27 04:09:36 0 d-----w- c:\docume~1\admini~1\applic~1\Skinux
2010-02-27 03:38:29 0 d-----w- c:\docume~1\alluse~1\applic~1\ArcSoft
2010-02-27 03:24:59 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2010-02-27 03:24:59 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2010-02-27 03:24:59 465920 ------w- c:\windows\system32\imapi2fs.dll
2010-02-27 03:24:59 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2010-02-27 03:24:59 317952 ------w- c:\windows\system32\imapi2.dll
2010-02-14 02:31:37 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-02-14 02:28:09 91136 ----a-w- c:\windows\system32\nmwcdcls.dll

==================== Find3M ====================

2010-02-27 02:00:21 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-26 19:22:31 113006 ----a-w- c:\windows\hpoins07.dat
2010-01-08 01:27:26 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-01-08 01:27:16 2169256 ----a-w- c:\windows\system32\Incinerator.dll
2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00:20 17408 ----a-w- c:\windows\system32\corpol.dll
2010-01-05 04:23:15 466944 ----a-w- c:\windows\system32\BSTIEPrintCtl1.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-13 21:06:19 262144 ----a-w- C:\ntuser.dat
2009-08-06 11:19:19 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-11-18 17:12:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat
2009-03-18 03:15:08 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009031720090318\index.dat
2009-11-18 17:12:43 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat
2009-11-17 17:14:09 1840416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-17 17:14:10 234784 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 16:49:19.82 ===============



Thanks!



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 13 March 2010 - 04:03 AM

Hi,


Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 13 March 2010 - 11:33 AM

Combofix Report:

ComboFix 10-03-12.04 - Administrator 03/13/2010 10:54:00.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.237 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\schrauber.exe
AV: iolo System Shield *On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\Flags.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UA.dtd
c:\documents and settings\All Users\Application Data\Macromedia\SwUpdate\UAcpt.dtd
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\_000006_.tmp.dll
c:\windows\System32\BSTIeprintctl1.dll
c:\windows\system32\drivers\ndisrd.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\winhelp.ini
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat . . . . failed to delete
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat . . . . failed to delete

----- BITS: Possible infected sites -----

hxxp://download.iolo.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_ndisrd
-------\Service_npf


((((((((((((((((((((((((( Files Created from 2010-02-13 to 2010-03-13 )))))))))))))))))))))))))))))))
.

2010-03-13 15:50 . 2010-03-13 15:50 -------- d-sha-r- \cmdcons
2010-03-13 15:49 . 2010-03-13 16:05 -------- d-----w- \schrauber
2010-03-13 15:48 . 2010-03-13 16:05 -------- d-----w- \Qoobox
2010-03-12 20:46 . 2010-03-12 20:46 -------- d-----w- c:\program files\Cobian Backup 9
2010-02-27 04:22 . 2010-03-11 02:10 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\KodakGallery
2010-02-27 04:21 . 2010-02-27 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\KodakCredentialStore
2010-02-27 04:09 . 2010-02-27 04:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skinux
2010-02-27 03:50 . 2010-02-27 03:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ArcSoft
2010-02-27 03:48 . 2010-02-27 03:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\Arcsoft
2010-02-27 03:38 . 2010-03-11 06:25 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-27 03:38 . 2010-02-27 03:50 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2010-02-27 03:32 . 2010-02-27 03:34 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-02-27 03:32 . 2010-02-27 03:32 -------- d-----w- c:\program files\ArcSoft
2010-02-27 03:23 . 2010-02-27 03:23 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\bindbins\bindbins.exe
2010-02-27 03:23 . 2010-02-27 03:23 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2010-02-27 03:23 . 2010-02-27 03:23 175104 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-02-27 03:21 . 2010-02-27 03:21 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\update.exe
2010-02-27 03:21 . 2010-02-27 03:21 45056 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\SysFiles\kb945060\kb945060.exe
2010-02-27 03:21 . 2010-02-27 03:21 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2010-02-27 03:21 . 2010-02-27 03:21 1187840 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_6f2be6\EasyShrx.Dll
2010-02-27 03:21 . 2010-02-01 20:41 2635152 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0001_6f2be6\Setup.exe
2010-02-27 03:20 . 2010-02-27 03:20 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-02-26 01:27 . 2010-02-26 01:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp
2010-02-21 20:39 . 2010-02-21 20:39 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b462015-n\msvcp71.dll
2010-02-21 20:39 . 2010-02-21 20:39 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b462015-n\msvcr71.dll
2010-02-21 20:39 . 2010-02-21 20:39 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5b462015-n\jmc.dll
2010-02-21 20:39 . 2010-02-21 20:39 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4dc1b12c-n\decora-sse.dll
2010-02-21 20:39 . 2010-02-21 20:39 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4dc1b12c-n\decora-d3d.dll
2010-02-20 18:20 . 2010-02-20 18:20 -------- d-----w- c:\program files\Common Files\Java
2010-02-14 02:38 . 2010-02-14 03:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-02-14 02:38 . 2010-02-14 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-02-14 02:38 . 2010-02-14 02:38 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-14 02:27 . 2010-02-14 03:48 34442296 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_eng_us_web.exe
2010-02-14 02:26 . 2010-02-14 02:26 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-02-14 02:26 . 2010-02-14 02:26 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-02-14 02:26 . 2010-02-14 02:26 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-02-14 02:26 . 2010-02-14 02:26 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-02-14 02:26 . 2010-02-14 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-13 03:18 . 2009-09-06 00:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-03-12 22:50 . 2009-09-06 02:26 518 ----a-w- c:\documents and settings\Administrator\Application Data\iolo\Registry\Last\restore.bat
2010-03-12 21:44 . 2009-03-13 17:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\ZipGenius
2010-03-11 19:37 . 2009-10-09 04:53 -------- d-----w- c:\program files\a-squared Free
2010-03-11 17:37 . 2010-01-25 15:56 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-06 06:58 . 2009-09-06 00:38 1539 ----a-w- c:\documents and settings\Administrator\Application Data\iolo\restore.bat
2010-02-27 03:51 . 2005-07-27 16:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-27 03:32 . 2009-11-26 01:00 -------- d-----w- c:\program files\Kodak
2010-02-27 03:31 . 2009-11-26 01:02 -------- d-----w- c:\program files\Common Files\Kodak
2010-02-24 17:56 . 2010-01-25 15:56 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-21 20:38 . 2009-11-14 03:39 -------- d-----w- c:\program files\Java
2010-02-14 02:34 . 2009-12-25 20:45 -------- d-----w- c:\program files\DIFX
2010-02-02 02:24 . 2010-02-02 02:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\BabyPanda.AE596E2C895946753C836133BB20D7D0CC6BAC08.1
2010-02-02 02:11 . 2010-02-02 02:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-02 02:08 . 2010-02-02 02:12 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-02 02:08 . 2010-02-02 02:12 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-01 20:00 . 2009-04-06 20:32 -------- d-----w- c:\documents and settings\Administrator\Application Data\Image Zone Express
2010-02-01 19:56 . 2009-09-16 16:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2010-01-30 02:22 . 2008-03-10 13:18 -------- d-----w- c:\program files\Google
2010-01-28 02:41 . 2010-01-28 02:41 -------- d-----w- c:\program files\Coupons
2010-01-26 19:22 . 2010-01-26 19:05 113006 ----a-w- c:\windows\hpoins07.dat
2010-01-26 19:14 . 2009-03-12 03:54 -------- d-----w- c:\program files\Common Files\HP
2010-01-26 19:14 . 2009-03-12 03:40 -------- d-----w- c:\program files\HP
2010-01-26 19:12 . 2010-01-26 19:12 -------- d-----w- c:\program files\Hewlett-Packard
2010-01-26 19:04 . 2009-03-12 02:49 30264 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 15:57 . 2010-01-25 15:57 52224 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-25 15:56 . 2009-12-13 17:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2010-01-25 15:55 . 2010-01-25 15:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-21 23:51 . 2010-02-01 19:32 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
2010-01-21 23:51 . 2010-02-01 19:32 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\RadioWMPCore.dll
2010-01-20 22:33 . 2010-01-14 23:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-18 21:11 . 2009-09-06 00:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2010-01-15 03:44 . 2009-03-21 01:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\iWin
2010-01-15 03:43 . 2010-01-15 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2010-01-15 02:55 . 2010-01-15 02:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\iolo
2010-01-15 02:52 . 2010-01-15 02:52 -------- d-----w- c:\program files\Common Files\Authentium
2010-01-15 02:51 . 2010-01-15 02:51 -------- d-----w- c:\program files\iolo
2010-01-11 18:46 . 2010-01-11 18:46 956 ----a-w- c:\windows\extend.dat
2010-01-11 03:04 . 2009-12-09 05:36 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-08 16:02 . 2010-01-15 02:51 40584224 ----a-w- c:\documents and settings\All Users\Application Data\iolo\System Shield\smsysshieldinstaller.exe
2009-12-13 21:06 . 2009-12-13 21:06 262144 ----a-w- C:\ntuser.dat
2009-12-13 21:06 . 2009-12-13 21:06 262144 ----a-w- \ntuser.dat
2009-11-17 17:14 . 2009-11-17 05:52 1840416 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-17 17:14 . 2009-11-17 05:52 234784 --sha-w- c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"medicsp2"="c:\program files\twc\medicsp2\bin\sprtcmd.exe" [2007-03-07 198184]
"SystemGuardAlerter"="c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe" [2010-01-08 490920]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoAutoUpdate"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 18:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
2010-02-24 05:21 39264 ----a-w- c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
2003-12-17 14:50 19968 ------w- c:\windows\LOGI_MWX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrintPackDispatcher]
2001-12-13 14:41 172032 ----a-w- c:\program files\Common Files\soft602\XPmail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-03-12 03:18 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemGuardAlerter]
2010-01-08 01:27 490920 ----a-w- c:\program files\iolo\System Mechanic Professional\SystemGuardAlerter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\LMI12EE.tmp\\lmi_rescue.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\SysMech.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\My Documents\\Kodak EasyShare software\\bin\\EasyShare.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [1/5/2010 7:56 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 66632]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [10/8/2009 11:53 PM 1858144]
R2 AMP;AMP;c:\windows\system32\drivers\amp.sys [10/28/2009 5:25 PM 122408]
R2 AMPSE;AMPSE;c:\windows\system32\drivers\ampse.sys [10/28/2009 5:25 PM 1117224]
R2 iolofileinfolist;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/14/2010 9:51 PM 650672]
R2 iolosystemservice;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/14/2010 9:51 PM 650672]
R2 sprtsvc_medicsp2;SupportSoft Sprocket Service (medicsp2);c:\program files\twc\medicsp2\bin\sprtsvc.exe [3/30/2009 3:09 PM 202280]
R2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [10/28/2009 5:11 PM 92712]
R2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [10/28/2009 5:11 PM 117288]
R2 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [10/28/2009 5:11 PM 113192]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
S1 3384f7fd;3384f7fd;c:\windows\system32\drivers\3384f7fd.sys --> c:\windows\system32\drivers\3384f7fd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 9:22 PM 135664]
S2 srenum;srenum;c:\windows\system32\DRIVERS\srenum.sys --> c:\windows\system32\DRIVERS\srenum.sys [?]
S3 nielgfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 12872]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
LSP: c:\windows\system32\iavlsp.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {a7846ed2-9de6-4e8a-b116-a8acebfa7db1} - hxxp://rms2.invokesolutions.com/events/bin/6.2.0.1452/MILive.cab
DPF: {d8aa889b-2c65-47c3-8c16-3dcd4ef76a47}
DPF: {DC40FFCC-4638-3E6D-A681-214773309AA4} - hxxp://100.100.100.72/isynergy/HttpViewerDir/iSynergyClient.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2337696&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.trafficswarm.com/cgi-bin/swarm.cgi?858870
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4E7BD74F-2B8D-469E-C8ED-EA2EFAD2ED61} - (no file)
Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-13 11:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet006\Services\tdlserv]
"imagepath"="\??\c:\windows\TEMP\1461.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1417001333-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,ee,f6,9d,53,9a,77,4c,83,b0,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ca,ee,f6,9d,53,9a,77,4c,83,b0,2a,\
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\smss.exe
c:\windows\system32\csrss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\program files\iolo\System Mechanic Professional\IoloSGCtrl.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\svchost.exe
c:\windows\System32\alg.exe
c:\windows\system32\wscntfy.exe
c:\program files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
c:\windows\system32\wuauclt.exe
c:\windows\system32\svchost.exe
c:\windows\System32\svchost.exe
.
**************************************************************************
.
Completion time: 2010-03-13 11:30:33 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-13 16:30

Pre-Run: 62,693,007,360 bytes free
Post-Run: 62,227,386,368 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=6 Default=6 Failed=5 LastKnownGood=2 Sets=1,2,3,5,6
- - End Of File - - 8383A3AC0D83A9015D4D4AD5AFD2535A


#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 13 March 2010 - 11:43 AM

Hi,


  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 13 March 2010 - 12:22 PM

Here's the OTL report, but it did not produce an EXTRAS report...Thanks for being so quick, I'm having "Not playing my game withdrawls". LOL blush:


OTL Report:

OTL logfile created on: 3/13/2010 12:05:23 PM - Run 2
OTL by OldTimer - Version 3.1.37.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 57.96 Gb Free Space | 75.94% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HOME
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/02/03 12:30:41 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/08 10:56:38 | 000,823,216 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
PRC - [2010/01/07 20:27:12 | 000,326,056 | ---- | M] () -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
PRC - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe
PRC - [2009/10/28 17:11:34 | 000,113,192 | ---- | M] () -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
PRC - [2009/10/28 17:11:32 | 000,117,288 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
PRC - [2009/10/28 17:11:26 | 000,092,712 | R--- | M] (Authentium, Inc) -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
PRC - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2007/03/07 10:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/03/07 10:53:58 | 000,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtcmd.exe


========== Modules (SafeList) ==========

MOD - [2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2010/01/07 20:27:48 | 000,893,352 | ---- | M] () -- C:\Program Files\iolo\Common\Lib\sguard.dll
MOD - [2008/04/13 19:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2007/03/07 10:54:02 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprthook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/07 20:27:12 | 000,326,056 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe -- (IOLO_SRV)
SRV - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (iolosystemservice)
SRV - [2010/01/04 14:39:04 | 000,650,672 | ---- | M] () [Auto | Running] -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe -- (iolofileinfolist)
SRV - [2009/10/28 17:11:34 | 000,113,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV - [2009/10/28 17:11:32 | 000,117,288 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV - [2009/10/28 17:11:26 | 000,092,712 | R--- | M] (Authentium, Inc) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV - [2009/10/01 16:03:14 | 001,858,144 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files\a-squared Free\a2service.exe -- (a2free)
SRV - [2009/09/28 09:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (yahooauservice)
SRV - [2007/08/09 02:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2007/03/07 10:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "SnapDollars Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2337696&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trafficswarm.com/cgi-bin/swarm.cgi?858870"
FF - prefs.js..extensions.enabledItems: {3e0e7d2a-070f-4a47-b019-91fe5385ba79}:3.0.0
FF - prefs.js..extensions.enabledItems: {0C7E3F01-99E9-4095-9BDC-F84724960B57}:5.0.0.4
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0848}:1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.3
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {90bb40dd-12c4-4cb9-85c7-63a17db85b55}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {2c088200-b973-11db-8314-0800200c9a66}:1.7.1
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 7171

FF - HKLM\software\mozilla\Firefox\extensions\\{98e34367-8df7-42b4-837b-20b892ff0848}: C:\Program Files\iWin Games\firefox\ [2009/12/10 17:12:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/09 23:28:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/07 14:44:05 | 000,000,000 | ---D | M]

[2009/03/11 23:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/03/12 22:31:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions
[2009/10/24 20:16:37 | 000,000,000 | ---D | M] (Screengrab) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2009/10/12 19:51:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
[2009/04/01 12:52:04 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2009/12/08 10:02:17 | 000,000,000 | ---D | M] (Session Manager) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2009/12/25 14:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/01/11 11:42:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/01/27 21:10:01 | 000,000,000 | ---D | M] (Harley Davidson) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{2c088200-b973-11db-8314-0800200c9a66}
[2009/10/21 18:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2009/12/01 11:31:55 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/01/28 13:32:02 | 000,000,000 | ---D | M] (AddThis) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
[2010/02/18 10:21:00 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/02/01 14:32:47 | 000,000,000 | ---D | M] (SnapDollars Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}
[2009/07/06 13:32:30 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2009/12/26 13:21:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\[email protected]
[2009/10/24 20:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\[email protected]
[2009/07/29 10:05:00 | 000,000,884 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\conduit.xml
[2009/07/24 17:01:59 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\search--win.xml
[2009/10/24 20:16:47 | 000,002,271 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\surf-canyon.xml
[2009/11/02 00:10:52 | 000,000,567 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\searchplugins\yahoo.xml
[2010/03/13 00:06:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/01/04 23:23:15 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2010/03/13 11:05:09 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [medicsp2] C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [SystemGuardAlerter] C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\System32\iavlsp.dll (iolo technologies, LLC)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1258600680906 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1236839952343 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {a7846ed2-9de6-4e8a-b116-a8acebfa7db1} http://rms2.invokesolutions.com/events/bin...1452/MILive.cab (Reg Error: Key error.)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {d8aa889b-2c65-47c3-8c16-3dcd4ef76a47} Reg Error: Key error. (Reg Error: Key error.)
O16 - DPF: {DC40FFCC-4638-3E6D-A681-214773309AA4} http://100.100.100.72/isynergy/HttpViewerD...nergyClient.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/27 10:46:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/07/27 10:46:19 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (15202985931964416)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/13 10:50:48 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/13 10:49:25 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/13 10:49:25 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/13 10:49:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/13 10:49:24 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/13 10:48:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/12 19:15:25 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/12 15:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Cobian Backup 9
[2010/03/12 15:01:10 | 010,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Administrator\Desktop\Backup-cbSetup.9.5.1.212.exe
[2010/03/11 15:03:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/01/29 21:27:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 21:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2010/01/20 11:20:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/14 21:55:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\iolo
[2009/12/15 12:00:23 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/12/15 12:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/11/27 21:20:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\iolo
[2009/09/09 10:50:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/08/27 19:25:39 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/05/10 13:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2009/03/19 22:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\IEPro
[2009/03/19 22:13:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2007/11/13 14:44:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2007/11/13 14:44:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/13 12:02:35 | 000,000,448 | ---- | M] () -- C:\WINDOWS\System32\iolo.ini
[2010/03/13 11:33:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/13 11:05:31 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/13 11:05:09 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/13 11:04:50 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/13 11:04:45 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/13 11:01:00 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/13 11:00:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/13 11:00:05 | 008,388,608 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/03/13 11:00:05 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/03/13 10:50:58 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/13 10:47:30 | 003,888,854 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\schrauber.exe
[2010/03/13 01:58:34 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/12 22:20:13 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2010/03/12 19:15:30 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/03/12 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2010/03/12 15:01:16 | 010,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Administrator\Desktop\Backup-cbSetup.9.5.1.212.exe
[2010/03/12 11:49:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/12 11:49:09 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/03/10 21:28:55 | 002,397,184 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/03/10 21:28:54 | 001,204,224 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/03/09 19:45:41 | 000,028,631 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\recall list-HydrolyzedVegetableProteinProductsList2010.pdf
[2010/03/07 14:44:12 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/13 11:01:07 | 000,000,448 | ---- | C] () -- C:\WINDOWS\System32\iolo.ini
[2010/03/13 10:50:57 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/13 10:49:25 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/13 10:49:25 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/13 10:49:25 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/13 10:49:24 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/13 10:49:24 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/13 10:47:29 | 003,888,854 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\schrauber.exe
[2010/03/12 12:06:19 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gmer.exe
[2010/03/12 11:49:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2010/03/12 11:49:08 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2010/03/09 19:45:41 | 000,028,631 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\recall list-HydrolyzedVegetableProteinProductsList2010.pdf
[2010/03/07 14:44:12 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/01/24 20:37:31 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\housecall.guid.cache
[2010/01/18 16:33:22 | 000,000,269 | ---- | C] () -- C:\WINDOWS\SysMech.INI
[2010/01/14 21:51:59 | 002,169,256 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2009/09/17 19:56:54 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2009/09/05 19:04:32 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2009/04/08 17:54:10 | 000,006,325 | ---- | C] () -- C:\WINDOWS\silkquit.ini
[2009/03/31 13:12:42 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/11 22:39:07 | 000,012,249 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/03/09 16:54:46 | 000,019,212 | ---- | C] () -- C:\WINDOWS\pmmacros.ini
[2007/03/09 16:54:46 | 000,002,797 | ---- | C] () -- C:\WINDOWS\Formset.ini
[2006/02/17 14:47:56 | 000,307,200 | ---- | C] () -- C:\WINDOWS\System32\EXPORTMODELLER.DLL
[2006/02/17 14:47:56 | 000,049,223 | ---- | C] () -- C:\WINDOWS\System32\CRTSLV.DLL
[2005/07/27 15:11:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2005/07/27 12:40:20 | 000,000,100 | ---- | C] () -- C:\WINDOWS\GpsProd.ini
[2005/07/27 12:31:44 | 000,100,352 | ---- | C] () -- C:\WINDOWS\System32\PG32CONV.DLL
[2005/07/27 11:11:28 | 000,001,126 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/27 11:08:45 | 000,000,097 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2005/07/27 11:05:38 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2004/09/17 17:37:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/04/22 07:00:06 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\zipdll.dll
[2003/01/07 07:54:32 | 000,122,368 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/03/11 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997/07/10 23:00:00 | 000,031,232 | ---- | C] () -- C:\WINDOWS\System32\XLREC.DLL
[1997/07/10 23:00:00 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\RECNCL.DLL
[1997/07/10 23:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\ODBCSTF.DLL
[1997/07/10 23:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
[1995/09/25 20:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/07 20:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf09.ini

========== LOP Check ==========

[2010/02/01 21:24:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BabyPanda.AE596E2C895946753C836133BB20D7D0CC6BAC08.1
[2009/12/25 15:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2009/03/12 12:15:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IEPro
[2010/02/01 15:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Image Zone Express
[2010/01/18 16:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2010/01/14 22:44:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iWin
[2009/03/30 09:03:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MiniDm
[2010/02/13 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nokia
[2010/02/13 21:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PC Suite
[2009/12/13 18:25:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Registry Mechanic
[2010/02/26 23:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Skinux
[2009/12/28 20:16:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Uniblue
[2010/03/12 16:44:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZipGenius
[2009/12/12 22:27:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cached Installations
[2009/12/25 15:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GARMIN
[2010/02/13 21:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/03/12 22:18:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/03/20 20:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2010/02/13 21:38:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/11/24 14:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/03/30 15:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/12/13 19:20:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/03/12 22:20:13 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2010/03/12 18:00:00 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 07:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/03/17 20:06:32 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 07:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 07:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 07:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 07:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Administrator\My Documents\VundoFix.exe:SummaryInformation
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >




#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 13 March 2010 - 02:34 PM

Hi,

How is the system runnign now?


I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 13 March 2010 - 03:54 PM

It seems to be running better. I haven't tired playing the game yet, but I did run MBAM and the "Broken Command" error was gone.

I'm going to run this scan now and will get it to you when it is done.

I know that it can take along time to run...I read a post that said it took his computer 19 hours to finish.

Again, Thanks for everything!



#10 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 13 March 2010 - 05:29 PM

You're welcome smile.gif
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#11 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 13 March 2010 - 07:09 PM

Well, I've tried running it 3 times and it keeps shutting down the computer. The 3rd time I actually sat here and watched it and it got through 33% and a total of 5 minutes.

So, I guess there is still a problem somewhere, huh?

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 14 March 2010 - 08:59 AM

Hi,

Please try this one:

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#13 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 14 March 2010 - 01:19 PM

Bit Defender says "No Infection Found".

I did try to play my game again last night and it kept shutting down. Right before it shuts down, you can hear the computer speed up really fast, like something turns on and starts sucking all the resources dry.

URRR!!!

#14 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Instructor
  • 23,043 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:41 PM

Posted 15 March 2010 - 02:46 PM

Which game?

Please post back with a fresh OTL logfile.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#15 leslieg

leslieg
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:08:41 AM

Posted 15 March 2010 - 02:47 PM

I don't know if they have changed Bit Defender recently. but you only get a 60 second scan out of it. Here is the report that said I have no infections:

It doesn't give you the option to export, you just click on "view log" now.



BitDefender QuickScan Beta 32-bit v0.9.9.9
------------------------------------------

Scan date: Mon Mar 15 15:44:21 2010
Machine ID: A88F63F3



No infection found.
---------------------


Processes
---------
<unsigned> Quick Tab Change.exe 3708 C:\Program Files\Quick Tab Change\Quick Tab Change.exe

<verified> a-squared 1228 C:\Program Files\a-squared Free\a2service.exe
<verified> AVSDK5 1888 C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
<verified> AVSDK5 1680 C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
<verified> Firefox 3720 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> GoogleToolbarNotifier 1104 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> HP PML 1532 C:\WINDOWS\system32\HPZipm12.exe
<verified> ioloServiceManager.exe 1332 C:\Program Files\iolo\common\lib\ioloServiceManager.exe
<verified> IoloSGCtrl.exe 1460 C:\Program Files\iolo\System Mechanic Professional\IoloSGCtrl.exe
<verified> Microsoft® Windows® Operating System 820 C:\WINDOWS\Explorer.EXE
<verified> Microsoft® Windows® Operating System 832 C:\WINDOWS\System32\alg.exe
<verified> Microsoft® Windows® Operating System 456 C:\WINDOWS\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2032 C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System 536 C:\WINDOWS\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 524 C:\WINDOWS\system32\services.exe
<verified> Microsoft® Windows® Operating System 408 C:\WINDOWS\System32\smss.exe
<verified> Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 704 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 764 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 916 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 944 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1644 C:\WINDOWS\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 480 C:\WINDOWS\system32\winlogon.exe
<verified> Microsoft® Windows® Operating System 2316 C:\WINDOWS\system32\wuauclt.exe
<verified> SupportSoft sprtsvc 1580 C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
<verified> SystemGuardAlerter.exe 912 C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
<verified> vseqrts Application 1952 C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe


Network activity
----------------
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 74.125.45.139
Process firefox.exe (3720) connected on port 80 (HTTP) - 66.235.142.20
Process firefox.exe (3720) connected on port 80 (HTTP) - 96.7.69.115
Process firefox.exe (3720) connected on port 80 (HTTP) - 63.241.217.16
Process firefox.exe (3720) connected on port 80 (HTTP) - 24.143.192.114
Process firefox.exe (3720) connected on port 80 (HTTP) - 74.125.47.101
Process firefox.exe (3720) connected on port 80 (HTTP) - 209.191.68.218
Process firefox.exe (3720) connected on port 80 (HTTP) - 66.235.142.20

Process svchost.exe (764) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

<verified> Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
<verified> GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
<verified> Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rundll32.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
<verified> SuperAntiSpyware C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
<verified> SystemGuardAlerter.exe C:\Program Files\iolo\System Mechanic Professional\SystemGuardAlerter.exe
<verified> Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
<unsigned> E-centives Coupon Activator Netscape Pl C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
<unsigned> FFExternalAlert.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
<unsigned> frozen.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> googletoolbar-ff2.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> googletoolbar-ff3.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> googletoolbarloader.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> iavlsp.dll C:\WINDOWS\system32\iavlsp.dll
<unsigned> News America Marketing Inc. Coupon Mana C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.4 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> RadioWMPCore.dll C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\RadioWMPCore.dll

<verified> BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
<verified> Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
<verified> Garmin Communicator Plug-In C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
<verified> getPlusPlus for Adobe 16249 C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
<verified> Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll
<verified> Google Update C:\Program Files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
<verified> Java Deployment Toolkit 6.0.180.7 C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Java™ Platform SE 6 U18 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\nwprovau.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
<verified> Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> MSN® Games by Zone.com C:\WINDOWS\Downloaded Program Files\ZIntro.ocx
<verified> NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
<verified> PDF-XChange Viewer c:\program files\tracker software\pdf-xchange viewer\pdf-viewer\pdfxcviewieplugin.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn0\yt.dll


Missing files
-------------
File not found: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
referenced in: HKLM\System\CurrentControlSet\Services\catchme\"ImagePath"

File not found: C:\WINDOWS\System32\drivers\3384f7fd.sys
referenced in: HKLM\System\CurrentControlSet\Services\3384f7fd\"ImagePath"


Scan
----
<unsigned> MD5: fa3482a9eec16faf32bd6be6400cce93 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
<unsigned> MD5: e6f1eccac30190e631eb3fd6da9f8a24 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: dd920bd959dc5aef72413d9232182116 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: 75c4a08eeba68b37a3d102343e203f6b C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
<unsigned> MD5: afb33df2fe4cd33c6fc19a540ebe7ba2 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: ebebdbf1df7621623bbc5af82b533542 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
<unsigned> MD5: 696f6787818300362f15485d654f6887 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles/7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\RadioWMPCore.dll
<unsigned> MD5: e6f1eccac30190e631eb3fd6da9f8a24 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
<unsigned> MD5: dd920bd959dc5aef72413d9232182116 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
<unsigned> MD5: afb33df2fe4cd33c6fc19a540ebe7ba2 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
<unsigned> MD5: ebebdbf1df7621623bbc5af82b533542 C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\7rivjk4s.default\extensions\{90bb40dd-12c4-4cb9-85c7-63a17db85b55}\components\FFExternalAlert.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: c58807b4cc5e4a6e445ec3818ad8646c C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 2938fa8e327ea1b843d3e13b984739e6 C:\Program Files\iolo\Common\Lib\Corvus.dll
<unsigned> MD5: 114243975f3243c9202ce184015adf21 C:\Program Files\iolo\Common\Lib\LMResource.dll
<unsigned> MD5: 1aab00ae4ffb5c72a0a06a254f80510e C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 39dfd2c92728fca093d5bdefe5f6e801 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: 25e2ece24a1aa9d0d3a42a5bff1939f1 C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
<unsigned> MD5: 89e6d66ec90b4e8e41b55248eb7c84cb C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: aa6359923ba94b0ab0e42ac64d1b079f C:\Program Files\Quick Tab Change\Quick Tab Change.exe
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
<unsigned> MD5: e5ac9f8c128b597dd7919af96b84172e C:\WINDOWS\system32\drivers\pfc.sys
<unsigned> MD5: a881d47c9fe45d96a2f091c7a0486b7b C:\WINDOWS\system32\iavlsp.dll
<unsigned> MD5: b4a42c1f84a33313a3eaaf81eba27fa5 C:\WINDOWS\system32\Print602.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.29 KB recvd
Scanned 578 files and modules - 38 seconds





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users