Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeAlert/ Vundo Infection


  • This topic is locked This topic is locked
13 replies to this topic

#1 HouseBoat

HouseBoat

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 04 February 2009 - 11:05 PM

Currently, I'm running AVG anti-virus, as well as a handful of anti-spyware programs. Recently, AVG alerted me of a possible virus threat, so I sent it to the virus vault. Immediately after I did this, I received about five or six similar threat warnings. I sent some to the virus vault, and tried to remove others in an attempt to stop the prompts. All of the viruses were of the Trojan horse variety. The names are listed below:
Trojan horse Vundo.DP
Trojan horse SHeur2KYI
Trojan horse FakeAlert.DT
Trojan horse Downloader.Generic8.GNQ
Virus identified Win32/Cryptor

Additionally, I keep getting a prompt that is titled SolutionCenter. Within the prompt reads: The feature you are trying to use is on a CD-ROM or other removable disk that is not available. Insert the 'SolutionCenter' disk and click OK.
After I click cancel, I get another prompt that says: An installation package for the product SolutionCenter cannot be found. Try the installation again using a valid copy of the installation package 'SolutionCenter.msi'
I'm not sure if these problems are related.
Below are the results of my system scan.


DDS (Ver_09-02-01.01) - NTFSx86
Run by Marcus House at 21:20:04.84 on Wed 02/04/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2251 [GMT -6:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Marcus House\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Marcus House\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Search panel: {068f464d-9185-5caa-7555-73fa9cc9bd87} - c:\windows\system32\mokbvvkpbcunkj.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LxrAutorun] c:\documents and settings\marcus house\local settings\application data\lexar media\LxrAutorun.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [InterWrite Device Manager] "c:\program files\interwrite learning\interwrite workspace\IWStarter.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ezurio\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ezurio\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ezurio\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-8-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-8-28 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-8-28 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-8-28 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-8-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-8-28 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-8-28 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-8-28 4960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-11-12 72672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-21 29744]

=============== Created Last 30 ================

2009-01-21 21:56 <DIR> --d----- c:\docume~1\marcus~1\applic~1\Malwarebytes
2009-01-21 21:56 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-21 21:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 21:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 21:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-21 21:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-21 18:53 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-21 18:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 18:51 <DIR> --d----- c:\program files\Lavasoft
2009-01-17 15:51 <DIR> --d----- c:\program files\Trend Micro
2009-01-17 15:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-17 12:38 <DIR> --d----- c:\windows\pss

==================== Find3M ====================

2009-01-17 09:28 57,209 a------- c:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe
2008-12-24 23:55 179,902 a------- c:\windows\hpwins14.dat
2008-12-13 00:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-09-13 19:28 0 a------- c:\docume~1\marcus~1\applic~1\wklnhst.dat
2008-08-11 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 21:20:38.98 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:07:57 PM

Posted 17 February 2009 - 10:45 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 HouseBoat

HouseBoat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 19 February 2009 - 11:44 PM

I allowed AVG to remove the original TrojanHorse infections, and have run a number of subsequent scans yielding no result (at least no malicious results). However, my computer went to a blue screen with a bunch of white text the other day. If I recall correctly, the text said something to the effect of, "There has been a critical error.......etc.....If this is the first time you have seen this screen.....". I apologize, but that's the most I can remember. This happened while I was at work, while my machine was disconnected from the internet.



DDS (Ver_09-02-01.01) - NTFSx86
Run by Marcus House at 22:33:04.57 on Thu 02/19/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2088 [GMT -6:00]

AV: AVG 7.5.552 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Marcus House\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Marcus House\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
EB: Search panel: {068f464d-9185-5caa-7555-73fa9cc9bd87} - c:\windows\system32\mokbvvkpbcunkj.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LxrAutorun] c:\documents and settings\marcus house\local settings\application data\lexar media\LxrAutorun.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [AVG7_CC] c:\progra~1\grisoft\avg7\avgcc.exe /STARTUP
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [InterWrite Device Manager] "c:\program files\interwrite learning\interwrite workspace\IWStarter.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [AVG7_Run] c:\progra~1\grisoft\avg7\avgw.exe /RUNONCE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ezurio\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ezurio\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ezurio\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R1 Avg7Core;AVG7 Kernel;c:\windows\system32\drivers\avg7core.sys [2007-8-28 821856]
R1 Avg7RsW;AVG7 Wrap Driver;c:\windows\system32\drivers\avg7rsw.sys [2007-8-28 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;c:\windows\system32\drivers\avg7rsxp.sys [2007-8-28 27776]
R1 AvgClean;AVG7 Clean Driver;c:\windows\system32\drivers\avgclean.sys [2007-8-28 10760]
R2 Avg7Alrt;AVG7 Alert Manager Server;c:\progra~1\grisoft\avg7\avgamsvr.exe [2007-8-28 418816]
R2 Avg7UpdSvc;AVG7 Update Service;c:\progra~1\grisoft\avg7\avgupsvc.exe [2007-8-28 49664]
R2 AVGEMS;AVG E-mail Scanner;c:\progra~1\grisoft\avg7\avgemc.exe [2007-8-28 406528]
R2 AvgTdi;AVG Network Redirector;c:\windows\system32\drivers\avgtdi.sys [2007-8-28 4960]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-11-12 72672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-21 29744]

=============== Created Last 30 ================

2009-02-17 18:45 <DIR> --d----- c:\program files\CSTL
2009-02-17 15:12 <DIR> --d----- c:\documents and settings\marcus house\Stamp
2009-01-21 21:56 <DIR> --d----- c:\docume~1\marcus~1\applic~1\Malwarebytes
2009-01-21 21:56 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-21 21:56 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-21 21:56 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-21 21:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-21 21:43 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-21 18:53 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-21 18:51 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-21 18:51 <DIR> --d----- c:\program files\Lavasoft

==================== Find3M ====================

2009-01-17 15:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-17 09:28 57,209 a------- c:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-24 23:55 179,902 a------- c:\windows\hpwins14.dat
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-09-13 19:28 0 a------- c:\docume~1\marcus~1\applic~1\wklnhst.dat
2008-08-11 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 22:33:32.43 ===============

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 20 February 2009 - 04:17 PM

Hello.

2 more scans please.

Download and run MalwareBytes Anti-Malware(Full Scan)

Please download Malwarebytes Anti-Malware and save it to your desktop if you lost your copy and need to install it, otherwise skip the installation step and continue with the Full Scan.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and Run Scan with GMER

We will use GMER to scan for rootkits.
  • Download gmer.zip and save to your desktop.
    Alternate Download Site 1
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click the >>>
  • Click on Settings, then check the first five settings:
    • System Protection and Tracing
    • Processes
    • Save created processes to the log
    • Drivers
    • Save loaded drivers to the log
  • You will be prompted to restart your computer. Please do so.
  • After the reboot, run Gmer again and click on the Rootkit tab.[list]
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for Show All.
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan. You will know that the scan is done when the Stop buttons turns back to Scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose New>Text document. Once the file is created, open it and right-click again and choose Paste. Save the file as gmer.txt and copy the information in your next reply.
If GMER doesn't work in Normal Mode try running it in Safe Mode

Important!:Please do not select the Show all checkbox during the scan..

Also what problems do you have currently?

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 HouseBoat

HouseBoat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 21 February 2009 - 01:45 AM

Malwarebytes' Anti-Malware 1.34
Database version: 1783
Windows 5.1.2600 Service Pack 3

2/21/2009 12:10:35 AM
mbam-log-2009-02-21 (00-10-35).txt

Scan type: Full Scan (C:\|Z:\|)
Objects scanned: 168410
Time elapsed: 53 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached Files



#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 21 February 2009 - 11:16 AM

Hello.

You indeed had some infections from the attach log. Let's run smitfraudfix and see if it can help us remove anything else. GMER and MBAM scan was clean.

Your AVG 7.5 did a fairly good job on removing the threats, but it is currently outdated now. I suggest you remove it and install a new AV.

Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case LimeWire 4.16.7). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

While you are at it, please remove these Java programs as the are outdated:
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5


Reboot Your Computer Afterwards

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:Update It after the installation is complete please.

There is one file and entry that looks very suspicious and I do not know what it is. Doesn't look good at all though. Do you know what that is?

c:\windows\system32\mokbvvkpbcunkj.dll
c:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe

Let's sumbit it to an online scanner and see what it is.. Then we can remove it afterwards :thumbup2:

Submit File to Online Scanner

There is a file that I would like you to check out for me using VirusTotal/VirSCAN
  • Open VirusTotal Online Scanner or VirSCAN. If one site is busy or down, try the other
  • At the top of the page you'll see a box. Paste in the following line(s) (do one line at a time).
  • c:\windows\system32\mokbvvkpbcunkj.dll
  • Click Submit.
  • Wait for the scan to finish.
  • Copy Scanner Results into your next reply.
  • If more than one file was listed, repeat for each of them.
Run SmitFraudFix

Download SmitfraudFix and save it on your desktop.

You can find complete instructions for running SmitFraudFix in the link below:
http://www.bleepingcomputer.com/forums/t/17258/how-to-remove-the-smitfraud-generic-zlob-quicknavigate-virtual-maid/

I suggest your print these instructions out or save them somewhere so when you are in Safe Mode you can follow the instructions correctly.
  • Boot your computer into Safe Mode(Refer below on how to boot into Safe Mode) before we can run this tool.
  • Double click the icon(Smitfraudfix) to run it.
  • Select Option 2 by typing 2 and hitting Enter.
  • The scan will progress. Answer Yes to any prompts you receive. This will include running disk cleanup and removing infected files.
  • The tool will restart your computer.
  • Upon reboot, a log file located at C:\rapport.txt will open. Copy its contents into your next reply.
Boot Into Safe Mode

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use your arrow keys to navigate and highlight Safe Mode.
  • Hit Enter.
  • You will now be asked to choose your operating system. Again, use the arrow keys to select Microsoft Windows XP.
  • Hit Enter.
Your computer will proceed to booting into Safe Mode. During the boot process, you may see random code go past your screen. Simply wait for it to pass. Your computer should boot like usually, except with Safe Mode written in the corners of your screen. Your screen may also appear to be a different size because the video drivers are not loaded properly in Safe Mode.

After the boot, you will be asked whether you wish to use system restore, or to continue to Safe Mode. Select OK to choose Safe mode.

Post back with:
-VirusTotal/VirScan log
-Smitfraudfix log
-New DDS log
-How's your computer running? What problems do you have?


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 24 February 2009 - 05:12 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 days the topic will need to be closed.

Thanks for understanding. :thumbup2:

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 26 February 2009 - 04:40 PM

Hello.

Due to Lack of feedback, this topic is now Closed.

If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic in the Hijackthis-Malware Removal forum.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 28 February 2009 - 06:05 PM

Hello..

Topic re-opened upon user's request. Please post the required logs and a description of any problems you may still have.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 HouseBoat

HouseBoat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 28 February 2009 - 07:30 PM

My computer seems to be running OK. However, after running Smitfraudfix in safe mode then rebooting in regular mode, my desktop background is gone. The other day I received an alert message saying that windows had to close my "system32" driver in order to protect my computer, and asked if I wanted to send an error report. I'm not sure what sytem32 is, but it seems like a lot of my problems stem from there. The requested scan logs are listed below.

VirSCAN.org Scanned Report :
Scanned time : 2009/02/28 12:33:26 (CST)
Scanner results: 11% Scanner(4/37) found malware!
File Name : mokbvvkpbcunkj.dll-uninst.exe
File Size : 57209 byte
File Type : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5 : 9baa44e717b0626bf94ae9fcdbc18169
SHA1 : 8ff2886cf673da784a04faa58606c5b3ac8f4356
Online report : http://virscan.org/report/aba9557070ab6095...54a2040ace.html

Scanner Engine Ver Sig Ver Sig Date Time Scan result
a-squared 4.0.0.32 20090228190237 2009-02-28 2.29 -
AhnLab V3 ... .. -- 0.90 -
AntiVir 7.9.0.98 7.1.2.96 2009-02-28 1.91 -
Antiy 2.0.18 20090228.2206344 2009-02-28 0.12 -
Authentium 5.1.1 200902272255 2009-02-27 1.09 W32/Backdoor2.DWCD (Exact)
AVAST! 3.0.1 090227-0 2009-02-27 0.01 -
AVG 7.5.52.442 270.11.4/1976 2009-02-27 1.95 -
BitDefender 7.81008.2684829 7.23904 2009-03-01 2.72 -
CA (VET) 9.0.0.143 31.6.6376 2009-02-26 4.70 -
ClamAV 0.94.2 9057 2009-02-28 0.03 -
Comodo 3.8 986 2009-02-28 0.45 -
CP Secure 1.1.0.715 2009.03.01 2009-03-01 7.24 -
Dr.Web 4.44.0.9170 2009.02.28 2009-02-28 4.12 -
F-Prot 4.4.4.56 20090226 2009-02-26 1.08 W32/Backdoor2.DWCD (exact)
F-Secure 5.51.6100 2009.02.27.15 2009-02-27 0.09 -
Fortinet 2.81-3.117 10.94 2009-02-28 0.21 -
GData 19.3517/19.240 20090228 2009-02-28 3.29 -
ViRobot 20090228 2009.02.28 2009-02-28 0.40 -
Ikarus T3.1.01.45 2009.02.28.72364 2009-02-28 3.76 -
JiangMin 11.0.706 2009.02.28 2009-02-28 1.84 -
Kaspersky 5.5.10 2009.02.28 2009-02-28 0.08 -
KingSoft 2009.2.5.15 2009.2.28.20 2009-02-28 0.61 -
McAfee 5.3.00 5538 2009-02-27 2.93 Generic MultiDropper.n
Microsoft 1.4306 2009.02.28 2009-02-28 4.67 -
mks_vir 2.01 2009.02.27 2009-02-27 2.68 -
Norman 6.00.06 6.00.00 2009-02-27 8.01 -
Panda 9.05.01 2009.02.28 2009-02-28 1.50 -
Trend Micro 8.700-1004 5.874.22 2009-02-28 0.04 -
Quick Heal 10.00 2009.02.28 2009-02-28 1.51 -
Rising 20.0 21.18.52.00 2009-02-28 0.99 -
Sophos 2.84.1 4.39 2009-03-01 2.00 -
Sunbelt 5014 5014 2009-02-27 0.68 -
Symantec 1.3.0.24 20090227.004 2009-02-27 0.05 -
nProtect 20090228.01 3179804 2009-02-28 3.94 -
The Hacker 6.3.2.6 v00267 2009-02-27 0.50 Trojan/Fakealert.gen
VBA32 3.12.10.1 20090227.0921 2009-02-27 2.03 -
VirusBuster 4.5.11.10 10.101.29/963337 2009-02-28 1.34 -


DDS:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Marcus House at 13:04:35.07 on Sat 02/28/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2296 [GMT -6:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Outdated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Marcus House\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Marcus House\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
uDefault_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us-smb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.0.926.3450\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
EB: Search panel: {068f464d-9185-5caa-7555-73fa9cc9bd87} - c:\windows\system32\mokbvvkpbcunkj.dll
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [LxrAutorun] c:\documents and settings\marcus house\local settings\application data\lexar media\LxrAutorun.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [KADxMain] c:\windows\system32\KADxMain.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [InterWrite Device Manager] "c:\program files\interwrite learning\interwrite workspace\IWStarter.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bttray.lnk - c:\program files\ezurio\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellne~1.lnk - c:\windows\installer\{0240bdfb-2995-4a3f-8c96-18d41282b716}\Icon0240BDFB3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\ezurio\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\ezurio\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} - hxxps://install.charter.com/diskless/bin/ssctlsma.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-21 64160]
R1 avgio;avgio;c:\program files\avira\antivir personaledition classic\avgio.sys [2009-2-22 11840]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\avira\antivir personaledition classic\sched.exe [2009-2-22 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard;c:\program files\avira\antivir personaledition classic\avguard.exe [2009-2-22 151297]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [2007-11-12 72672]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avgntflt;avgntflt;c:\program files\avira\antivir personaledition classic\avgntflt.sys [2009-2-22 52032]
S3 GoogleDesktopManager-093007-112848;Google Desktop Manager 5.5.709.30344;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-8-21 29744]

=============== Created Last 30 ================

2009-02-22 12:25 <DIR> --d----- c:\program files\Avira
2009-02-22 12:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-02-21 23:17 <DIR> --d----- c:\docume~1\marcus~1\applic~1\AVGTOOLBAR
2009-02-21 23:16 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-02-20 22:26 345 a------- c:\windows\gmer.ini
2009-02-19 22:59 <DIR> --d----- c:\docume~1\marcus~1\applic~1\OIS
2009-02-17 18:45 <DIR> --d----- c:\program files\CSTL
2009-02-17 15:12 <DIR> --d----- c:\documents and settings\marcus house\Stamp

==================== Find3M ====================

2009-02-11 10:19 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 10:19 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-31 16:44 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-21 18:52 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-17 15:35 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-17 09:28 57,209 a------- c:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe
2009-01-16 21:35 3,594,752 a------- c:\windows\system32\dllcache\mshtml.dll
2008-12-24 23:55 179,902 a------- c:\windows\hpwins14.dat
2008-12-19 03:10 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 03:10 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-12-18 23:25 634,024 -------- c:\windows\system32\dllcache\iexplore.exe
2008-12-18 23:23 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2008-12-11 04:57 333,952 -------- c:\windows\system32\dllcache\srv.sys
2007-09-13 19:28 0 a------- c:\docume~1\marcus~1\applic~1\wklnhst.dat
2008-08-11 19:16 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081120080812\index.dat

============= FINISH: 13:05:06.00 ===============


Smitfraud:


SmitFraudFix v2.398

Scan done at 17:53:03.71, Sat 02/28/2009
Run from C:\Documents and Settings\Marcus House\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
...

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\Tasks\At??.job Deleted

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E7345DD7-B459-487E-A62C-5F193B502D0B}: DhcpNameServer=24.217.0.5 24.217.201.67
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E7345DD7-B459-487E-A62C-5F193B502D0B}: DhcpNameServer=24.217.0.5 24.217.201.67
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E7345DD7-B459-487E-A62C-5F193B502D0B}: DhcpNameServer=24.217.0.5 24.217.201.67
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=24.217.0.5 24.217.201.67
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=24.217.0.5 24.217.201.67
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=24.217.0.5 24.217.201.67


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Attached Files



#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 28 February 2009 - 08:16 PM

Hello.

Glad your computer is better. You can change the background yourself manually.

Your Anti-virus software is outdated. Please update it now to ensure you have the latest protection threats immunized.

Download and Run OTMoveIT3
  • Please download OTMoveIt3 by OldTimer and save it to your desktop. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Double click the Posted Image icon on your desktop.
  • Paste the following code under the Posted Image area. Do not include the word "Code".
    :files
    C:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe
    C:\windows\system32\mokbvvkpbcunkj.dll
    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars]
    "{068f464d-9185-5caa-7555-73fa9cc9bd87}"=-
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
    "{068f464d-9185-5caa-7555-73fa9cc9bd87}"=-
    [-HKEY_CLASSES_ROOT\CLSID\{068f464d-9185-5caa-7555-73fa9cc9bd87}]
    :commands
    [EmptyTemp]
    [Reboot]
  • Click the large Posted Image button.
  • Copy/Paste the contents under the Posted Image line here in your next reply.
Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner.

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky Scanner page.
  • Click on Accept and install any components it needs.
  • The program will install and then begin downloading the latest definition files.
  • After the files have been downloaded on the left side of the page in the Scan section select My Computer
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Download and run OTListIT2

We need to create an OTListIt2 Report
  • Please download OTListIt2 from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Post both logs in your next reply please.
Post back with:
-OTMoveIT log
-Kaspersky scan log
-Run GMER again and give me the report, there's not too much showing in the log
-New OTListIT2 log


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 HouseBoat

HouseBoat
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:57 PM

Posted 01 March 2009 - 02:06 PM

========== FILES ==========
C:\windows\system32\mokbvvkpbcunkj.dll-uninst.exe moved successfully.
File/Folder C:\windows\system32\mokbvvkpbcunkj.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars\\{068f464d-9185-5caa-7555-73fa9cc9bd87} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{068f464d-9185-5caa-7555-73fa9cc9bd87}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\\{068f464d-9185-5caa-7555-73fa9cc9bd87} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{068f464d-9185-5caa-7555-73fa9cc9bd87}\ not found.
Registry key HKEY_CLASSES_ROOT\CLSID\{068f464d-9185-5caa-7555-73fa9cc9bd87}\\ not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7e8.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 03012009_092847

Files moved on Reboot...
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_7e8.dat not found!

The Kaspersky scan came back completely clean.


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-03-01 13:00:38
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xBA0F887E]
SSDT BA7463DC ZwCreateThread
SSDT BA7463C8 ZwOpenProcess
SSDT BA7463CD ZwOpenThread
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xBA0F8C10]
SSDT BA7463D7 ZwTerminateProcess
SSDT BA7463D2 ZwWriteVirtualMemory

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0039B467
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0039B27A
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00396CA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00397881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0039962B
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 0039804D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00397A66
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 00398EA6
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0039AB0E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0039AB3E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0039B681
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0039A868
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 003995BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 0039870D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00397E61
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 003983A9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0039B9AD
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 003990A5
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 003994B7
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 00399BFA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 003998EA
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 00399BA8
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0039A1E4
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 00399CF2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00397C75
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 00398662
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0039ABE9
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 003999AC
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0039956E
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 003992E2
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 003996BB
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0039B68D
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 00399881
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0039B812
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0039B7E0
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0039B935
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0039B991
IAT C:\Program Files\Dell Network Assistant\ezi_hnm2.exe[2368] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0039B87E

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A531AD20

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
Device DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\008098e4b0b3
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\008098e4b0b3

---- EOF - GMER 1.0.14 ----


OTListIt logfile created on: 3/1/2009 9:48:36 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.1 Folder = C:\Documents and Settings\Marcus House\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 47.74 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
Drive D: | 368.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCUS
Current User Name: Marcus House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 90 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2007/02/21 10:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2008/04/13 18:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2007/02/21 10:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2007/02/21 10:19:40 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
PRC - [2009/01/31 16:43:59 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2003/11/17 09:15:18 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe
PRC - [2008/10/29 16:22:49 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
PRC - [2007/05/25 10:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2009/01/17 15:35:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe
PRC - [2007/02/21 10:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2008/04/13 18:12:29 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe
PRC - [2007/06/03 13:20:58 | 00,851,968 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2007/06/06 14:30:22 | 00,162,584 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2007/06/06 14:30:24 | 00,138,008 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxpers.exe
PRC - [2007/06/06 14:30:28 | 00,252,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxsrvc.exe
PRC - [2007/02/21 10:19:58 | 00,819,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
PRC - [2007/02/21 10:17:42 | 00,970,752 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
PRC - [2007/05/14 13:23:32 | 01,191,936 | ---- | M] (Dell Inc) -- C:\Program Files\Dell\QuickSet\quickset.exe
PRC - [2007/06/06 14:28:18 | 00,405,504 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/11/02 13:05:50 | 00,282,624 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\KADxMain.exe
PRC - [2006/10/03 10:37:04 | 00,081,920 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
PRC - [2006/11/05 10:22:16 | 00,221,184 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
PRC - [2006/08/17 08:00:00 | 01,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2007/04/16 15:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2007/04/27 09:36:24 | 01,122,304 | ---- | M] (Interwrite Learning) -- C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe
PRC - [2008/04/13 18:12:40 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe
PRC - [2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2007/10/14 21:17:32 | 00,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
PRC - [2006/11/03 19:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008/10/21 16:31:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/01/31 16:44:02 | 00,509,784 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2009/01/17 15:35:05 | 00,136,600 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2008/06/12 13:28:45 | 00,266,497 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
PRC - [2007/08/28 18:27:40 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/09 11:00:44 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Marcus House\Local Settings\Application Data\Lexar Media\LxrAutorun.exe
PRC - [2003/11/17 09:25:16 | 00,503,869 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe
PRC - [2007/05/25 10:39:38 | 00,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
PRC - [2006/11/03 17:02:14 | 00,050,688 | ---- | M] (Avanquest Software ) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2004/08/04 04:00:00 | 00,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2007/02/21 10:13:26 | 00,487,424 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
PRC - [2006/11/05 09:55:48 | 00,010,752 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
PRC - [2008/03/07 15:41:14 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
PRC - [2008/03/07 16:04:10 | 00,610,304 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
PRC - [2007/11/02 20:12:50 | 00,262,144 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
PRC - [2008/12/18 23:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2008/10/15 14:55:10 | 00,116,016 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
PRC - [2009/01/17 15:35:05 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\java.exe
PRC - [2009/03/01 09:47:08 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcus House\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/10/15 13:31:53 | 00,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler [Auto | Running])
SRV - [2008/10/15 13:30:02 | 00,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 00:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2003/11/17 09:15:18 | 00,135,168 | ---- | M] (WIDCOMM, Inc.) -- C:\Program Files\Ezurio\Bluetooth Software\bin\btwdins.exe -- (btwdins [Auto | Running])
SRV - [2007/02/21 10:28:36 | 00,643,072 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])
SRV - [2008/09/16 17:33:31 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service [On_Demand | Stopped])
SRV - [2008/02/20 16:59:40 | 00,029,744 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-093007-112848 [On_Demand | Stopped])
SRV - [2008/10/29 16:22:49 | 00,168,432 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [Auto | Running])
SRV - [2008/04/13 18:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2007/05/25 10:38:46 | 00,112,176 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc [Auto | Running])
SRV - [2008/03/07 16:04:10 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08 [On_Demand | Running])
SRV - [2007/11/06 21:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc [Auto | Running])
SRV - [2007/10/14 21:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC [Auto | Running])
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/11/20 13:20:44 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])
SRV - [2009/01/17 15:35:05 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/01/31 16:43:59 | 00,950,096 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service [Auto | Running])
SRV - [2006/01/09 13:56:04 | 00,049,152 | ---- | M] () -- C:\WINDOWS\system32\LxrSII1s.exe -- (LxrSII1s [Auto | Running])
SRV - [2006/11/08 16:35:36 | 00,043,520 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12 [Auto | Running])
SRV - [2006/10/26 18:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006/11/08 16:35:38 | 00,053,248 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12 [Auto | Running])
SRV - [2007/02/21 10:10:00 | 00,327,680 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])
SRV - [2006/11/05 10:15:12 | 00,880,640 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe -- (RoxMediaDB9 [On_Demand | Stopped])
SRV - [2006/11/05 10:13:00 | 00,159,744 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe -- (RoxWatch9 [Auto | Stopped])
SRV - [2007/02/21 10:16:48 | 00,983,040 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])
SRV - [2006/09/14 13:54:34 | 00,073,728 | ---- | M] (MicroVision Development, Inc.) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr [On_Demand | Stopped])
SRV - [2006/11/03 19:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])
SRV - [2007/02/21 10:19:40 | 00,294,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- (WLANKEEPER [Auto | Running])
SRV - [2006/10/18 19:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2007/08/21 20:50:25 | 00,021,425 | ---- | M] (Meetinghouse Data Communications) -- C:\WINDOWS\system32\DRIVERS\AegisP.sys -- (AegisP [Auto | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Disabled | Stopped])
DRV - [2008/04/13 12:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Disabled | Stopped])
DRV - [2005/08/12 16:50:46 | 00,016,128 | ---- | M] (Dell Inc) -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV [System | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Disabled | Stopped])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Disabled | Stopped])
DRV - [2007/02/27 14:25:01 | 00,011,840 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio [System | Running])
DRV - [2008/05/20 15:29:41 | 00,052,032 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt [On_Demand | Running])
DRV - [2008/10/30 10:21:03 | 00,075,072 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2007/05/08 20:49:02 | 00,045,568 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2003/11/17 08:30:00 | 00,021,861 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\DRIVERS\btaudio.sys -- (BtAudio [On_Demand | Running])
DRV - [2003/11/17 08:35:04 | 00,030,235 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\DRIVERS\btport.sys -- (BTDriver [On_Demand | Running])
DRV - [2003/11/17 08:46:10 | 01,258,394 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL [Boot | Running])
DRV - [2003/11/17 08:51:26 | 00,022,183 | ---- | M] () -- C:\WINDOWS\system32\drivers\btserial.sys -- (BTSERIAL [Auto | Running])
DRV - [2003/11/17 08:50:50 | 00,222,876 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\system32\drivers\btslbcsp.sys -- (BTSLBCSP [Auto | Running])
DRV - [2003/11/17 08:29:42 | 00,051,848 | ---- | M] (WIDCOMM, Inc.) -- C:\WINDOWS\System32\Drivers\btwusb.sys -- (BTWUSB [On_Demand | Stopped])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Disabled | Stopped])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Disabled | Stopped])
DRV - [2006/08/18 12:17:46 | 00,035,096 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABMFSM.SYS -- (DLABMFSM [Auto | Running])
DRV - [2006/08/18 12:17:40 | 00,032,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLABOIOM.SYS -- (DLABOIOM [Auto | Running])
DRV - [2006/08/11 09:35:18 | 00,012,920 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM [System | Running])
DRV - [2006/08/18 12:18:08 | 00,009,400 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLADResM.SYS -- (DLADResM [Auto | Running])
DRV - [2006/08/18 12:17:38 | 00,104,472 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M [Auto | Running])
DRV - [2006/08/18 12:17:42 | 00,026,008 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM [Auto | Running])
DRV - [2006/08/18 12:17:38 | 00,014,520 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAPoolM.SYS -- (DLAPoolM [Auto | Running])
DRV - [2006/08/11 09:35:16 | 00,028,184 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DLARTL_M.SYS -- (DLARTL_M [System | Running])
DRV - [2006/08/18 12:17:44 | 00,094,648 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM [Auto | Running])
DRV - [2006/08/18 12:17:44 | 00,097,848 | ---- | M] (Roxio) -- C:\WINDOWS\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M [Auto | Running])
DRV - [2006/07/21 10:21:26 | 00,099,176 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB [Boot | Running])
DRV - [2006/08/11 10:05:58 | 00,051,768 | ---- | M] (Roxio) -- C:\WINDOWS\System32\Drivers\DRVNDDM.SYS -- (DRVNDDM [Auto | Running])
DRV - [2006/11/02 11:31:38 | 00,103,168 | ---- | M] (Knowles Acoustics) -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02 [On_Demand | Running])
DRV - [2001/08/17 11:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2008/04/17 12:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2009/02/20 22:26:12 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\DRIVERS\gmer.sys -- (gmer [System | Running])
DRV - [2008/04/13 10:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2007/01/17 10:37:17 | 00,049,920 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys -- (HPZid412 [On_Demand | Stopped])
DRV - [2007/01/17 10:37:18 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys -- (HPZipr12 [On_Demand | Stopped])
DRV - [2007/01/17 10:37:19 | 00,021,568 | R--- | M] (HP) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys -- (HPZius12 [On_Demand | Stopped])
DRV - [2007/04/23 20:15:44 | 00,209,152 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2007/04/23 20:15:46 | 00,989,696 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2007/06/06 14:30:32 | 05,707,744 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\igxpmp32.sys -- (ialm [On_Demand | Running])
DRV - [2007/05/08 19:22:58 | 00,277,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2009/01/21 18:52:45 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd [Boot | Running])
DRV - [2006/12/14 09:37:40 | 00,072,672 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys -- (LxrSII1d [Auto | Running])
DRV - [2007/04/23 20:15:48 | 00,012,672 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Disabled | Stopped])
DRV - [2007/05/08 22:05:36 | 02,203,520 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2006/12/18 18:01:20 | 00,012,672 | ---- | M] (SingleClick Systems) -- C:\WINDOWS\system32\DRIVERS\packet.sys -- (Packet [Auto | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/11/29 16:30:24 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Disabled | Stopped])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Disabled | Stopped])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Disabled | Stopped])
DRV - [2007/05/08 20:46:06 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimmptsk.sys -- (rimmptsk [Auto | Running])
DRV - [2007/05/08 20:46:08 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rimsptsk.sys -- (rimsptsk [Auto | Running])
DRV - [2007/05/08 20:46:12 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\DRIVERS\rixdptsk.sys -- (rismxdp [Auto | Running])
DRV - [2004/08/04 04:00:00 | 00,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\Drivers\RootMdm.sys -- (ROOTMODEM [On_Demand | Running])
DRV - [2007/02/21 10:16:12 | 00,012,416 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\s24trans.sys -- (s24trans [Auto | Running])
DRV - [2007/11/13 04:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2008/04/13 12:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Disabled | Stopped])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Disabled | Stopped])
DRV - [2007/03/01 09:34:22 | 00,028,352 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2007/06/06 14:28:16 | 01,222,840 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])
DRV - [2001/08/17 13:53:32 | 00,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\serscan.sys -- (StillCam [On_Demand | Stopped])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Disabled | Stopped])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Disabled | Stopped])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Disabled | Stopped])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Disabled | Stopped])
DRV - [2007/06/03 13:20:58 | 00,202,912 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Disabled | Stopped])
DRV - [2008/10/01 12:01:28 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2007/04/23 20:15:46 | 00,730,112 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Invalid data type.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=3070822
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\S-1-5-21-2086717548-1384249778-2005057941-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\S-1-5-21-2086717548-1384249778-2005057941-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c} -> %AllUsersProfile%\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C} [C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MOZILLA\FIREFOX EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}] -> [2007/08/30 16:12:00 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758} -> %ProgramFiles%\REAL\REALPLAYER\BROWSERRECORD [C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD] -> [2008/10/21 16:32:43 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> %ProgramFiles%\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2 [C:\PROGRAM FILES\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/01/10 17:04:23 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{312FA347-2371-4F47-8A71-E4604099A163} -> %UserProfile%\LOCAL SETTINGS\APPLICATION DATA\{312FA347-2371-4F47-8A71-E4604099A163} [C:\DOCUMENTS AND SETTINGS\MARCUS HOUSE\LOCAL SETTINGS\APPLICATION DATA\{312FA347-2371-4F47-8A71-E4604099A163}] -> [2009/01/12 17:22:08 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com -> %ProgramFiles%\JAVA\JRE6\LIB\DEPLOY\JQS\FF [C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF] -> [2009/01/17 15:35:07 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Marcus House\Application Data\mozilla\Firefox\Profiles\llpu6bhb.default\extensions [2007/08/30 16:25:05 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Marcus House\Application Data\mozilla\Firefox\Profiles\llpu6bhb.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2007/08/30 16:25:22 00,000,000 | ---D | M]
FF - C:\Documents and Settings\Marcus House\Application Data\mozilla\Firefox\Profiles\llpu6bhb.default\extensions\staged-xpis [2007/08/30 16:25:22 00,000,000 | ---D | M]

O1 HOSTS File: (289607 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 9976 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Key error. File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent (Microsoft Corporation)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
O4 - HKLM..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup (Google)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)
O4 - HKLM..\Run: [InterWrite Device Manager] "C:\Program Files\Interwrite Learning\Interwrite Workspace\IWStarter.exe" (Interwrite Learning)
O4 - HKLM..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup (Macrovision Corporation)
O4 - HKLM..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe (Knowles Acoustics)
O4 - HKLM..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005..\Run: [LxrAutorun] C:\Documents and Settings\Marcus House\Local Settings\Application Data\Lexar Media\LxrAutorun.exe ()
O4 - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\Ezurio\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk = C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Ezurio\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Ezurio\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Ezurio\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 50 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 131 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 131 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-2086717548-1384249778-2005057941-1005\..Trusted Domains: 52 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} https://install.charter.com/diskless/bin/ssctlsma.dll (SmartAccess Ctl Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp Reg Error: Value error. - Reg Error: Key error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 16:15:00 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/06/10 03:26:59 | 00,686,643 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 03:27:01 | 00,686,875 | R--- | M] () - D:\autorun_network.inf -- [ CDFS ]
O32 - AutoRun File - [2008/06/10 03:27:01 | 00,686,698 | R--- | M] () - D:\autorun_usb.inf -- [ CDFS ]
O33 - MountPoints2\{15aa32da-755d-11dc-ba9d-0013e88d7cf3}\Shell - "" = AutoRun
O33 - MountPoints2\{15aa32da-755d-11dc-ba9d-0013e88d7cf3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{15aa32da-755d-11dc-ba9d-0013e88d7cf3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4e79d4c2-6d9a-11dd-bacf-0013e88d7cf3}\Shell\AutoRun\command - "" = E:\wdsync.exe -- File not found
O33 - MountPoints2\{615c4638-8119-11dc-baa0-0013e88d7cf3}\Shell\AutoRun\command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{615c4638-8119-11dc-baa0-0013e88d7cf3}\Shell\Shell00\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{615c4638-8119-11dc-baa0-0013e88d7cf3}\Shell\Shell01\Command - "" = E:\Autorun.exe -- File not found
O33 - MountPoints2\{615c4638-8119-11dc-baa0-0013e88d7cf3}\Shell\Shell02\Command - "" = E:\Autorun.exe -- File not found

========== Files/Folders - Created Within 90 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/01 09:47:05 | 00,497,664 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcus House\Desktop\OTListIt2.exe
[2009/03/01 09:28:47 | 00,000,000 | ---D | C] -- C:\_OTMoveIt
[2009/03/01 09:27:52 | 00,348,160 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marcus House\Desktop\OTMoveIt3.exe
[2009/02/28 18:13:01 | 32,109,32224 | -HS- | C] () -- C:\hiberfil.sys
[2009/02/28 17:53:45 | 00,005,462 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/28 17:52:35 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe
[2009/02/28 17:52:35 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2009/02/28 17:52:34 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe
[2009/02/28 17:52:34 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe
[2009/02/28 17:52:34 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe
[2009/02/28 17:52:34 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe
[2009/02/28 17:52:34 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe
[2009/02/28 17:52:34 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe
[2009/02/28 17:52:34 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe
[2009/02/28 17:52:34 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe
[2009/02/28 17:52:34 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe
[2009/02/28 17:52:34 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe
[2009/02/28 17:52:34 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe
[2009/02/28 17:52:34 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe
[2009/02/28 17:52:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Desktop\SmitfraudFix
[2009/02/28 13:02:40 | 01,662,588 | ---- | C] () -- C:\Documents and Settings\Marcus House\Desktop\SmitfraudFix.exe
[2009/02/28 13:00:14 | 00,012,119 | ---- | C] () -- C:\Documents and Settings\Marcus House\Desktop\VirSCAN.docx
[2009/02/23 15:47:16 | 00,647,728 | ---- | C] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Marcus House\Desktop\R92578.EXE
[2009/02/22 12:25:30 | 00,001,851 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/02/22 12:25:15 | 00,045,376 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2009/02/22 12:25:15 | 00,022,336 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2009/02/22 12:25:14 | 00,028,352 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2009/02/22 12:25:07 | 00,075,072 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2009/02/22 12:25:07 | 00,000,000 | ---D | C] -- C:\Program Files\Avira
[2009/02/22 12:25:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2009/02/21 23:17:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\AVGTOOLBAR
[2009/02/21 23:16:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8
[2009/02/21 22:38:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2009/02/20 22:26:16 | 00,000,345 | ---- | C] () -- C:\WINDOWS\gmer.ini
[2009/02/20 22:26:12 | 00,085,969 | ---- | C] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/02/20 22:26:12 | 00,000,080 | ---- | C] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/02/20 22:26:11 | 00,884,736 | ---- | C] () -- C:\WINDOWS\gmer.dll
[2009/02/20 22:26:11 | 00,811,008 | ---- | C] () -- C:\WINDOWS\gmer.exe
[2009/02/20 22:25:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Desktop\rootkit scanner
[2009/02/19 22:59:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\OIS
[2009/02/17 18:45:46 | 00,000,760 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Manager.lnk
[2009/02/17 18:45:44 | 01,772,544 | ---- | C] (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) -- C:\WINDOWS\System32\IndyProtocols60.bpl
[2009/02/17 18:45:44 | 01,057,792 | ---- | C] (Chad Z. Hower (Kudzu) and the Indy Pit Crew) -- C:\WINDOWS\System32\Indy60.bpl
[2009/02/17 18:45:44 | 00,685,056 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\rtl60.bpl
[2009/02/17 18:45:44 | 00,370,688 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\tee60.bpl
[2009/02/17 18:45:44 | 00,298,496 | ---- | C] (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) -- C:\WINDOWS\System32\IndyCore60.bpl
[2009/02/17 18:45:44 | 00,224,768 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vclie60.bpl
[2009/02/17 18:45:44 | 00,213,504 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vclx60.bpl
[2009/02/17 18:45:44 | 00,131,584 | ---- | C] (Chad Z. Hower a.k.a Kudzu and the Indy Pit Crew) -- C:\WINDOWS\System32\IndySystem60.bpl
[2009/02/17 18:45:44 | 00,096,256 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vcljpg60.bpl
[2009/02/17 18:45:44 | 00,090,112 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vclshlctrls60.bpl
[2009/02/17 18:45:44 | 00,062,464 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vclsmp60.bpl
[2009/02/17 18:45:43 | 01,326,080 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\vcl60.bpl
[2009/02/17 18:45:43 | 01,015,808 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libeay32.dll
[2009/02/17 18:45:43 | 00,640,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\oc30.dll
[2009/02/17 18:45:43 | 00,196,608 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\ssleay32.dll
[2009/02/17 18:45:43 | 00,196,608 | ---- | C] (The OpenSSL Project, http://www.openssl.org/) -- C:\WINDOWS\System32\libssl32.dll
[2009/02/17 18:45:43 | 00,133,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfcans32.dll
[2009/02/17 18:45:43 | 00,110,592 | ---- | C] (Borland Software Corporation) -- C:\WINDOWS\System32\inet60.bpl
[2009/02/17 18:45:42 | 00,000,000 | ---D | C] -- C:\Program Files\CSTL
[2009/02/08 17:40:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\My Documents\TT
[2009/02/04 20:50:41 | 00,368,961 | ---- | C] () -- C:\Documents and Settings\Marcus House\Desktop\dds.scr
[2009/01/29 01:46:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\Move Networks
[2009/01/21 21:56:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\Malwarebytes
[2009/01/21 21:56:09 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/01/21 21:56:09 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/21 21:56:06 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/01/21 21:56:05 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/01/21 21:56:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/21 21:43:26 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/01/21 18:53:10 | 00,064,160 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/01/21 18:53:05 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/01/21 18:51:42 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
[2009/01/21 18:51:40 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/21 18:51:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/01/17 15:51:06 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Marcus House\Desktop\HijackThis.lnk
[2009/01/17 15:51:04 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/01/17 12:38:59 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/01/17 12:24:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/01/17 12:07:18 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/17 12:04:06 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/01/12 17:22:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Local Settings\Application Data\{312FA347-2371-4F47-8A71-E4604099A163}
[2008/12/29 15:42:21 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\Digital Album Organizer
[2008/12/29 15:39:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\My Documents\My PhotoShows
[2008/12/29 15:33:54 | 00,000,000 | ---D | C] -- C:\Temp
[2008/12/29 15:29:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\Walgreens
[2008/12/27 19:36:49 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2008/12/27 17:31:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\HPAppData
[2008/12/24 23:57:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Application Data\HP
[2008/12/24 23:55:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Marcus House\Local Settings\Application Data\HP
[2008/12/24 23:53:04 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\serscan.sys
[2008/12/24 23:53:04 | 00,006,784 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\serscan.sys
[2008/12/24 23:49:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
[2008/12/24 23:46:20 | 00,001,968 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2008/12/24 23:45:18 | 00,001,858 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2008/12/24 23:44:27 | 00,001,960 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2008/12/24 23:43:27 | 00,000,984 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2008/12/24 23:43:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
[2008/12/24 23:42:14 | 00,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2008/12/24 23:42:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HP
[2008/12/24 23:40:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\HP
[2008/12/24 23:40:35 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard
[2008/12/24 23:40:34 | 00,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2008/12/24 23:39:11 | 00,012,717 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2008/12/24 23:39:09 | 00,000,000 | ---D | C] -- C:\WINDOWS\braveheart
[2008/12/24 23:38:43 | 00,000,000 | ---D | C] -- C:\Program Files\HP
[2008/12/24 23:38:31 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2008/12/24 23:38:31 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2008/12/24 23:35:04 | 00,179,902 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2008/12/24 23:35:04 | 00,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat

========== Files - Modified Within 90 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/01 09:47:08 | 00,497,664 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcus House\Desktop\OTListIt2.exe
[2009/03/01 09:36:55 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/03/01 09:35:20 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/01 09:34:58 | 00,002,333 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
[2009/03/01 09:33:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/01 09:33:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/01 09:33:44 | 32,109,32224 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/01 09:27:53 | 00,348,160 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marcus House\Desktop\OTMoveIt3.exe
[2009/02/28 21:10:52 | 00,152,064 | ---- | M] () -- C:\Documents and Settings\Marcus House\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/28 17:53:45 | 00,005,462 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/02/28 17:53:39 | 00,289,607 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/02/28 17:46:33 | 02,690,924 | -H-- | M] () -- C:\Documents and Settings\Marcus House\Local Settings\Application Data\IconCache.db
[2009/02/28 13:02:45 | 01,662,588 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\SmitfraudFix.exe
[2009/02/28 13:00:14 | 00,012,119 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\VirSCAN.docx
[2009/02/23 15:47:17 | 00,647,728 | ---- | M] (Xceed Software Inc. 1-450-442-2626 info@xceedsoft.com www.xceedsoft.com) -- C:\Documents and Settings\Marcus House\Desktop\R92578.EXE
[2009/02/23 00:39:11 | 00,000,126 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\SIS Student Data Management System.url
[2009/02/22 18:45:35 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/02/22 12:25:30 | 00,001,851 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AntiVir PE Classic.lnk
[2009/02/21 00:21:07 | 00,000,345 | ---- | M] () -- C:\WINDOWS\gmer.ini
[2009/02/20 22:26:12 | 00,085,969 | ---- | M] (GMER) -- C:\WINDOWS\System32\drivers\gmer.sys
[2009/02/20 22:26:12 | 00,000,080 | ---- | M] () -- C:\WINDOWS\gmer_uninstall.cmd
[2009/02/20 22:26:11 | 00,884,736 | ---- | M] () -- C:\WINDOWS\gmer.dll
[2009/02/20 22:26:00 | 00,811,008 | ---- | M] () -- C:\WINDOWS\gmer.exe
[2009/02/20 22:08:32 | 00,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/02/20 22:05:26 | 00,000,984 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Solution Center.lnk
[2009/02/19 22:54:38 | 00,000,407 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\Desktop Site Logon.url
[2009/02/17 18:45:46 | 00,000,760 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Manager.lnk
[2009/02/17 10:07:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/02/16 18:52:02 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/02/11 10:19:42 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/02/11 10:19:34 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/02/06 16:16:16 | 00,000,422 | ---- | M] () -- C:\WINDOWS\tasks\Norton Security Scan.job
[2009/02/04 20:50:50 | 00,368,961 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\dds.scr
[2009/02/03 17:21:12 | 21,244,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/01/31 16:44:51 | 00,015,688 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/01/29 20:19:35 | 00,000,098 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2009/01/21 21:56:09 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/01/21 18:52:45 | 00,064,160 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/01/21 18:51:40 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/01/17 15:51:06 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Marcus House\Desktop\HijackThis.lnk
[2009/01/17 14:28:28 | 00,000,542 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/01/17 14:28:28 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/01/17 14:28:28 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2009/01/16 21:35:14 | 03,594,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/24 23:55:17 | 00,179,902 | ---- | M] () -- C:\WINDOWS\hpwins14.dat
[2008/12/24 23:46:20 | 00,001,968 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Document Manager.lnk
[2008/12/24 23:45:18 | 00,001,858 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HP Photosmart Essential 2.5.lnk
[2008/12/24 23:44:27 | 00,001,960 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Shop for HP Supplies.lnk
[2008/12/24 23:42:14 | 00,001,808 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2008/12/20 17:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wininet.dll
[2008/12/20 17:15:41 | 00,826,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2008/12/20 17:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\urlmon.dll
[2008/12/20 17:15:40 | 01,160,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2008/12/20 17:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\webcheck.dll
[2008/12/20 17:15:40 | 00,233,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\webcheck.dll
[2008/12/20 17:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2008/12/20 17:15:39 | 00,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2008/12/20 17:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\occache.dll
[2008/12/20 17:15:38 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2008/12/20 17:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\pngfilt.dll
[2008/12/20 17:15:38 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pngfilt.dll
[2008/12/20 17:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2008/12/20 17:15:32 | 00,671,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2008/12/20 17:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msrating.dll
[2008/12/20 17:15:31 | 00,193,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msrating.dll
[2008/12/20 17:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtmled.dll
[2008/12/20 17:15:30 | 00,477,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2008/12/20 17:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2008/12/20 17:15:24 | 00,052,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2008/12/20 17:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2008/12/20 17:15:23 | 01,831,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2008/12/20 17:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2008/12/20 17:15:23 | 00,459,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2008/12/20 17:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2008/12/20 17:15:23 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2008/12/20 17:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iertutil.dll
[2008/12/20 17:15:22 | 00,267,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2008/12/20 17:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll
[2008/12/20 17:15:21 | 06,066,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2008/12/20 17:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iernonce.dll
[2008/12/20 17:15:21 | 00,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iernonce.dll
[2008/12/20 17:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2008/12/20 17:15:16 | 00,384,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2008/12/20 17:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieapfltr.dll
[2008/12/20 17:15:15 | 00,383,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieapfltr.dll
[2008/12/20 17:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieaksie.dll
[2008/12/20 17:15:14 | 00,230,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieaksie.dll
[2008/12/20 17:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakeng.dll
[2008/12/20 17:15:14 | 00,153,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakeng.dll
[2008/12/20 17:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtrans.dll
[2008/12/20 17:15:13 | 00,214,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtrans.dll
[2008/12/20 17:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\extmgr.dll
[2008/12/20 17:15:13 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2008/12/20 17:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\icardie.dll
[2008/12/20 17:15:13 | 00,063,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\icardie.dll
[2008/12/20 17:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dxtmsft.dll
[2008/12/20 17:15:12 | 00,347,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dxtmsft.dll
[2008/12/20 17:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advpack.dll
[2008/12/20 17:15:11 | 00,124,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\advpack.dll
[2008/12/19 03:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2008/12/19 03:10:15 | 00,070,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2008/12/19 03:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieudinit.exe
[2008/12/19 03:10:15 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2008/12/18 23:25:25 | 00,634,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iexplore.exe
[2008/12/18 23:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieakui.dll
[2008/12/18 23:23:56 | 00,161,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieakui.dll
[2008/12/18 10:49:40 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2008/12/18 10:49:40 | 00,382,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2008/12/18 10:49:40 | 00,053,838 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2008/12/12 00:57:43 | 00,078,336 | ---- | M] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe
[2008/12/11 04:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\srv.sys
[2008/12/11 04:57:09 | 00,333,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2008/12/08 17:49:39 | 00,000,196 | ---- | M] () -- C:\WINDOWS\wininit.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 1406 bytes -> C:\Documents and Settings\Marcus House\Desktop\Desktop Site Logon.url:favicon
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:62E2D794
@Alternate Data Stream - 0 bytes -> C:\WINDOWS\Thumbs.db:encryptable
< End of report >



OTListIt Extras logfile created on: 3/1/2009 9:48:36 AM - Run 1
OTListIt2 by OldTimer - Version 2.0.3.1 Folder = C:\Documents and Settings\Marcus House\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 100.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 109.18 Gb Total Space | 47.74 Gb Free Space | 43.73% Space Free | Partition Type: NTFS
Drive D: | 368.36 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARCUS
Current User Name: Marcus House
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 90 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2007/04/16 15:10:26 | 00,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program
[2006/10/27 14:03:04 | 01,018,664 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
[2008/04/13 12:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2008/04/18 13:21:09 | 00,147,456 | ---- | M] (Lime Wire, LLC) -- C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire 4.14.10
[2003/06/30 14:03:18 | 00,024,670 | ---- | M] () -- C:\Program Files\InterWrite PRS\_jvm\bin\java.exe:*:Enabled:java
[2007/05/25 10:39:38 | 00,964,144 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant
[2008/08/29 09:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
[2008/11/20 13:20:48 | 14,294,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
[2007/11/06 20:10:03 | 05,009,408 | R--- | M] (Hewlett-Packard) -- D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe
[2008/05/29 21:40:10 | 00,036,864 | R--- | M] (Hewlett-Packard Co.) -- D:\setup\HPONICIFS01.EXE:*:Enabled:hponicifs01.exe
[2007/10/14 20:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
[2008/03/07 15:41:14 | 00,184,320 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
[2008/03/07 16:04:10 | 00,283,992 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
[2008/03/07 16:04:10 | 00,053,248 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
[2008/06/09 19:32:08 | 00,107,864 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
[2007/10/31 14:45:22 | 00,147,456 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
[2008/03/07 16:04:10 | 00,566,616 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
[2008/06/09 19:32:08 | 00,075,096 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
[2008/10/21 16:31:44 | 00,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe:*:Disabled:RealNetworks Scheduler
[2008/11/20 13:20:54 | 00,290,088 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe:*:Enabled:iTunesHelper Module
[2008/04/13 18:12:39 | 00,433,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wiaacmgr.exe:*:Enabled:Windows Picture Acquisition Wizard

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0240BDFB-2995-4A3F-8C96-18D41282B716}" = Dell Network Assistant
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}" = Photo Story 3 for Windows
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5AF8C46D-A141-4E69-9EB5-76A43ED29281}" = Charter High Speed Internet Self-Installation Wizard
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{600C1577-3AB5-4E72-8F58-AC7F5A990A4C}" = Ezurio Bluetooth Software (GTCO CalComp)
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{869BB0B6-804F-4142-A85F-363E8E8C2288}" = Interwrite Workspace
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A52415E5-CA1E-44DE-9EDC-D412F31D271C}" = Google Photos Screensaver
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BE9880CD-73A9-4EFD-83E5-4BB38D48E2BD}" = HP Smart Web Printing
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{C99C0593-3B48-41D9-B42F-6E035B320449}" = Broadcom Management Programs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D2EBA978-7467-A922-204B-2E9C38ADECE2}" = Search Assistant Searchersmart
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA15D535-5E1D-4076-B520-8571346D6238}" = Norton Security Scan
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"Audacity_is1" = Audacity 1.2.6
"c0a93853ea9e612b3c49e7032f4416ef2052722464" = InterWrite PRS
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ExamView Pro" = ExamView Pro
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LessonView" = LessonView
"LimeWire" = LimeWire 4.16.7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Online Instructor Suite_is1" = Online Instructor Suite
"Picasa2" = Picasa 2
"ProInst" = Intel® PROSet/Wireless Software
"RealPlayer 6.0" = RealPlayer
"SearchAssist" = SearchAssist
"Shop for HP Supplies" = Shop for HP Supplies
"SynTPDeinstKey" = Dell Touchpad
"TeacherEXPRESS: PH HS Earth Science" = TeacherEXPRESS: PH HS Earth Science
"TeacherEXPRESS: Prentice Hall Biology" = TeacherEXPRESS: Prentice Hall Biology
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/20/2009 12:09:35 AM | Computer Name = MARCUS | Source = Application Error | ID = 1001
Description = Fault bucket 744335326.

Error - 2/20/2009 10:09:16 PM | Computer Name = MARCUS | Source = MsiInstaller | ID = 11706
Description = Product: SolutionCenter -- Error 1706. An installation package for
the product SolutionCenter cannot be found. Try the installation again using a
valid copy of the installation package 'SolutionCenter.msi'.

Error - 2/20/2009 10:20:25 PM | Computer Name = MARCUS | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16791, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2009 12:05:39 AM | Computer Name = MARCUS | Source = MsiInstaller | ID = 11904
Description = Product: SolutionCenter -- Error 1904. Module C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
failed to register. HRESULT -2147220473. Contact your support personnel.

Error - 2/21/2009 2:10:35 AM | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00010193.

Error - 2/22/2009 9:53:06 AM | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Faulting application hpqtra08.exe, version 100.0.170.0, faulting module
ntdll.dll, version 5.1.2600.5512, fault address 0x00010193.

Error - 2/22/2009 9:54:53 AM | Computer Name = MARCUS | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00a1865c.

Error - 2/23/2009 5:35:12 PM | Computer Name = MARCUS | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00a1865c.

Error - 2/23/2009 5:36:52 PM | Computer Name = MARCUS | Source = Application Error | ID = 1001
Description = Fault bucket 381097655.

Error - 2/28/2009 7:40:07 PM | Computer Name = MARCUS | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application winword.exe, version 12.0.4518.1014, stamp 45428028,
faulting module hpz3r5jy.dll, version 61.71.265.32, stamp 4869d0d0, debug? 0, fault
address 0x000466e8.

[ System Events ]
Error - 2/28/2009 8:14:34 PM | Computer Name = MARCUS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 2/28/2009 8:18:30 PM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROBERT-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 2/28/2009 8:33:22 PM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROBERT-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 2/28/2009 8:48:14 PM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROBERT-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 2/28/2009 9:03:08 PM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROBERT-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.100 did
not allow the name to be claimed by this machine.

Error - 3/1/2009 12:58:29 AM | Computer Name = MARCUS | Source = DCOM | ID = 10010
Description = The server {73E709EA-5D93-4B2E-BBB0-99B7938DA9E4} did not register
with DCOM within the required timeout.

Error - 3/1/2009 11:14:52 AM | Computer Name = MARCUS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/1/2009 11:17:52 AM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROB-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.102 did
not allow the name to be claimed by this machine.

Error - 3/1/2009 11:35:16 AM | Computer Name = MARCUS | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/1/2009 11:48:18 AM | Computer Name = MARCUS | Source = NetBT | ID = 4321
Description = The name "ROB-PC :0" could not be registered on the Interface
with IP address 192.168.1.101. The machine with the IP address 192.168.1.102 did
not allow the name to be claimed by this machine.


< End of report >

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 01 March 2009 - 02:56 PM

Hello.

Those logs are clean. Nothing really that needs attention ot fixing. Let's cleanup then. If Kaspersky scan was clean then there's probably nothing else to do too much.


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :step4:

Uninstall GMER
We will now remove GMER.
  • Go to Start ---> Run ----> In the Open Field type in: C:\WINDOWS\gmer_uninstall.cmd
  • Now Click Ok
  • This shall uninstall GMER and everything related to it.
Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.


Congratulations! You now appear clean! :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Increase System Performance

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :thumbup2:


If you have no more questions, comments or problems please tell us, so we can close off the topic. Any other problem not related to malware should be ask in either the XP or Vista forum depending on the Operating System you are using.

Thanks :step1:

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:57 PM

Posted 04 March 2009 - 03:57 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad I could help :thumbup2:

Please start a new thread in the Hijackthis-Malware Removal forum and post a new DDS logs if you need help again, due to the fact that I need to leave in a few days and cannot continue to help you if you need it re-opened. If you require assistance again, start a new topic. Do Not PM me please.

This applies only to the original topic starter.

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users