Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc keeps freezing when left idle


  • This topic is locked This topic is locked
19 replies to this topic

#1 ocean80

ocean80

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 29 April 2009 - 03:38 PM

Hello everyone

The problem is my pc keeps freezing up when it is left idle. I have checked the power option in the control panel and i have selected do nothing on all the options but still it freezes.

I have done a hijackthis log and was wondering if anything is showing up on this.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:34:29, on 29/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com;v4.windowsupdate.microsoft.com;download.windowsupdate.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: My RSS Toolbar - {32B6087E-4812-4E86-A436-45CC49399520} - C:\PROGRA~1\MYRSST~1\MYRSST~1.DLL
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com%20https
O15 - Trusted Zone: http://download.windowsupdate.com
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hazard Shield realtime (HazardShield) - Orbitech - C:\Windows\system32\hzrService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6925 bytes

Thanks

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,805 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:48 AM

Posted 11 May 2009 - 10:37 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. You can find information on A/V control HERE

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 12 May 2009 - 10:23 AM

Hello Orange Blosson

Thankyou for gettting back to me.

For some reason my pc seems to be running fairly ok, ever since i changed the settings in the advanced power options. i choose to leave the hard disk running constantlly and it doesn't seem to crash like it used to, although i haven't left it idle for long periods of time lately.

There are 2 other problems i have also, one is i can't use windows update, as it comes up with error code 80072efd and when i scan with zonelaram antispyware, it always freezes on file "c:\\windows\system32\config\regback\SOFTWARE". I am able to scan using safe mode with networking but it hasn't found any problems.

I haven't contacted microsoft and zonealarm about these problems yet, as i thought maybe you could see if there are any errors showing in
the dss and hijackthis scans. I have also done malware and antispyware scans and nothing has been found.

I will post the dss and hijackthis logs seperately.


Thankyou for your help.

#4 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 12 May 2009 - 10:25 AM

DDS (Ver_09-03-16.01) - NTFSx86
Run by bixby at 15:32:41.79 on 12/05/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_11
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1014.315 [GMT 1:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\notepad.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\system32\hzrService.exe
C:\Users\bixby\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = windowsupdate.microsoft.com;v4.windowsupdate.microsoft.com;download.windowsupdate.com
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
uURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
uURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
mURLSearchHooks: H - No File
mURLSearchHooks: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
mURLSearchHooks: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: UrlHelper Class: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - c:\program files\imesh applications\imesh mediabar\iMeshIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {a057a204-bacc-4d26-9990-79a187e2698e} - AVG Security Toolbar
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: free-downloads.net Toolbar: {ecdee021-0d17-467f-a1ff-c7a115230949} - c:\program files\free-downloads.net\tbfree.dll
TB: ToggleEN Toolbar: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - c:\program files\toggleen\tbTogg.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFree.dll
TB: My RSS Toolbar: {32b6087e-4812-4e86-a436-45cc49399520} - c:\progra~1\myrsst~1\MYRSST~1.DLL
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} -
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: LoginPrompt = 8C99888C80
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: SYSTRAN Lookup
IE: SYSTRAN Translate
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\program files\google\google desktop search\GoogleDesktopNetwork1.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20https\v5.windowsupdate
Trusted Zone: windowsupdate.com\download
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\bixby\appdata\roaming\mozilla\firefox\profiles\b8gqrtok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\program files\daemon tools toolbar\firefoxdtt\components\DTToolbarFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\bixby\appdata\roaming\mozilla\firefox\profiles\b8gqrtok.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-2 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-2 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-3-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-3-23 72944]
R2 HazardShield;Hazard Shield realtime;c:\windows\system32\hzrService.exe [2009-3-28 73216]
S2 avg8emc;AVG Free8 E-mail Scanner; [x]
S2 avg8wd;AVG Free8 WatchDog; [x]
S2 gupdate1c9b153e39301d0;Google Update Service (gupdate1c9b153e39301d0);c:\program files\google\update\GoogleUpdate.exe [2009-3-30 133104]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\system32\drivers\lmvac.sys [2008-12-17 18912]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-3-23 7408]
S4 Disk Cleaner Service;Disk Cleaner Service;c:\program files\disk cleaner\DiskCleanerService.exe [2008-11-25 83256]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-12-5 935208]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2007-12-25 131616]
S4 Registry Helper Service;Registry Helper Service; [x]

=============== Created Last 30 ================

2009-05-11 12:14 1,846,632 a------- c:\windows\system32\D3DCompiler_41.dll
2009-05-11 12:14 453,456 a------- c:\windows\system32\d3dx10_41.dll
2009-05-11 12:14 4,178,264 a------- c:\windows\system32\D3DX9_41.dll
2009-05-11 12:14 517,448 a------- c:\windows\system32\XAudio2_4.dll
2009-05-11 12:14 69,448 a------- c:\windows\system32\XAPOFX1_3.dll
2009-05-11 12:14 235,352 a------- c:\windows\system32\xactengine3_4.dll
2009-05-11 12:14 22,360 a------- c:\windows\system32\X3DAudio1_6.dll
2009-05-11 10:44 <DIR> --d----- c:\program files\oZone3D
2009-05-11 10:18 <DIR> --d----- c:\program files\directx
2009-05-09 19:11 <DIR> --d----- c:\windows\CheckSur
2009-05-04 01:33 398,336 a------- c:\windows\system32\TVWizudlg.exe
2009-05-04 01:33 140,288 a------- c:\windows\system32\igfxtvcx.dll
2009-05-03 03:48 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-05-02 14:18 <DIR> --d----- c:\programdata\Zenturi
2009-05-02 14:18 <DIR> --d----- c:\progra~2\Zenturi
2009-05-02 13:08 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-05-02 13:08 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 13:08 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-05-02 13:08 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-05-02 13:07 <DIR> --d----- c:\programdata\avg8
2009-05-02 13:07 <DIR> --d----- c:\progra~2\avg8
2009-04-30 02:23 <DIR> --d----- c:\users\bixby\appdata\roaming\MailFrontier
2009-04-30 02:20 52,932,128 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-04-30 02:20 570,092 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-04-30 02:16 72,584 a------- c:\windows\zllsputility.exe
2009-04-30 02:15 1,221,512 a------- c:\windows\system32\zpeng25.dll
2009-04-30 02:15 351,220 a---h--- c:\windows\system32\drivers\vsconfig.xml
2009-04-30 02:15 293,528 a------- c:\windows\system32\drivers\vsdatant.sys
2009-04-30 01:59 161,792 a------- c:\windows\SWREG.exe
2009-04-30 01:59 98,816 a------- c:\windows\sed.exe
2009-04-26 16:37 <DIR> --d----- c:\program files\Flash Favorite
2009-04-25 00:57 <DIR> --d----- c:\program files\SpeedFan
2009-04-25 00:57 45 a------- c:\windows\system32\initdebug.nfo
2009-04-25 00:46 <DIR> --d----- c:\program files\Lavalys
2009-04-23 20:29 <DIR> --d----- c:\program files\AnalogX
2009-04-21 12:24 <DIR> --d----- c:\program files\Test My Hardware
2009-04-17 21:39 <DIR> --d----- c:\users\bixby\appdata\roaming\Desktop BBC News
2009-04-17 21:39 <DIR> --d----- c:\program files\Desktop BBC News
2009-04-17 21:05 1,321,984 a------- c:\windows\system32\RSS2HTMLScout.dll
2009-04-17 21:05 <DIR> --d----- c:\users\bixby\appdata\roaming\Feed Scout
2009-04-17 21:05 <DIR> --d----- c:\program files\My RSS Toolbar
2009-04-16 22:03 <DIR> --d----- C:\fsaua.data
2009-04-13 16:52 <DIR> --d----- c:\users\bixby\appdata\roaming\WordWeb
2009-04-13 16:52 1,050,296 -------- c:\windows\wweb32.dll
2009-04-13 16:52 <DIR> --d----- c:\program files\WordWeb

==================== Find3M ====================

2009-05-04 01:30 51,200 a------- c:\windows\inf\infpub.dat
2009-05-04 01:30 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-04 01:28 86,016 a------- c:\windows\inf\infstor.dat
2009-04-11 00:48 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-04-06 15:32 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 15:32 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-28 19:52 73,216 a------- c:\windows\system32\hzrService.exe
2009-03-28 19:52 70,144 a------- c:\windows\system32\hzrTray.exe
2009-03-28 19:50 180,224 a------- c:\windows\system32\pausep.exe
2009-03-20 17:08 878,080 a------- c:\windows\system32\iconv.dll
2009-03-20 17:08 721,920 a------- c:\windows\system32\libxml2.dll
2009-03-20 17:08 150,016 a------- c:\windows\system32\libxslt.dll
2009-03-20 17:08 51,200 a------- c:\windows\system32\libexslt.dll
2009-03-20 00:59 163,840 a----r-- c:\windows\system32\_ISUSER.DLL
2009-03-12 15:22 202,008 a------- c:\windows\system32\PnkBstrB.exe
2009-03-10 08:54 997,912 a------- c:\windows\system32\igxpun.exe
2009-03-08 12:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 12:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 12:33 109,056 a------- c:\windows\system32\iesysprep.dll
2009-03-08 12:33 109,568 a------- c:\windows\system32\PDMSetup.exe
2009-03-08 12:33 132,608 a------- c:\windows\system32\ieUnatt.exe
2009-03-08 12:33 107,520 a------- c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 12:33 107,008 a------- c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 12:33 103,936 a------- c:\windows\system32\SetDepNx.exe
2009-03-08 12:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 12:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 12:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 12:32 66,560 a------- c:\windows\system32\wextract.exe
2009-03-08 12:32 169,472 a------- c:\windows\system32\iexpress.exe
2009-03-08 12:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 12:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 12:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 12:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-04 23:22 262,144 a------- C:\ntuser.dat
2009-02-26 12:57 8,198,680 a------- c:\windows\system32\TVWSetup.exe
2009-02-26 12:57 141,848 a------- c:\windows\system32\igfxtray.exe
2009-02-26 12:57 252,952 a------- c:\windows\system32\igfxsrvc.exe
2009-02-26 12:57 150,552 a------- c:\windows\system32\igfxpers.exe
2009-02-26 12:57 668,696 a------- c:\windows\system32\igfxcfg.exe
2009-02-26 12:57 173,080 a------- c:\windows\system32\igfxext.exe
2009-02-26 12:57 173,592 a------- c:\windows\system32\hkcmd.exe
2009-02-26 12:49 151,552 a------- c:\windows\system32\igfxCoIn_v1666.dll
2009-02-26 12:39 3,821,568 a------- c:\windows\system32\igdumd32.dll
2009-02-26 12:38 1,498,564 a------- c:\windows\system32\igkrng400.bin
2009-02-26 12:34 536,576 a------- c:\windows\system32\igdumdx32.dll
2009-02-26 12:26 2,576,384 a------- c:\windows\system32\igd10umd32.dll
2009-02-26 12:16 2,674,688 a------- c:\windows\system32\ig4dev32.dll
2009-02-26 12:16 4,112,384 a------- c:\windows\system32\ig4icd32.dll
2009-02-26 12:05 257,536 a------- c:\windows\system32\igfxTMM.dll
2009-02-26 12:05 59,392 a------- c:\windows\system32\oemdspif.dll
2009-02-26 12:04 200,192 a------- c:\windows\system32\igfxpph.dll
2009-02-26 12:04 23,552 a------- c:\windows\system32\igfxexps.dll
2009-02-26 12:04 51,712 a------- c:\windows\system32\igfxsrvc.dll
2009-02-26 12:04 130,048 a------- c:\windows\system32\igfxdo.dll
2009-02-26 12:03 94,208 a------- c:\windows\system32\hccutils.dll
2009-02-26 12:03 5,702,656 a------- c:\windows\system32\igfxress.dll
2009-02-26 12:03 210,432 a------- c:\windows\system32\igfxdev.dll
2009-02-26 11:02 319,456 a------- c:\windows\system32\difxapi.dll
2009-02-15 01:45 2,788,800 a------- c:\program files\FLV PlayerFCSetup.exe
2009-02-14 21:11 98,304 a------- c:\windows\system32\CmdLineExt.dll
2009-02-09 17:31 47,360 a------- c:\users\bixby\appdata\roaming\pcouffin.sys
2008-12-12 19:57 22,328 a------- c:\users\bixby\appdata\roaming\PnkBstrK.sys
2008-11-25 19:05 56 a---h--- c:\programdata\ezsidmv.dat
2008-11-25 19:05 56 a---h--- c:\progra~2\ezsidmv.dat
2008-11-23 22:47 174 a--sh--- c:\program files\desktop.ini
2008-11-23 22:30 665,600 a------- c:\windows\inf\drvindex.dat
2008-11-17 13:07 637 a------- c:\program files\Sample Music.lnk
2008-11-17 12:45 0 a------- c:\users\bixby\appdata\roaming\wklnhst.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:33:17.88 ===============


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:35:55, on 12/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com;v4.windowsupdate.microsoft.com;download.windowsupdate.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: My RSS Toolbar - {32B6087E-4812-4E86-A436-45CC49399520} - C:\PROGRA~1\MYRSST~1\MYRSST~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com%20https
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Update Service (gupdate1c9b153e39301d0) (gupdate1c9b153e39301d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hazard Shield realtime (HazardShield) - Orbitech - C:\Windows\system32\hzrService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7177 bytes

#5 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:48 AM

Posted 14 May 2009 - 09:25 PM

Hi ocean80,



Step1

Please download GMER Rootkit Scanner from Here or Here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. For more info, go to Here for your reference.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" , and copy and paste the contents in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Step2
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

In your next reply, please post back:


1.GMER log
2.RSIT log.txt and info.txt.

Please detail the problem you're experiencing. Thanks.

#6 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 12:00 AM

Hi Sundavis

Thankyou for getting back to me.

Initially my main problem was my pc kept freezing up when left idle, but ever since i changed the advanced settings in the power options, it doesn't seem to crash.

There are 2 other problems im having, one is i haven't been able to use windows update, as it always comes up with error code 80072ef and when i scan with zonelaram antispyware, it always freezes on file "c:\\windows\system32\config\regback\SOFTWARE". I am able to scan using safe mode with networking but it hasn't found any problems.

I will post the gmer and the rsit scans separately.


Thankyou for your help

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-15 05:38:26
Windows 6.0.6001 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwAlpcConnectPort [0x8D49E880]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0x8D49E4E0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x8D49B828]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x8D4B1D9C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0x8D49EC36]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x8D4AFAF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x8D4AFD12]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x8D4B3780]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0x8D49ECDE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x8D49BD0A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x8D4B2698]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x8D4B2414]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x8D4AF4F8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadDriver [0x8D498A6E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x8D4B2BC6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x8D4B2C3E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x8D4B2D2E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0x8D4B39D0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x8D49BBA2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x8D4B0F18]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x8D4B3370]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x8D4B2DA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0x8D49E16A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x8D4B31B0]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x8D49E680]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x8D49BEF8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0x8D498886]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x8D4B211A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x8D4B0486]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x8D4B0362]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0x8D498C66]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x8D4AFF30]

INT 0x62 ? 8675DF00
INT 0x72 ? 8675DF00
INT 0x82 ? 84EFBBF8
INT 0x92 ? 84EFBBF8
INT 0xA2 ? 84EFFBF8
INT 0xA2 ? 8675DF00
INT 0xA2 ? 84EFFBF8
INT 0xB2 ? 8675DF00
INT 0xB2 ? 8675DF00
INT 0xB2 ? 8675DF00
INT 0xB3 ? 8675DF00

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 84F021F8
Device \Driver\sptd \Device\407524517 sprr.sys
Device \Driver\volmgr \Device\VolMgrControl 84EFD1F8
Device \Driver\usbuhci \Device\USBPDO-0 867901F8
Device \Driver\usbuhci \Device\USBPDO-1 867901F8
Device \Driver\PCI_PNP2505 \Device\00000053 sprr.sys
Device \Driver\usbehci \Device\USBPDO-2 867BB1F8
Device \Driver\usbuhci \Device\USBPDO-3 867901F8
Device \Driver\usbuhci \Device\USBPDO-4 867901F8

AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBPDO-5 867901F8
Device \Driver\usbehci \Device\USBPDO-6 867BB1F8
Device \Driver\volmgr \Device\HarddiskVolume1 84EFD1F8
Device \Driver\volmgr \Device\HarddiskVolume2 84EFD1F8
Device \Driver\cdrom \Device\CdRom0 867A81F8
Device \Driver\volmgr \Device\HarddiskVolume3 84EFD1F8
Device \Driver\cdrom \Device\CdRom1 867A81F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 84F001F8
Device \Driver\atapi \Device\Ide\IdePort0 84F001F8
Device \Driver\atapi \Device\Ide\IdePort1 84F001F8
Device \Driver\cdrom \Device\CdRom2 867A81F8
Device \Driver\cdrom \Device\CdRom3 867A81F8
Device \Driver\cdrom \Device\CdRom4 867A81F8
Device \Driver\netbt \Device\NetBt_Wins_Export 8D06B500
Device \Driver\Smb \Device\NetbiosSmb 8D0871F8
Device \Driver\iScsiPrt \Device\RaidPort0 867C4500

AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\netbt \Device\NetBT_Tcpip_{D0C35D10-0997-4CDC-A766-061C4C4A461E} 8D06B500
Device \Driver\netbt \Device\NetBT_Tcpip_{C8991BFF-AD9B-48B4-A5C3-2D1CD08BDAA9} 8D06B500
Device \Driver\usbuhci \Device\USBFDO-0 867901F8
Device \Driver\usbuhci \Device\USBFDO-1 867901F8
Device \Driver\usbehci \Device\USBFDO-2 867BB1F8
Device \Driver\usbuhci \Device\USBFDO-3 867901F8
Device \Driver\usbuhci \Device\USBFDO-4 867901F8
Device \Driver\usbuhci \Device\USBFDO-5 867901F8
Device \Driver\usbehci \Device\USBFDO-6 867BB1F8
Device \Driver\a5rv44ka \Device\Scsi\a5rv44ka1Port5Path0Target1Lun0 84E9D1F8
Device \Driver\a5rv44ka \Device\Scsi\a5rv44ka1 84E9D1F8
Device \Driver\a5rv44ka \Device\Scsi\a5rv44ka1Port5Path0Target0Lun0 84E9D1F8
Device \Driver\a5rv44ka \Device\Scsi\a5rv44ka1Port5Path0Target2Lun0 84E9D1F8
Device \FileSystem\cdfs \Cdfs 846F0320

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4A 0x88 0x8F 0xAF ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xAA 0x42 0xCB ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x72 0x6F 0x81 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x8E 0x0E 0x82 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4F 0x75 0x4B ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x49 0xF2 0x83 0x65 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0x84 0x23 0xBC ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xCC 0x46 0x52 0x68 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x66 0xB7 0x2B 0x56 ...
Reg HKLM\SYSTEM\ControlSet009\Services\gaopdxserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet009\Services\gaopdxserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet009\Services\gaopdxserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet009\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxcfpxpcbp.sys
Reg HKLM\SYSTEM\ControlSet009\Services\gaopdxserv.sys\modules
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4A 0x88 0x8F 0xAF ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xAA 0x42 0xCB ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x72 0x6F 0x81 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x8E 0x0E 0x82 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4F 0x75 0x4B ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x25 0xC7 0xF1 0x9C ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x70 0x78 0x22 0xB8 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xCC 0x46 0x52 0x68 ...
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x66 0xB7 0x2B 0x56 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x4A 0x88 0x8F 0xAF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x15 0xAA 0x42 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x90 0x72 0x6F 0x81 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x4F 0x8E 0x0E 0x82 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x05 0x4F 0x75 0x4B ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x49 0xF2 0x83 0x65 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0xF5 0x84 0x23 0xBC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42@khjeh 0xCC 0x46 0x52 0x68 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43@khjeh 0x66 0xB7 0x2B 0x56 ...

---- EOF - GMER 1.0.15 ----

#7 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 12:02 AM

Logfile of random's system information tool 1.06 (written by random/random)
Run by bixby at 2009-05-15 05:46:22
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 480 MB (1%) free of 69 GB
Total RAM: 1014 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:46:53, on 15/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Users\bixby\Downloads\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\bixby.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = windowsupdate.microsoft.com;v4.windowsupdate.microsoft.com;download.windowsupdate.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: My RSS Toolbar - {32B6087E-4812-4E86-A436-45CC49399520} - C:\PROGRA~1\MYRSST~1\MYRSST~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bixby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com%20https
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Update Service (gupdate1c9b153e39301d0) (gupdate1c9b153e39301d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hazard Shield realtime (HazardShield) - Orbitech - C:\Windows\system32\hzrService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7371 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AppleSoftwareUpdate.job
C:\Windows\tasks\GoogleUpdateTaskMachine.job
C:\Windows\tasks\User_Feed_Synchronization-{0D47391B-573A-4630-A610-FB9F2BCDB98F}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTogg.dll [2008-11-24 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2008-06-15 1571864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
AskBar BHO - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-11-22 304736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
UrlHelper Class - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll [2008-09-02 398768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java™ Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2008-12-03 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-11-22 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-07 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-12-03 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2008-09-15 1784856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{3041d03e-fd4b-44e0-b742-2d9b88305f98} - Ask Toolbar - C:\Program Files\AskBarDis\bar\bin\askBar.dll [2008-09-29 325000]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-11-22 2403392]
{ecdee021-0d17-467f-a1ff-c7a115230949} - free-downloads.net Toolbar - C:\Program Files\free-downloads.net\tbfree.dll [2008-09-15 1784856]
{038cb5c7-48ea-4af9-94e0-a1646542e62b} - ToggleEN Toolbar - C:\Program Files\ToggleEN\tbTogg.dll [2008-11-24 1784856]
{1392b8d2-5c05-419f-a8f6-b9f15a596612} - Freecorder Toolbar - C:\Program Files\Freecorder\tbFree.dll [2008-06-15 1571864]
{32B6087E-4812-4E86-A436-45CC49399520} - My RSS Toolbar - C:\PROGRA~1\MYRSST~1\MYRSST~1.DLL [2005-08-01 1187840]
{A057A204-BACC-4D26-9990-79A187E2698E} - []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
"ZoneAlarm Client"=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe [2009-03-31 982408]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-02-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-02-26 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-02-26 150552]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-19 125952]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
C:\Program Files\DNA\btdna.exe [2009-03-12 342848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DmwClient]
C:\Program Files\DMW Client 3\dmwclient.exe [2009-02-22 337408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-11-22 120320]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hazard Shield]
C:\Windows\system32\hzrTray.exe [2009-03-28 70144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
C:\Program Files\Download Manager\DLM.exe [2009-02-24 1103216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-02-27 153136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
C:\Program Files\Registry Mechanic\RMTray.exe [2008-07-03 812952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2008-12-26 6707744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Program Files\Realtek\Audio\HDA\Skytel.exe [2008-12-26 1833504]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe [2006-11-22 630784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2008-12-03 136600]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-03-23 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-12-01 39408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-11-22 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2009]
c:\program files\uniblue\registrybooster\StartRegistryBooster.exe [2008-08-26 99624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
C:\Program Files\Unlocker\UnlockerAssistant.exe [2008-05-02 15872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe [2009-01-21 4033618]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
C:\PROGRA~1\PALTAL~1\paltalk.exe [2009-01-28 10950144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
C:\PROGRA~1\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-20 250368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2006-10-27 98632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
C:\PROGRA~1\WordWeb\wweb32.exe [2008-06-12 42168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-02-26 210432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDrives"=0
"NoViewOnDrive"=0
"NoDriveAutoRun"=0
"NoRecentDocsNetHood"=0
"NoWinKeys"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"LoginPrompt"=
"NoDrives"=
"NoViewOnDrive"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoRecentDocsNetHood"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028de3c0-facc-11dd-9e8e-00030d8945c2}]
shell\AutoRun\command - G:\setup.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2009-05-15 05:46:22 ----D---- C:\rsit
2009-05-11 12:14:43 ----A---- C:\Windows\system32\d3dx10_41.dll
2009-05-11 12:14:43 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2009-05-11 12:14:40 ----A---- C:\Windows\system32\D3DX9_41.dll
2009-05-11 12:14:35 ----A---- C:\Windows\system32\XAudio2_4.dll
2009-05-11 12:14:35 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2009-05-11 12:14:28 ----A---- C:\Windows\system32\xactengine3_4.dll
2009-05-11 12:14:24 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2009-05-11 10:44:32 ----D---- C:\Program Files\oZone3D
2009-05-11 10:25:50 ----D---- C:\Users\bixby\AppData\Roaming\SystemRequirementsLab
2009-05-11 10:18:57 ----D---- C:\Program Files\directx
2009-05-09 19:11:57 ----D---- C:\Windows\CheckSur
2009-05-04 01:33:58 ----A---- C:\Windows\system32\TVWizudlg.exe
2009-05-04 01:33:58 ----A---- C:\Windows\system32\igfxtvcx.dll
2009-05-03 03:48:54 ----HD---- C:\$AVG8.VAULT$
2009-05-02 14:18:30 ----D---- C:\ProgramData\Zenturi
2009-05-02 13:08:47 ----A---- C:\Windows\system32\avgrsstx.dll
2009-05-02 13:07:18 ----D---- C:\ProgramData\avg8
2009-05-01 04:20:23 ----D---- C:\Windows\temp
2009-05-01 04:20:21 ----A---- C:\ComboFix.txt
2009-04-30 02:23:05 ----D---- C:\Users\bixby\AppData\Roaming\MailFrontier
2009-04-30 02:16:10 ----A---- C:\Windows\zllsputility.exe
2009-04-30 02:15:54 ----A---- C:\Windows\system32\vsregexp.dll
2009-04-30 02:15:50 ----A---- C:\Windows\system32\zlcommdb.dll
2009-04-30 02:15:50 ----A---- C:\Windows\system32\zlcomm.dll
2009-04-30 02:15:45 ----A---- C:\Windows\system32\vswmi.dll
2009-04-30 02:15:41 ----A---- C:\Windows\system32\zpeng25.dll
2009-04-30 02:15:41 ----A---- C:\Windows\system32\vsxml.dll
2009-04-30 02:15:41 ----A---- C:\Windows\system32\vspubapi.dll
2009-04-30 02:15:40 ----A---- C:\Windows\system32\vsmonapi.dll
2009-04-30 02:15:39 ----A---- C:\Windows\system32\vsdata.dll
2009-04-30 02:14:18 ----A---- C:\Windows\system32\vsutil.dll
2009-04-30 02:14:18 ----A---- C:\Windows\system32\vsinit.dll
2009-04-30 01:59:35 ----A---- C:\Windows\zip.exe
2009-04-30 01:59:35 ----A---- C:\Windows\vFind.exe
2009-04-30 01:59:35 ----A---- C:\Windows\SWXCACLS.exe
2009-04-30 01:59:35 ----A---- C:\Windows\SWSC.exe
2009-04-30 01:59:35 ----A---- C:\Windows\SWREG.exe
2009-04-30 01:59:35 ----A---- C:\Windows\sed.exe
2009-04-30 01:59:35 ----A---- C:\Windows\grep.exe
2009-04-30 01:56:00 ----A---- C:\Windows\NIRCMD.exe
2009-04-26 16:37:55 ----D---- C:\Program Files\Flash Favorite
2009-04-25 00:57:05 ----D---- C:\Program Files\SpeedFan
2009-04-25 00:46:58 ----D---- C:\Program Files\Lavalys
2009-04-23 20:29:28 ----D---- C:\Program Files\AnalogX
2009-04-21 12:24:47 ----D---- C:\Program Files\Test My Hardware
2009-04-17 21:39:49 ----D---- C:\Users\bixby\AppData\Roaming\Desktop BBC News
2009-04-17 21:39:32 ----D---- C:\Program Files\Desktop BBC News
2009-04-17 21:05:04 ----A---- C:\Windows\system32\RSS2HTMLScout.dll
2009-04-17 21:05:03 ----D---- C:\Users\bixby\AppData\Roaming\Feed Scout
2009-04-17 21:05:03 ----D---- C:\Program Files\My RSS Toolbar
2009-04-16 22:03:39 ----D---- C:\fsaua.data

======List of files/folders modified in the last 1 months======

2009-05-15 05:46:40 ----D---- C:\Windows\Prefetch
2009-05-15 05:45:47 ----D---- C:\Windows\Internet Logs
2009-05-15 05:42:42 ----D---- C:\ProgramData\Hazard Shield
2009-05-15 04:07:14 ----D---- C:\Program Files\Mozilla Firefox
2009-05-15 04:00:01 ----D---- C:\Windows\Minidump
2009-05-15 04:00:01 ----D---- C:\Windows
2009-05-15 03:35:17 ----D---- C:\Users\bixby\AppData\Roaming\DNA
2009-05-15 03:27:00 ----A---- C:\log.txt
2009-05-15 00:14:53 ----D---- C:\Program Files\DNA
2009-05-14 22:12:26 ----D---- C:\Users\bixby\AppData\Roaming\BitTorrent
2009-05-13 18:21:56 ----SHD---- C:\System Volume Information
2009-05-13 12:18:27 ----A---- C:\Windows\NeroDigital.ini
2009-05-13 11:52:40 ----D---- C:\Program Files\GameSpy Arcade
2009-05-11 12:14:46 ----D---- C:\Windows\system32\directx
2009-05-11 12:14:45 ----D---- C:\Windows\System32
2009-05-11 12:12:13 ----HD---- C:\Windows\msdownld.tmp
2009-05-11 10:44:32 ----D---- C:\Program Files
2009-05-11 10:26:03 ----D---- C:\Program Files\SystemRequirementsLab
2009-05-10 10:28:09 ----SD---- C:\Windows\Downloaded Program Files
2009-05-09 18:26:59 ----D---- C:\PerfLogs
2009-05-08 20:41:50 ----D---- C:\ProgramData\DriverScanner
2009-05-08 02:09:50 ----D---- C:\Windows\system32\ZoneLabs
2009-05-08 02:07:53 ----A---- C:\rollback.ini
2009-05-07 12:17:39 ----D---- C:\Users\bixby\AppData\Roaming\IGN_DLM
2009-05-07 11:39:51 ----D---- C:\Program Files\Download Manager
2009-05-07 09:34:26 ----D---- C:\Windows\system32\catroot2
2009-05-06 00:28:56 ----SHD---- C:\Windows\Installer
2009-05-06 00:28:49 ----D---- C:\Windows\Tasks
2009-05-04 18:37:59 ----D---- C:\Windows\system32\LogFiles
2009-05-04 10:54:51 ----SHD---- C:\Boot
2009-05-04 01:33:57 ----D---- C:\Windows\system32\Lang
2009-05-04 01:33:55 ----D---- C:\Program Files\Intel
2009-05-04 01:31:07 ----D---- C:\Windows\inf
2009-05-04 01:29:13 ----D---- C:\Windows\system32\drivers
2009-05-04 01:28:38 ----D---- C:\Windows\system32\catroot
2009-05-04 00:00:08 ----D---- C:\Windows\system32\config
2009-05-03 23:58:13 ----D---- C:\Windows\system32\Tasks
2009-05-03 23:58:13 ----D---- C:\Windows\system32\spool
2009-05-03 23:58:13 ----D---- C:\Windows\system32\CodeIntegrity
2009-05-03 23:58:10 ----D---- C:\Windows\registration
2009-05-03 23:58:05 ----SD---- C:\Users\bixby\AppData\Roaming\Microsoft
2009-05-03 23:58:05 ----HD---- C:\Program Files\InstallShield Installation Information
2009-05-03 23:58:05 ----D---- C:\Windows\winsxs
2009-05-03 23:58:05 ----D---- C:\Windows\SDold
2009-05-03 23:58:05 ----D---- C:\Windows\rescache
2009-05-03 23:58:05 ----D---- C:\Program Files\SUPERAntiSpyware
2009-05-03 23:58:05 ----D---- C:\Program Files\Splunk
2009-05-03 23:58:05 ----D---- C:\Program Files\Soldier of Fortune II - Double Helix
2009-05-03 23:58:05 ----D---- C:\Program Files\Common Files
2009-05-03 23:58:04 ----D---- C:\Program Files\Vidalia Bundle
2009-05-03 23:58:04 ----D---- C:\Program Files\PC Drivers HeadQuarters
2009-05-03 23:58:04 ----D---- C:\Program Files\Common Files\Nero
2009-05-03 23:58:01 ----D---- C:\Users\bixby\AppData\Roaming\elefundesktops
2009-05-03 23:58:01 ----D---- C:\Program Files\Google
2009-05-03 23:58:01 ----D---- C:\Program Files\Freeze.com
2009-05-03 23:58:01 ----D---- C:\Program Files\Eidos
2009-05-03 23:58:01 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-05-03 23:58:01 ----D---- C:\Program Files\DAEMON Tools Lite
2009-05-03 23:57:54 ----D---- C:\Program Files\Uniblue
2009-05-03 23:57:54 ----D---- C:\Program Files\iMesh Applications
2009-05-03 23:57:53 ----D---- C:\ProgramData\Disk Cleaner
2009-05-03 23:57:53 ----D---- C:\Program Files\Microsoft Speech SDK 5.1
2009-05-03 23:57:52 ----RSD---- C:\Windows\assembly
2009-05-03 23:57:52 ----HDC---- C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-05-03 23:57:52 ----D---- C:\Windows\system32\Macromed
2009-05-03 23:57:52 ----D---- C:\Windows\system32\Adobe
2009-05-03 23:57:52 ----D---- C:\Windows\Boot
2009-05-03 23:57:52 ----D---- C:\Program Files\SecondLife
2009-05-03 23:57:52 ----D---- C:\Program Files\Reg Organizer
2009-05-03 23:57:52 ----D---- C:\Program Files\Internet Explorer
2009-05-03 23:57:52 ----D---- C:\Program Files\Common Files\microsoft shared
2009-05-03 23:57:51 ----D---- C:\Users\bixby\AppData\Roaming\mIRC
2009-05-03 23:57:48 ----D---- C:\Windows\servicing
2009-05-03 23:57:48 ----D---- C:\Program Files\Registry Mechanic
2009-05-03 23:57:48 ----D---- C:\Program Files\QuickTime
2009-05-03 23:57:47 ----D---- C:\Windows\Microsoft.NET
2009-05-03 23:57:47 ----D---- C:\ProgramData\InstallShield
2009-05-03 23:57:47 ----D---- C:\ProgramData\Apple Computer
2009-05-03 23:57:47 ----D---- C:\Program Files\Common Files\Ulead
2009-05-03 23:57:47 ----D---- C:\Program Files\Common Files\InterVideo
2009-05-03 23:57:47 ----D---- C:\Program Files\Apple Software Update
2009-05-03 23:57:45 ----D---- C:\Windows\Downloaded Installations
2009-05-03 23:57:45 ----D---- C:\Users\bixby\AppData\Roaming\SecondLife
2009-05-03 23:57:45 ----D---- C:\Users\bixby\AppData\Roaming\ChessBase
2009-05-03 23:57:45 ----D---- C:\ProgramData\Malwarebytes
2009-05-03 23:57:45 ----D---- C:\Program Files\Trend Micro
2009-05-03 23:57:45 ----D---- C:\Program Files\Real
2009-05-03 23:57:45 ----D---- C:\Program Files\NextUp-ScanSoft
2009-05-03 23:57:45 ----D---- C:\Program Files\Microsoft Silverlight
2009-05-03 23:57:45 ----D---- C:\Program Files\Conduit
2009-05-03 23:57:45 ----D---- C:\Program Files\Common Files\xing shared
2009-05-03 23:57:45 ----D---- C:\Program Files\Common Files\Real
2009-05-03 23:57:45 ----D---- C:\Program Files\ChessBase
2009-05-03 23:57:44 ----D---- C:\Users\bixby\AppData\Roaming\FrostWire
2009-05-03 23:57:44 ----D---- C:\ProgramData\Spybot - Search & Destroy
2009-05-03 23:57:44 ----D---- C:\ProgramData\PC Drivers HeadQuarters
2009-05-03 23:57:44 ----D---- C:\ProgramData\NCH Swift Sound
2009-05-03 23:57:44 ----D---- C:\Program Files\Yahoo!
2009-05-03 23:57:44 ----D---- C:\Program Files\NCH Swift Sound
2009-05-03 23:57:44 ----D---- C:\Program Files\NCH Software
2009-05-03 23:57:44 ----D---- C:\Program Files\MindMapper2008
2009-05-03 23:57:44 ----D---- C:\Program Files\DivX
2009-05-03 23:57:44 ----D---- C:\Program Files\Common Files\Napster Shared
2009-05-03 23:57:44 ----D---- C:\Program Files\AVS4YOU
2009-05-03 23:57:43 ----D---- C:\ProgramData\Skype
2009-05-03 23:57:43 ----D---- C:\ProgramData\CyberLink
2009-05-03 23:57:43 ----D---- C:\Program Files\WMA-MP3.com
2009-05-03 23:57:43 ----D---- C:\Program Files\Realtek
2009-05-03 23:57:43 ----D---- C:\Program Files\LitexMedia
2009-05-03 23:57:43 ----D---- C:\Program Files\K-Lite Codec Pack
2009-05-03 23:57:43 ----D---- C:\Program Files\iSkysoft
2009-05-03 23:57:43 ----D---- C:\Program Files\Common Files\SWF Studio
2009-05-03 23:57:43 ----D---- C:\Program Files\AskBarDis
2009-05-03 23:57:42 ----HD---- C:\Windows\system32\GroupPolicy
2009-05-03 23:57:42 ----D---- C:\Users\bixby\AppData\Roaming\MozillaControl
2009-05-03 23:57:42 ----D---- C:\Users\bixby\AppData\Roaming\Adobe
2009-05-03 23:57:42 ----D---- C:\ProgramData\Yahoo! Companion
2009-05-03 23:57:42 ----D---- C:\Program Files\Java
2009-05-03 23:57:42 ----D---- C:\Program Files\Common Files\InstallShield
2009-05-03 23:57:42 ----D---- C:\Program Files\Activation Assistant for the 2007 Microsoft Office suites
2009-05-03 23:57:41 ----D---- C:\Program Files\Zone Labs
2009-05-03 23:57:41 ----D---- C:\Program Files\WinRAR
2009-05-03 23:57:41 ----D---- C:\Program Files\tcpIQ
2009-05-03 23:57:41 ----D---- C:\Program Files\Riva
2009-05-03 23:57:41 ----D---- C:\Program Files\Microsoft Games
2009-05-03 23:57:19 ----D---- C:\Windows\WindowsMobile
2009-05-03 23:57:19 ----D---- C:\Windows\Web
2009-05-03 23:57:19 ----D---- C:\Windows\system32\XPSViewer
2009-05-03 23:57:19 ----D---- C:\Windows\system32\winrm
2009-05-03 23:57:19 ----D---- C:\Windows\system32\WCN
2009-05-03 23:57:19 ----D---- C:\Windows\system32\wbem
2009-05-03 23:57:18 ----D---- C:\Windows\system32\sysprep
2009-05-03 23:57:18 ----D---- C:\Windows\system32\Speech
2009-05-03 23:57:18 ----D---- C:\Windows\system32\SMI
2009-05-03 23:57:18 ----D---- C:\Windows\system32\slmgr
2009-05-03 23:57:18 ----D---- C:\Windows\system32\RemInst
2009-05-03 23:57:18 ----D---- C:\Windows\system32\Printing_Admin_Scripts
2009-05-03 23:57:18 ----D---- C:\Windows\system32\oobe
2009-05-03 23:57:18 ----D---- C:\Windows\system32\networklist
2009-05-03 23:57:18 ----D---- C:\Windows\system32\MUI
2009-05-03 23:57:18 ----D---- C:\Windows\system32\Msdtc
2009-05-03 23:57:18 ----D---- C:\Windows\system32\migwiz
2009-05-03 23:57:18 ----D---- C:\Windows\system32\migration
2009-05-03 23:57:17 ----SD---- C:\Windows\system32\Microsoft
2009-05-03 23:57:17 ----D---- C:\Windows\system32\licensing
2009-05-03 23:57:17 ----D---- C:\Windows\system32\IME
2009-05-03 23:57:17 ----D---- C:\Windows\system32\en-US
2009-05-03 23:57:17 ----D---- C:\Windows\system32\DriverStore
2009-05-03 23:57:15 ----D---- C:\Windows\system32\com
2009-05-03 23:57:15 ----D---- C:\Windows\system32\Boot
2009-05-03 23:57:15 ----D---- C:\Windows\Speech
2009-05-03 23:57:15 ----D---- C:\Windows\Setup
2009-05-03 23:57:15 ----D---- C:\Windows\ServiceProfiles
2009-05-03 23:57:15 ----D---- C:\Windows\security
2009-05-03 23:57:15 ----D---- C:\Windows\schemas
2009-05-03 23:57:15 ----D---- C:\Windows\Resources
2009-05-03 23:57:15 ----D---- C:\Windows\Provisioning
2009-05-03 23:57:15 ----D---- C:\Windows\PolicyDefinitions
2009-05-03 23:57:15 ----D---- C:\Windows\PLA
2009-05-03 23:57:15 ----D---- C:\Windows\Performance
2009-05-03 23:57:15 ----D---- C:\Windows\MSAgent
2009-05-03 23:57:13 ----D---- C:\Windows\IME
2009-05-03 23:57:13 ----D---- C:\Windows\Help
2009-05-03 23:57:13 ----D---- C:\Windows\ehome
2009-05-03 23:57:13 ----D---- C:\Windows\DigitalLocker
2009-05-03 23:57:13 ----D---- C:\Windows\Branding
2009-05-03 23:57:11 ----D---- C:\Windows\AppPatch
2009-05-03 23:57:10 ----SD---- C:\ProgramData\Microsoft
2009-05-03 23:57:10 ----D---- C:\ProgramData\Symantec
2009-05-03 23:57:10 ----D---- C:\ProgramData\Nero
2009-05-03 23:57:10 ----D---- C:\Program Files\Windows Sidebar
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Photo Gallery
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows NT
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Media Player
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Mail
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Journal
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Defender
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Collaboration
2009-05-03 23:57:09 ----D---- C:\Program Files\Windows Calendar
2009-05-03 23:57:09 ----D---- C:\Program Files\Reference Assemblies
2009-05-03 23:57:09 ----D---- C:\Program Files\Nero
2009-05-03 23:57:09 ----D---- C:\Program Files\MSBuild
2009-05-03 23:57:09 ----D---- C:\Program Files\Movie Maker
2009-05-03 23:57:09 ----D---- C:\Program Files\Motorola
2009-05-03 23:57:09 ----D---- C:\Program Files\Microsoft.NET
2009-05-03 23:57:09 ----D---- C:\Program Files\Microsoft Works
2009-05-03 23:57:09 ----D---- C:\Program Files\Microsoft Office
2009-05-03 23:57:09 ----D---- C:\Program Files\Common Files\System
2009-05-03 23:57:09 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-05-03 23:57:09 ----D---- C:\Program Files\Common Files\SpeechEngines
2009-05-03 23:57:08 ----RHD---- C:\MSOCache
2009-05-03 23:57:08 ----D---- C:\Program Files\Common Files\Fujitsu Siemens Computers
2009-05-03 23:57:08 ----D---- C:\Program Files\Common Files\Ahead
2009-05-03 23:57:08 ----D---- C:\Program Files\Common Files\Adobe
2009-05-03 23:57:08 ----D---- C:\Program Files\Adobe
2009-05-03 15:10:18 ----D---- C:\Program Files\Unlocker
2009-05-03 14:00:59 ----HD---- C:\ProgramData
2009-05-01 04:17:58 ----A---- C:\Windows\system.ini
2009-04-29 21:33:39 ----D---- C:\Program Files\Visual IP Trace 2008
2009-04-28 12:08:00 ----D---- C:\Windows\PaltalkScene
2009-04-28 12:08:00 ----D---- C:\Windows\Freecorder Toolbar
2009-04-26 18:51:05 ----AD---- C:\ProgramData\TEMP
2009-04-25 21:45:16 ----D---- C:\ProgramData\Google
2009-04-25 19:47:35 ----A---- C:\testcrypted.txt
2009-04-25 19:47:35 ----A---- C:\testBack.txt
2009-04-18 11:58:28 ----D---- C:\Program Files\FrostWire
2009-04-17 08:30:51 ----D---- C:\Windows\'Full Speed' Internet Booster + Performance Tests

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2009-05-02 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2009-05-02 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2009-05-02 108552]
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2009-03-31 150544]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
R1 vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2009-03-31 293528]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-01-13 954368]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-18 14208]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-02-26 4569088]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-12-26 2259296]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2008-07-28 116736]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-01-20 142848]
R3 smbusp;Intel® SMBus 2.0 Driver; C:\Windows\system32\DRIVERS\intelsmb.sys [2006-12-28 45184]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2006-11-22 982272]
S1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys []
S3 aw3ncyym;aw3ncyym; C:\Windows\system32\drivers\aw3ncyym.sys []
S3 ayhh3gat;ayhh3gat; C:\Windows\system32\drivers\ayhh3gat.sys []
S3 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-18 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM); C:\Windows\system32\drivers\lmvac.sys [2008-07-01 18912]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-18 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-18 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-18 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-18 6016]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2009-01-02 47360]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-18 83328]
S4 JRAID;JRAID; C:\Windows\system32\drivers\jraid.sys [2007-06-13 48256]
S4 nvrd32;NVIDIA nForce RAID Driver; C:\Windows\system32\drivers\nvrd32.sys [2007-07-02 131616]
S4 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-07-02 110112]
S4 viamraid;viamraid; C:\Windows\system32\drivers\viamraid.sys [2006-11-08 102912]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2006-11-02 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 HazardShield;Hazard Shield realtime; C:\Windows\system32\hzrService.exe [2009-03-28 73216]
R2 TestHandler;Fujitsu Siemens Computers Diagnostic Testhandler; C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe [2006-12-08 204800]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\System32\ZoneLabs\vsmon.exe [2009-03-31 2404232]
S2 gupdate1c9b153e39301d0;Google Update Service (gupdate1c9b153e39301d0); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-30 133104]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-27 34312]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-01 168432]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-27 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 Disk Cleaner Service;Disk Cleaner Service; C:\Program Files\Disk Cleaner\DiskCleanerService.exe [2008-11-25 83256]
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-12-05 935208]
S4 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-02-27 267824]
S4 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2009-04-11 66872]
S4 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2009-03-12 202008]

-----------------EOF-----------------

#8 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 12:05 AM

info.txt logfile of random's system information tool 1.06 2009-05-15 05:47:02

======Uninstall list======

-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\Intel 32\IDriver.exe /M{4C94F105-81D0-4AFC-8F0A-38949DC07F65} /l1033
-->MsiExec.exe /I{48ab1e8c-3e17-4c29-aaa0-a498b7ebaf9b}
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.4-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}
AnalogX HyperTrace-->C:\Program Files\AnalogX\HyperTrace\htraceu.exe
Anti-Hack-->MsiExec.exe /X{FE5B1AC1-AB1D-4F54-8446-BE6AF0B1BD7B}
AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"
AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
Chessmaster 10th Edition-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{E9AE9A91-AB45-4321-87BD-AD34855D944F}
CyberTweak Version 1.3 Final-->"C:\Program Files\CyberTweak\unins000.exe"
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
Desktop BBC News 0.97-->"C:\Program Files\Desktop BBC News\unins000.exe"
DMW Client SE -->C:\Program Files\DMW Client 3\uninst.exe
EVEREST Home Edition v2.20-->"C:\Program Files\Lavalys\EVEREST Home Edition\unins000.exe"
Flash Favorite 1.8-->"C:\Program Files\Flash Favorite\unins000.exe"
Freecorder Toolbar-->C:\PROGRA~1\Freecorder\UNWISE.EXE C:\PROGRA~1\Freecorder\INSTALL.LOG
GameSpy Arcade-->C:\PROGRA~1\GAMESP~1\UNWISE.EXE C:\PROGRA~1\GAMESP~1\INSTALL.LOG
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPU Caps Viewer v1.7.0-->"C:\Program Files\oZone3D\GPU_Caps_Viewer_v1.7.0\unins000.exe"
Hazard Shield-->C:\Program Files\Hazard Shield\Uninstall.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hitman Blood Money-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A804B134-F03D-4EFD-9BC0-DCD257AA1B22}\setup.exe" -l0x9 -removeonly
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® TV Wizard-->C:\Windows\system32\TVWizudlg.exe -uninstall
Line Speed Meter-->MsiExec.exe /I{D40491E3-35AB-4757-B1F0-94C9100C2F4E}
MagicDisc 2.7.105-->C:\PROGRA~1\MagicDisc\UNWISE.EXE C:\PROGRA~1\MagicDisc\INSTALL.LOG
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Medal of Honor Allied Assault™ Breakthrough-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{823A68CC-3049-4A6B-8F63-7DC85E4BB1C9}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7914BE1E-F186-4790-B8F4-9F63C52A41C1}\Setup.exe" -l0x9
Medal of Honor Allied Assault™ Spearhead-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BE699EDC-9E58-4671-A23E-9CDF7F6F42F2}\Setup.exe" -l0x9
Medal of Honor Allied Assault-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0DEA94ED-915A-4834-A87E-388D012C8E02}\Setup.exe" -l0x9
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Speech SDK 5.1-->MsiExec.exe /I{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\Windows\INF\msTTSf22.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MindMapper 2008-->C:\Program Files\InstallShield Installation Information\{232E984E-F02D-4DAE-80F4-97884EC52F16}\setup.exe -runfromtemp -l0x0009 -removeonly
Mozilla Firefox (3.0.10)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
NextUp-ScanSoft Claire Netherlands Dutch Voice-->MsiExec.exe /I{125A9FAE-8F13-4CF6-9AD0-3EDE722D71DC}
PaltalkScene-->"C:\Windows\PaltalkScene\uninstall.exe" "/U:C:\Program Files\Paltalk Messenger\irunin.xml"
Perfect Uninstaller v5.8-->"C:\Program Files\Perfect Uninstaller\unins000.exe"
Playchess-->"C:\Program Files\InstallShield Installation Information\{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}\setup.exe" -runfromtemp -l0x0009 -removeonly
Privoxy 3.0.6-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd.exe -r -m -nrg2709
Reg Organizer 4.21-->"C:\Program Files\Reg Organizer\unins000.exe"
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Riva FLV Encoder 2.0-->"C:\Program Files\Riva\Riva FLV Encoder 2.0\unins000.exe"
SecondLife (remove only)-->"C:\Program Files\SecondLife\uninst.exe"
Soldier of Fortune II - Double Helix-->C:\PROGRA~1\Soldier of Fortune II - Double Helix\Uninstall\Unwise.exe /u C:\PROGRA~1\Soldier of Fortune II - Double Helix\Uninstall\install.log
SpeedFan (remove only)-->"C:\Program Files\SpeedFan\uninstall.exe"
SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}
System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe
tbbMeter-->MsiExec.exe /X{23875609-A02D-4DD2-AEC3-B3408295F9D7}
Test My Hardware 2.4-->"C:\Program Files\Test My Hardware\unins000.exe"
ToggleEN Toolbar-->C:\PROGRA~1\ToggleEN\UNWISE.EXE /U C:\PROGRA~1\ToggleEN\INSTALL.LOG
Tor 0.2.0.34-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
Uniblue DriverScanner 2009-->"C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue DriverScanner 2009-->C:\ProgramData\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
Uniblue RegistryBooster 2009-->"C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue RegistryBooster 2009-->C:\ProgramData\{92E7A367-8E12-4830-AA70-29C32E331A81}\Uniblue RegistryBooster.exe
Uniblue SpeedUpMyPC 2009-->"C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe" REMOVE=TRUE MODIFY=FALSE
Uniblue SpeedUpMyPC 2009-->C:\ProgramData\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe
Unlocker 1.8.7-->C:\Program Files\Unlocker\uninst.exe
VC 9.0 Runtime-->MsiExec.exe /I{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}
Ventrilo Client-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Vidalia 0.1.10-->"C:\Program Files\Vidalia Bundle\Uninstall.exe"
WordWeb-->C:\Program Files\WordWeb\uninst.exe
ZoneAlarm Security Suite-->C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe

=====HijackThis Backups=====

O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun [2009-05-02]

======Security center information======

AV: ZoneAlarm Security Suite Antivirus (outdated)
FW: ZoneAlarm Security Suite Firewall
AS: ZoneAlarm Security Suite Anti-Spyware (outdated)
AS: Windows Defender
AS: SUPERAntiSpyware (disabled)

======System event log======

Computer Name: bixby-PC
Event Code: 7001
Message: The Windows Media Player Network Sharing Service service depends on the UPnP Device Host service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
Record Number: 130807
Source Name: Service Control Manager
Time Written: 20090429102057.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 7022
Message: The Windows Update service hung on starting.
Record Number: 130815
Source Name: Service Control Manager
Time Written: 20090429102528.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 1003
Message:
Record Number: 130826
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090429111448.000000-000
Event Type: Warning
User:

Computer Name: bixby-PC
Event Code: 1002
Message: The IP address lease 192.168.0.2 for the Network Card with network address 0016448A0E3E has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
Record Number: 130827
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20090429111448.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 6008
Message: The previous system shutdown at 13:44:15 on 29/04/2009 was unexpected.
Record Number: 130840
Source Name: EventLog
Time Written: 20090429124548.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: bixby-PC
Event Code: 20
Message:
Record Number: 43679
Source Name: Google Update
Time Written: 20090515040656.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM

Computer Name: bixby-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksCal.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 43698
Source Name: SideBySide
Time Written: 20090515044357.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksdb.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 43699
Source Name: SideBySide
Time Written: 20090515044357.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\wksss.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 43700
Source Name: SideBySide
Time Written: 20090515044357.000000-000
Event Type: Error
User:

Computer Name: bixby-PC
Event Code: 33
Message: Activation context generation failed for "C:\Windows\Installer\{67E03279-F703-408F-B4BF-46B5FC8D70CD}\WksWP.exe". Dependent Assembly msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0" could not be found. Please use sxstrace.exe for detailed diagnosis.
Record Number: 43701
Source Name: SideBySide
Time Written: 20090515044358.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: bixby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys
Record Number: 43905
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515044650.810306-000
Event Type: Audit Failure
User:

Computer Name: bixby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\vsdatant.sys
Record Number: 43906
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515044652.651106-000
Event Type: Audit Failure
User:

Computer Name: bixby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\vsdatant.sys
Record Number: 43907
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515044652.697906-000
Event Type: Audit Failure
User:

Computer Name: bixby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\vsdatant.sys
Record Number: 43908
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515044652.729106-000
Event Type: Audit Failure
User:

Computer Name: bixby-PC
Event Code: 5038
Message: Code integrity determined that the image hash of a file is not valid. The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.

File Name: \Device\HarddiskVolume2\Windows\System32\drivers\vsdatant.sys
Record Number: 43909
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20090515044652.775906-000
Event Type: Audit Failure
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"tvdumpflags"=8

-----------------EOF-----------------

#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:48 AM

Posted 15 May 2009 - 01:23 AM

Hi ocean80,



Due to the warning from the developer of combofix, this tool should not run by oneself for being unsupervised. Sometimes, it may result into an unbootable machine. Since you have run it, May I see the log in C:\combofix.txt if it's still available.

It seemed you had AVG leftovers on your system. Please go to Here to download AVG remover to remove the leftovers.


Step1

Please delete combofix and redownload a new one to your desktop from the following thread:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
C:\Windows\system32\drivers\aw3ncyym.sys 
C:\Windows\system32\drivers\ayhh3gat.sys 

Folder::
C:\Program Files\AskBarDis

Driver::
ayhh3gat
aw3ncyym

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"=-
"{A057A204-BACC-4D26-9990-79A187E2698E}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"=-


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

After running Combofix, Please go to http://windowsupdate.microsoft.com check if you can update windows now. If not, please do the following:


Step2

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below

regsvr32 /s wuapi.dll
regsvr32 /s wuaueng1.dll
regsvr32 /s wuaueng.dll
regsvr32 /s wucltui.dll
regsvr32 /s wups2.dll
regsvr32 /s wups.dll
regsvr32 /s wuweb.dll

Save this as Fix.bat and change the "Save as type" to "All Files" and place it on your desktop.

Double click it and A dos window may open and close. That is normal. Please restart your pc.

Please disable Zone Alarm Firewall for temporarily. Then go to http://windowsupdate.microsoft.com check whether the issue is resolved.

If still no joy, I will recommend you Uninstall ZoneAlarm Security Suite for temporarily and try it. After that, you should reinstall ZoneAlarm Security Suite.


In your next reply, please post back:


1.Combofix log(Old&New)
2.New HJT log

Tell me how things are going now.

#10 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 08:39 AM

Hi Sundavis

Thankyou for taking the time to look through my logs.

Unfortunately i'am still unable to use windows update, as it comes up with error code 80072efd

I will list out what i have done so far in trying to resolve the problem.

I have downloaded the AVG remover and removed all the leftover files.

I have deleted the old combofix file and downloaded a new copy. For some reason though, i wasn't able to save this file to the desktop, as it was automatically saved to my download folder instead. I tried to transfer combofix to my desktop but it would only appear as a shortcut.

Then i copied the code into the notebook and placed it on the desktop, whereby i dragged the CFScript.txt into the ComboFix.exe.

I then copied the code into the notebook and created a Fix.bat file.

I unistalled zonealarm and disabled microsoft firewall.

Im not sure if this is linked to my problem but around about the same time windowsupdate stopped working, my pc was infected with a TROJ_PROXY.AEI file. I manage to find a link about the virus and i followed the instructions from this website http://threatinfo.trendmicro.com/vinfo/vir...EI&VSect=Sn

Also i followed some advice from a website, that recommended renaming the SoftwareDistribution folder to SoftwareDistribution.old, which i did. I noticed though, both folders are still present and the SoftwareDistribution is 26.7mb and the SoftwareDistribution.old is 230kb.

I will post the combofix and hijackthis logs separately. Unfortunately though i no longer have the old combofix logs.

Thankyou once again for taking the time in helping me with this problem.

#11 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 08:40 AM

ComboFix 09-05-14.05 - bixby 15/05/2009 12:21.10 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1014.350 [GMT 1:00]
Running from: c:\users\bixby\Downloads\ComboFix.exe
Command switches used :: c:\users\bixby\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *disabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}
* Created a new restore point

FILE ::
c:\windows\system32\drivers\aw3ncyym.sys
c:\windows\system32\drivers\ayhh3gat.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 04:46 . 2009-05-15 04:47 -------- d-----w C:\rsit
2009-05-11 11:14 . 2009-03-09 14:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-05-11 11:14 . 2009-03-09 14:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-05-11 11:14 . 2009-03-09 14:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-05-11 11:14 . 2009-03-16 13:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-05-11 11:14 . 2009-03-16 13:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-05-11 11:14 . 2009-03-16 13:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-05-11 11:14 . 2009-03-16 13:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-05-11 09:44 . 2009-05-11 09:44 -------- d-----w c:\program files\oZone3D
2009-05-11 09:25 . 2009-05-11 09:26 -------- d-----w c:\users\bixby\AppData\Roaming\SystemRequirementsLab
2009-05-11 09:18 . 2009-05-11 09:18 -------- d-----w c:\program files\directx
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w c:\windows\CheckSur
2009-05-04 00:33 . 2009-02-26 10:05 398336 ----a-w c:\windows\system32\TVWizudlg.exe
2009-05-04 00:33 . 2009-02-26 10:04 140288 ----a-w c:\windows\system32\igfxtvcx.dll
2009-05-03 02:48 . 2009-05-03 02:49 -------- d--h--w C:\$AVG8.VAULT$
2009-05-02 13:18 . 2009-05-03 22:58 -------- d-----w c:\programdata\Zenturi
2009-05-02 12:07 . 2009-05-03 22:58 -------- d-----w c:\programdata\avg8
2009-04-30 01:23 . 2009-04-30 01:23 -------- d-----w c:\users\bixby\AppData\Roaming\MailFrontier
2009-04-30 01:20 . 2009-05-15 10:39 56001824 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-30 01:16 . 2009-03-31 18:20 72584 ----a-w c:\windows\zllsputility.exe
2009-04-30 01:15 . 2009-03-31 18:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-04-30 01:15 . 2009-03-31 18:22 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-04-26 15:37 . 2009-04-26 16:14 -------- d-----w c:\program files\Flash Favorite
2009-04-24 23:57 . 2009-05-04 12:31 -------- d-----w c:\program files\SpeedFan
2009-04-24 23:46 . 2009-05-03 22:58 -------- d-----w c:\program files\Lavalys
2009-04-23 19:29 . 2009-05-03 22:57 -------- d-----w c:\program files\AnalogX
2009-04-21 11:24 . 2009-04-21 11:24 -------- d-----w c:\program files\Test My Hardware
2009-04-17 20:39 . 2009-04-17 20:44 -------- d-----w c:\users\bixby\AppData\Roaming\Desktop BBC News
2009-04-17 20:39 . 2009-04-17 20:39 -------- d-----w c:\program files\Desktop BBC News
2009-04-17 20:05 . 2005-08-01 11:56 1321984 ----a-w c:\windows\system32\RSS2HTMLScout.dll
2009-04-17 20:05 . 2009-04-17 20:05 -------- d-----w c:\program files\My RSS Toolbar
2009-04-17 20:05 . 2009-04-17 20:05 -------- d-----w c:\users\bixby\AppData\Roaming\Feed Scout
2009-04-16 21:03 . 2009-04-16 21:03 -------- d-----w C:\fsaua.data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 11:14 . 2009-04-30 01:15 351220 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-05-15 10:39 . 2009-04-30 01:20 677036 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 23:14 . 2008-11-21 11:19 -------- d-----w c:\program files\DNA
2009-05-13 10:52 . 2008-11-22 10:53 -------- d-----w c:\program files\GameSpy Arcade
2009-05-11 09:26 . 2008-11-22 04:05 -------- d-----w c:\program files\SystemRequirementsLab
2009-05-07 10:39 . 2008-11-22 12:41 -------- d-----w c:\program files\Download Manager
2009-05-04 00:33 . 2009-02-12 15:01 -------- d-----w c:\program files\Intel
2009-05-03 22:58 . 2009-03-28 20:06 -------- d-----w c:\program files\Splunk
2009-05-03 22:58 . 2009-03-05 23:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-03 22:58 . 2009-02-22 13:05 -------- d-----w c:\program files\Soldier of Fortune II - Double Helix
2009-05-03 22:58 . 2008-11-22 03:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 22:58 . 2009-03-21 15:44 -------- d-----w c:\program files\Vidalia Bundle
2009-05-03 22:58 . 2009-02-12 14:45 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-05-03 22:58 . 2009-02-09 09:57 -------- d-----w c:\program files\Common Files\Nero
2009-05-03 22:58 . 2009-02-14 19:31 -------- d-----w c:\program files\Eidos
2009-05-03 22:58 . 2009-02-14 19:26 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-03 22:58 . 2009-02-14 19:25 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-03 22:58 . 2008-12-02 17:04 -------- d-----w c:\program files\Freeze.com
2009-05-03 22:58 . 2008-11-22 02:44 -------- d-----w c:\program files\Google
2009-05-03 14:10 . 2009-03-23 18:10 -------- d-----w c:\program files\Unlocker
2009-04-29 20:33 . 2009-04-02 17:21 -------- d-----w c:\program files\Visual IP Trace 2008
2009-04-18 10:58 . 2008-12-22 02:38 -------- d-----w c:\program files\FrostWire
2009-04-13 15:52 . 2009-04-13 15:52 -------- d-----w c:\program files\WordWeb
2009-04-10 23:48 . 2008-12-12 18:57 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-09 12:44 . 2008-11-27 15:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 14:32 . 2008-11-27 15:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-27 15:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 09:02 . 2009-04-06 09:02 -------- d-----w c:\program files\Microsoft Chat
2009-04-05 23:35 . 2009-04-05 23:35 -------- d-----w c:\program files\FreeFolderHider
2009-04-05 17:50 . 2009-04-05 17:50 -------- d-----w c:\program files\Internet Chess Club
2009-04-03 12:43 . 2009-04-03 11:35 -------- d-----w c:\program files\Kontiki
2009-03-30 16:51 . 2009-03-05 23:16 -------- d-----w c:\users\bixby\AppData\Roaming\SUPERAntiSpyware.com
2009-03-30 16:50 . 2009-03-05 23:15 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 23:04 . 2009-03-28 23:04 -------- d-----w c:\program files\Anti-Hack
2009-03-28 18:52 . 2009-03-28 18:52 73216 ----a-w c:\windows\system32\hzrService.exe
2009-03-28 18:52 . 2009-03-28 18:52 70144 ----a-w c:\windows\system32\hzrTray.exe
2009-03-28 18:50 . 2009-03-28 18:50 -------- d-----w c:\program files\Hazard Shield
2009-03-28 18:50 . 2009-03-28 18:50 180224 ----a-w c:\windows\system32\pausep.exe
2009-03-26 10:03 . 2009-01-18 22:34 -------- d-----w c:\program files\ToggleEN
2009-03-26 10:03 . 2008-12-05 15:15 -------- d-----w c:\program files\free-downloads.net
2009-03-24 18:06 . 2008-11-21 11:19 -------- d-----w c:\program files\BitTorrent
2009-03-21 01:22 . 2009-03-21 01:22 -------- d-----w c:\program files\NCT
2009-03-20 16:08 . 2009-03-20 00:03 878080 ----a-w c:\windows\system32\iconv.dll
2009-03-20 16:08 . 2009-03-20 00:03 721920 ----a-w c:\windows\system32\libxml2.dll
2009-03-20 16:08 . 2009-03-20 00:03 51200 ----a-w c:\windows\system32\libexslt.dll
2009-03-20 16:08 . 2009-03-20 00:03 150016 ----a-w c:\windows\system32\libxslt.dll
2009-03-20 13:36 . 2009-03-20 13:36 -------- d-----w c:\program files\Perfect Uninstaller
2009-03-20 00:42 . 2009-03-20 00:42 93 ----a-w c:\users\bixby\AppData\Local\fusioncache.dat
2009-03-19 23:59 . 2009-03-19 23:59 163840 ----a-r c:\windows\system32\_ISUSER.DLL
2009-03-12 14:50 . 2009-03-12 14:50 0 ----a-w c:\windows\nsreg.dat
2009-03-12 14:23 . 2008-12-12 18:57 139096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 14:22 . 2008-12-12 18:57 202008 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-10 07:54 . 2007-12-25 11:45 997912 ----a-w c:\windows\system32\igxpun.exe
2009-03-08 11:34 . 2009-03-20 20:03 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-20 20:03 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 20:03 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-20 20:03 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 20:03 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 20:03 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 20:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 20:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 20:03 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 20:03 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 20:03 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-20 20:03 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 20:03 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-20 20:03 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 20:03 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 20:03 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 20:03 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-20 20:03 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-04 22:22 . 2008-11-22 03:58 262144 ----a-w C:\ntuser.dat
2009-03-02 23:42 . 2008-12-20 16:55 680 ----a-w c:\users\bixby\AppData\Local\d3d9caps.dat
2009-03-01 18:14 . 2008-11-17 12:08 73040 ----a-w c:\users\bixby\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-26 11:57 . 2009-02-26 11:57 8198680 ----a-w c:\windows\system32\TVWSetup.exe
2009-02-26 11:57 . 2009-02-26 11:57 141848 ----a-w c:\windows\system32\igfxtray.exe
2009-02-26 11:57 . 2008-10-28 08:43 252952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-02-26 11:57 . 2008-10-28 08:43 150552 ----a-w c:\windows\system32\igfxpers.exe
2009-02-26 11:57 . 2009-02-26 11:57 668696 ----a-w c:\windows\system32\igfxcfg.exe
2009-02-26 11:57 . 2009-02-26 11:57 173080 ----a-w c:\windows\system32\igfxext.exe
2009-02-26 11:57 . 2008-10-28 08:43 173592 ----a-w c:\windows\system32\hkcmd.exe
2009-02-26 11:49 . 2009-02-26 11:49 151552 ----a-w c:\windows\system32\igfxCoIn_v1666.dll
2009-02-26 11:39 . 2009-02-26 11:39 4569088 ----a-w c:\windows\system32\drivers\igdkmd32.sys
2009-02-26 11:39 . 2007-12-25 11:44 3821568 ----a-w c:\windows\system32\igdumd32.dll
2009-02-26 11:38 . 2009-02-26 11:38 1498564 ----a-w c:\windows\system32\igkrng400.bin
2009-02-26 11:34 . 2008-10-28 08:25 536576 ----a-w c:\windows\system32\igdumdx32.dll
2009-02-26 11:26 . 2008-12-23 10:33 2576384 ----a-w c:\windows\system32\igd10umd32.dll
2009-02-26 11:16 . 2009-02-26 11:16 2674688 ----a-w c:\windows\system32\ig4dev32.dll
2009-02-26 11:16 . 2009-02-26 11:16 4112384 ----a-w c:\windows\system32\ig4icd32.dll
2009-02-26 11:05 . 2007-12-25 11:44 257536 ----a-w c:\windows\system32\igfxTMM.dll
2009-02-26 11:05 . 2009-02-26 11:05 59392 ----a-w c:\windows\system32\oemdspif.dll
2009-02-26 11:04 . 2009-02-26 11:04 200192 ----a-w c:\windows\system32\igfxpph.dll
2009-02-26 11:04 . 2009-02-26 11:04 23552 ----a-w c:\windows\system32\igfxexps.dll
2009-02-26 11:04 . 2007-12-25 11:44 51712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-02-26 11:04 . 2009-02-26 11:04 130048 ----a-w c:\windows\system32\igfxdo.dll
2009-02-26 11:03 . 2007-12-25 11:44 94208 ----a-w c:\windows\system32\hccutils.dll
2009-02-26 11:03 . 2009-02-26 11:03 5702656 ----a-w c:\windows\system32\igfxress.dll
2009-02-26 11:03 . 2007-12-25 11:44 210432 ----a-w c:\windows\system32\igfxdev.dll
2009-02-26 10:02 . 2007-12-25 11:45 319456 ----a-w c:\windows\system32\difxapi.dll
2009-02-15 00:45 . 2009-02-15 00:44 2788800 ----a-w c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 ----a-w c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-06-15 20:50 1571864 ----a-w c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 14:04 398768 ----a-w c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 8C99888C80
"NoViewOnDrive"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-438931435-1916302650-4023391876-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6D20B0FF-EFDC-40A4-A507-821AA48896B2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233E9D4F-0379-4E87-81B8-9D760715E843}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EC830771-7530-4821-A33A-21E84239905C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{69851748-C30C-44AF-9263-6E89F6514E2A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4D24FAD2-74F3-4110-872F-DBD03CB89050}"= UDP:c:\program files\EA GAMES\MOHAA\MOHAA.exe:Medal of Honor Allied Assault
"{F7EA81E7-29E8-4339-8CF9-10F82B08BEEE}"= TCP:c:\program files\EA GAMES\MOHAA\MOHAA.exe:Medal of Honor Allied Assault
"TCP Query User{48436E88-C33E-4D33-A074-E10EE2468A6C}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A997D9DD-20BB-4B82-AE56-291B2EF6ED10}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{F4563726-53B8-4431-8C36-1CC750466D53}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{2CD8EDE9-EF44-42A3-9066-1810716064A5}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{047C8753-DE37-4C33-A81F-6CD15BEF84CD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{40522338-8282-445A-A8CC-F9161D32F4D3}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7F5F5361-8676-4959-BD7C-8248C27AE3BF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A3616177-6AD4-4F07-881D-F17DE97E0E0C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{23964805-B2DF-4F37-8EEB-7803ED60A547}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F24B037F-5540-472A-84BA-FCE2CBCF1CC9}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D1CF865D-C014-4713-B4BD-F7A0B95F77A6}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{BD8758FF-A0F3-4889-936C-DD198AFC5D25}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{085690A6-6114-430D-BACD-6F0E46963460}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{53D1EE6A-DCB3-4E27-AB3F-E6B7398C948A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{CF66309F-2971-4D68-975E-1D5ED631708B}"= UDP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service
"{14DB334E-6C62-45E4-8815-DC174855D3BD}"= TCP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 HazardShield;Hazard Shield realtime;c:\windows\System32\hzrService.exe [28/03/2009 19:52 73216]
S2 gupdate1c9b153e39301d0;Google Update Service (gupdate1c9b153e39301d0);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 17:23 133104]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\System32\drivers\lmvac.sys [17/12/2008 19:52 18912]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
S4 Disk Cleaner Service;Disk Cleaner Service;c:\program files\Disk Cleaner\DiskCleanerService.exe [25/11/2008 03:14 83256]
S4 Registry Helper Service;Registry Helper Service; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028de3c0-facc-11dd-9e8e-00030d8945c2}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\CChat25.inf,PerUserRemove
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 16:22]

2009-05-15 c:\windows\Tasks\User_Feed_Synchronization-{0D47391B-573A-4630-A610-FB9F2BCDB98F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-20 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SYSTRAN Lookup
IE: SYSTRAN Translate
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\bixby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20https\v5.windowsupdate
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\users\bixby\AppData\Roaming\Mozilla\Firefox\Profiles\b8gqrtok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\bixby\AppData\Roaming\Mozilla\Firefox\Profiles\b8gqrtok.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 12:26
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP00000042C545E3118184A820 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2009-05-15 12:28
ComboFix-quarantined-files.txt 2009-05-15 11:28
ComboFix2.txt 2009-05-01 03:20

Pre-Run: 1,133,678,592 bytes free
Post-Run: 868,765,696 bytes free

358

#12 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 08:41 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:30:39, on 15/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
R3 - URLSearchHook: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTogg.dll
O3 - Toolbar: Freecorder Toolbar - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFree.dll
O3 - Toolbar: My RSS Toolbar - {32B6087E-4812-4E86-A436-45CC49399520} - C:\PROGRA~1\MYRSST~1\MYRSST~1.DLL
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\bixby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com%20https
O15 - Trusted Zone: http://download.windowsupdate.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Update Service (gupdate1c9b153e39301d0) (gupdate1c9b153e39301d0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hazard Shield realtime (HazardShield) - Orbitech - C:\Windows\system32\hzrService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6819 bytes

#13 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:48 AM

Posted 15 May 2009 - 09:33 AM

Hi ocean80,



Step1
  • Close any open browsers
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
File::
c:\windows\TEMP\TMP00000042C545E3118184A820

Folder::
c:\programdata\avg8

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000000
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet010\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2

Please run HijackThis! and click "Do a system scan only." Place checks next to the following entries,(if present):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O15 - Trusted Zone: http://v5.windowsupdate.microsoft.com%20https
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

Close all browsers and other windows except for HijackThis!, and click "Fix Checked". Restart your pc.


Step3

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.Vista users - right click on the IE icon and run as administrator
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
Step4

According to Windows Update error 80072efd, it usually means that a program running on your computer is preventing Windows Update Services (SVCHOST) from accessing the Internet. Programs that might do this include firewalls, anti-spyware software, web accelerators, Internet security or antivirus programs, and proxy servers.

Now, you should delete this renamed folder--->SoftwareDistribution.old , If I am not mistaken, That method just only fits for XP, not for Vista.

Please go to ---> http://support.microsoft.com/?kbid=836941 Do as you're instructed in that thread. Make sure you are doing right in every step in Windows Vista.



In you next reply, please post back:

1.Combofix log
2.ESET online scan report

Tell me how things went.

Edited by sundavis, 15 May 2009 - 01:21 PM.


#14 ocean80

ocean80
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:02:48 AM

Posted 15 May 2009 - 02:46 PM

Hi Sundavis

I really appreciate the time you have taken in trying to resolve my problem but
Unfortunately it's still coming up with windows update error 80072efd.

As my pc seem's to be free of malware, should i contact microsoft about this?

I will post the combofix and eset scans separately.


Thankyou

ComboFix 09-05-14.07 - bixby 15/05/2009 15:50.11 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1014.327 [GMT 1:00]
Running from: c:\users\bixby\Downloads\ComboFix.exe
Command switches used :: c:\users\bixby\Desktop\CFScript.txt
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Outdated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: ZoneAlarm Security Suite Anti-Spyware *disabled* (Outdated) {F245A209-1085-48B4-B927-35D56015EC60}

FILE ::
c:\windows\TEMP\TMP00000042C545E3118184A820
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\avg8
c:\programdata\avg8\Cfg\krnl.cfg
c:\programdata\avg8\Cfg\mail.cfg
c:\programdata\avg8\Cfg\malrep.cfg
c:\programdata\avg8\Cfg\scan.cfg
c:\programdata\avg8\Cfg\sched.cfg
c:\programdata\avg8\Cfg\setup.cfg
c:\programdata\avg8\Cfg\update.cfg
c:\programdata\avg8\Cfg\updatecomps.cfg
c:\programdata\avg8\Cfg\user.cfg
c:\programdata\avg8\CfgAll\changecfgreg.cfg
c:\programdata\avg8\CfgAll\updateall.cfg
c:\programdata\avg8\emc\Log\emc.log
c:\programdata\avg8\Log\avgcfg.log
c:\programdata\avg8\Log\avgcfg.log.lock
c:\programdata\avg8\Log\avgcore.log
c:\programdata\avg8\Log\avgcore.log.1
c:\programdata\avg8\Log\avgcore.log.2
c:\programdata\avg8\Log\avgcore.log.lock
c:\programdata\avg8\Log\avgfrw.log
c:\programdata\avg8\Log\avgfrw.log.lock
c:\programdata\avg8\Log\avgldr.log
c:\programdata\avg8\Log\avgldr.log.lock
c:\programdata\avg8\Log\avglng.log
c:\programdata\avg8\Log\avglng.log.lock
c:\programdata\avg8\Log\avgns.log
c:\programdata\avg8\Log\avgns.log.lock
c:\programdata\avg8\Log\avgrs.log
c:\programdata\avg8\Log\avgrs.log.1
c:\programdata\avg8\Log\avgrs.log.lock
c:\programdata\avg8\Log\avgscan.log
c:\programdata\avg8\Log\avgscan.log.lock
c:\programdata\avg8\Log\avgsched.log
c:\programdata\avg8\Log\avgsched.log.lock
c:\programdata\avg8\Log\avgsrm.log
c:\programdata\avg8\Log\avgsrm.log.lock
c:\programdata\avg8\Log\avgui.log
c:\programdata\avg8\Log\avgui.log.lock
c:\programdata\avg8\Log\avguilog.cfg
c:\programdata\avg8\Log\avgupd.log
c:\programdata\avg8\Log\avgupd.log.lock
c:\programdata\avg8\Log\avgwd.log
c:\programdata\avg8\Log\avgwd.log.lock
c:\programdata\avg8\Log\avgwdsvc.log
c:\programdata\avg8\Log\avgwdsvc.log.lock
c:\programdata\avg8\Log\cfgexlog.cfg
c:\programdata\avg8\Log\cfglog.cfg
c:\programdata\avg8\Log\commonpriv.log
c:\programdata\avg8\Log\commonpriv.log.lock
c:\programdata\avg8\Log\commonpub.log
c:\programdata\avg8\Log\commonpub.log.lock
c:\programdata\avg8\Log\corelog.cfg
c:\programdata\avg8\Log\fixcfg.log
c:\programdata\avg8\Log\fixcfg.log.lock
c:\programdata\avg8\Log\history.xml
c:\programdata\avg8\Log\ldrlog.cfg
c:\programdata\avg8\Log\lnglog.cfg
c:\programdata\avg8\Log\nslog.cfg
c:\programdata\avg8\Log\privlog.cfg
c:\programdata\avg8\Log\publog.cfg
c:\programdata\avg8\Log\rslog.cfg
c:\programdata\avg8\Log\scanlog.cfg
c:\programdata\avg8\Log\schedlog.cfg
c:\programdata\avg8\Log\srmlog.cfg
c:\programdata\avg8\Log\updlog.cfg
c:\programdata\avg8\Log\vaultlog.cfg
c:\programdata\avg8\Log\wdlog.cfg
c:\programdata\avg8\Log\wdsvclog.cfg
c:\programdata\avg8\scanlogs\I_00000005.log
c:\programdata\avg8\scanlogs\I_00000006.log
c:\programdata\avg8\scanlogs\I_00000007.log
c:\programdata\avg8\scanlogs\I_00000008.log
c:\programdata\avg8\scanlogs\I_00000009.log
c:\programdata\avg8\scanlogs\srm.idx
c:\programdata\avg8\update\backup\ph.dat
c:\programdata\avg8\update\backup\sb.dat
c:\programdata\avg8\update\backup\sb.dat.xcd
c:\programdata\avg8\update\backup\sb2.dat
c:\programdata\avg8\update\backup\sc.dat
c:\programdata\avg8\update\backup\sc.dat.xcd
c:\programdata\avg8\update\download\avginfoavi.ctf
c:\programdata\avg8\update\download\avginfowin.ctf
c:\programdata\avg8\update\download\u7avi1508u13231e.bin
c:\programdata\avg8\update\download\u7avi1510u1495zm.bin
c:\programdata\avg8\update\download\u7iavi2091u20131q.bin
c:\programdata\avg8\update\download\u7iavi2093u2091zn.bin
c:\programdata\avg8\update\download\w8fc351c.bin
c:\programdata\avg8\update\download\x8xplph_63b.bin
c:\programdata\avg8\update\download\x8xplsb_543b.bin
c:\programdata\avg8\update\download\x8xplsb2_69z0.bin
c:\programdata\avg8\update\download\x8xplsc_79wb.bin
c:\programdata\avg8\update\prepare\incavi.avm

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-15 12:35 . 2009-05-15 12:35 -------- d-----w c:\users\bixby\AppData\Roaming\MailFrontier
2009-05-15 12:32 . 2009-05-15 14:48 5686048 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-15 12:28 . 2009-03-31 18:20 72584 ----a-w c:\windows\zllsputility.exe
2009-05-15 12:28 . 2009-03-31 18:20 1221512 ----a-w c:\windows\system32\zpeng25.dll
2009-05-15 12:27 . 2009-03-31 18:22 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-05-15 04:46 . 2009-05-15 04:47 -------- d-----w C:\rsit
2009-05-11 11:14 . 2009-03-09 14:27 1846632 ----a-w c:\windows\system32\D3DCompiler_41.dll
2009-05-11 11:14 . 2009-03-09 14:27 453456 ----a-w c:\windows\system32\d3dx10_41.dll
2009-05-11 11:14 . 2009-03-09 14:27 4178264 ----a-w c:\windows\system32\D3DX9_41.dll
2009-05-11 11:14 . 2009-03-16 13:18 69448 ----a-w c:\windows\system32\XAPOFX1_3.dll
2009-05-11 11:14 . 2009-03-16 13:18 517448 ----a-w c:\windows\system32\XAudio2_4.dll
2009-05-11 11:14 . 2009-03-16 13:18 235352 ----a-w c:\windows\system32\xactengine3_4.dll
2009-05-11 11:14 . 2009-03-16 13:18 22360 ----a-w c:\windows\system32\X3DAudio1_6.dll
2009-05-11 09:44 . 2009-05-11 09:44 -------- d-----w c:\program files\oZone3D
2009-05-11 09:25 . 2009-05-11 09:26 -------- d-----w c:\users\bixby\AppData\Roaming\SystemRequirementsLab
2009-05-11 09:18 . 2009-05-11 09:18 -------- d-----w c:\program files\directx
2009-05-09 18:11 . 2009-05-09 18:11 -------- d-----w c:\windows\CheckSur
2009-05-04 00:33 . 2009-02-26 10:05 398336 ----a-w c:\windows\system32\TVWizudlg.exe
2009-05-04 00:33 . 2009-02-26 10:04 140288 ----a-w c:\windows\system32\igfxtvcx.dll
2009-05-03 02:48 . 2009-05-03 02:49 -------- d--h--w C:\$AVG8.VAULT$
2009-05-02 13:18 . 2009-05-03 22:58 -------- d-----w c:\programdata\Zenturi
2009-04-26 15:37 . 2009-04-26 16:14 -------- d-----w c:\program files\Flash Favorite
2009-04-24 23:57 . 2009-05-04 12:31 -------- d-----w c:\program files\SpeedFan
2009-04-24 23:46 . 2009-05-03 22:58 -------- d-----w c:\program files\Lavalys
2009-04-23 19:29 . 2009-05-03 22:57 -------- d-----w c:\program files\AnalogX
2009-04-21 11:24 . 2009-04-21 11:24 -------- d-----w c:\program files\Test My Hardware
2009-04-17 20:39 . 2009-04-17 20:44 -------- d-----w c:\users\bixby\AppData\Roaming\Desktop BBC News
2009-04-17 20:39 . 2009-04-17 20:39 -------- d-----w c:\program files\Desktop BBC News
2009-04-17 20:05 . 2005-08-01 11:56 1321984 ----a-w c:\windows\system32\RSS2HTMLScout.dll
2009-04-17 20:05 . 2009-04-17 20:05 -------- d-----w c:\program files\My RSS Toolbar
2009-04-17 20:05 . 2009-04-17 20:05 -------- d-----w c:\users\bixby\AppData\Roaming\Feed Scout
2009-04-16 21:03 . 2009-04-16 21:03 -------- d-----w C:\fsaua.data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 14:45 . 2009-05-15 12:27 351219 ---ha-w c:\windows\system32\drivers\vsconfig.xml
2009-05-15 12:33 . 2009-05-15 12:32 32 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-14 23:14 . 2008-11-21 11:19 -------- d-----w c:\program files\DNA
2009-05-13 10:52 . 2008-11-22 10:53 -------- d-----w c:\program files\GameSpy Arcade
2009-05-11 09:26 . 2008-11-22 04:05 -------- d-----w c:\program files\SystemRequirementsLab
2009-05-07 10:39 . 2008-11-22 12:41 -------- d-----w c:\program files\Download Manager
2009-05-04 00:33 . 2009-02-12 15:01 -------- d-----w c:\program files\Intel
2009-05-03 22:58 . 2009-03-28 20:06 -------- d-----w c:\program files\Splunk
2009-05-03 22:58 . 2009-03-05 23:16 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-03 22:58 . 2009-02-22 13:05 -------- d-----w c:\program files\Soldier of Fortune II - Double Helix
2009-05-03 22:58 . 2008-11-22 03:07 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-03 22:58 . 2009-03-21 15:44 -------- d-----w c:\program files\Vidalia Bundle
2009-05-03 22:58 . 2009-02-12 14:45 -------- d-----w c:\program files\PC Drivers HeadQuarters
2009-05-03 22:58 . 2009-02-09 09:57 -------- d-----w c:\program files\Common Files\Nero
2009-05-03 22:58 . 2009-02-14 19:31 -------- d-----w c:\program files\Eidos
2009-05-03 22:58 . 2009-02-14 19:26 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-05-03 22:58 . 2009-02-14 19:25 -------- d-----w c:\program files\DAEMON Tools Lite
2009-05-03 22:58 . 2008-12-02 17:04 -------- d-----w c:\program files\Freeze.com
2009-05-03 22:58 . 2008-11-22 02:44 -------- d-----w c:\program files\Google
2009-05-03 14:10 . 2009-03-23 18:10 -------- d-----w c:\program files\Unlocker
2009-04-29 20:33 . 2009-04-02 17:21 -------- d-----w c:\program files\Visual IP Trace 2008
2009-04-18 10:58 . 2008-12-22 02:38 -------- d-----w c:\program files\FrostWire
2009-04-13 15:52 . 2009-04-13 15:52 -------- d-----w c:\program files\WordWeb
2009-04-10 23:48 . 2008-12-12 18:57 66872 ----a-w c:\windows\system32\PnkBstrA.exe
2009-04-09 12:44 . 2008-11-27 15:20 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 14:32 . 2008-11-27 15:20 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 14:32 . 2008-11-27 15:20 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-06 09:02 . 2009-04-06 09:02 -------- d-----w c:\program files\Microsoft Chat
2009-04-05 23:35 . 2009-04-05 23:35 -------- d-----w c:\program files\FreeFolderHider
2009-04-05 17:50 . 2009-04-05 17:50 -------- d-----w c:\program files\Internet Chess Club
2009-04-03 12:43 . 2009-04-03 11:35 -------- d-----w c:\program files\Kontiki
2009-03-30 16:51 . 2009-03-05 23:16 -------- d-----w c:\users\bixby\AppData\Roaming\SUPERAntiSpyware.com
2009-03-30 16:50 . 2009-03-05 23:15 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-28 23:04 . 2009-03-28 23:04 -------- d-----w c:\program files\Anti-Hack
2009-03-28 18:52 . 2009-03-28 18:52 73216 ----a-w c:\windows\system32\hzrService.exe
2009-03-28 18:52 . 2009-03-28 18:52 70144 ----a-w c:\windows\system32\hzrTray.exe
2009-03-28 18:50 . 2009-03-28 18:50 -------- d-----w c:\program files\Hazard Shield
2009-03-28 18:50 . 2009-03-28 18:50 180224 ----a-w c:\windows\system32\pausep.exe
2009-03-26 10:03 . 2009-01-18 22:34 -------- d-----w c:\program files\ToggleEN
2009-03-26 10:03 . 2008-12-05 15:15 -------- d-----w c:\program files\free-downloads.net
2009-03-24 18:06 . 2008-11-21 11:19 -------- d-----w c:\program files\BitTorrent
2009-03-21 01:22 . 2009-03-21 01:22 -------- d-----w c:\program files\NCT
2009-03-20 16:08 . 2009-03-20 00:03 878080 ----a-w c:\windows\system32\iconv.dll
2009-03-20 16:08 . 2009-03-20 00:03 721920 ----a-w c:\windows\system32\libxml2.dll
2009-03-20 16:08 . 2009-03-20 00:03 51200 ----a-w c:\windows\system32\libexslt.dll
2009-03-20 16:08 . 2009-03-20 00:03 150016 ----a-w c:\windows\system32\libxslt.dll
2009-03-20 13:36 . 2009-03-20 13:36 -------- d-----w c:\program files\Perfect Uninstaller
2009-03-20 00:42 . 2009-03-20 00:42 93 ----a-w c:\users\bixby\AppData\Local\fusioncache.dat
2009-03-19 23:59 . 2009-03-19 23:59 163840 ----a-r c:\windows\system32\_ISUSER.DLL
2009-03-12 14:50 . 2009-03-12 14:50 0 ----a-w c:\windows\nsreg.dat
2009-03-12 14:23 . 2008-12-12 18:57 139096 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-03-12 14:22 . 2008-12-12 18:57 202008 ----a-w c:\windows\system32\PnkBstrB.exe
2009-03-10 07:54 . 2007-12-25 11:45 997912 ----a-w c:\windows\system32\igxpun.exe
2009-03-08 11:34 . 2009-03-20 20:03 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-03-20 20:03 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-03-20 20:03 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-03-20 20:03 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-03-20 20:03 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-03-20 20:03 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-03-20 20:03 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-03-20 20:03 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-03-20 20:03 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-03-20 20:03 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-03-20 20:03 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-03-20 20:03 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-03-20 20:03 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-03-20 20:03 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-03-20 20:03 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-03-20 20:03 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-03-20 20:03 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-03-20 20:03 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-04 22:22 . 2008-11-22 03:58 262144 ----a-w C:\ntuser.dat
2009-03-02 23:42 . 2008-12-20 16:55 680 ----a-w c:\users\bixby\AppData\Local\d3d9caps.dat
2009-03-01 18:14 . 2008-11-17 12:08 73040 ----a-w c:\users\bixby\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-26 11:57 . 2009-02-26 11:57 8198680 ----a-w c:\windows\system32\TVWSetup.exe
2009-02-26 11:57 . 2009-02-26 11:57 141848 ----a-w c:\windows\system32\igfxtray.exe
2009-02-26 11:57 . 2008-10-28 08:43 252952 ----a-w c:\windows\system32\igfxsrvc.exe
2009-02-26 11:57 . 2008-10-28 08:43 150552 ----a-w c:\windows\system32\igfxpers.exe
2009-02-26 11:57 . 2009-02-26 11:57 668696 ----a-w c:\windows\system32\igfxcfg.exe
2009-02-26 11:57 . 2009-02-26 11:57 173080 ----a-w c:\windows\system32\igfxext.exe
2009-02-26 11:57 . 2008-10-28 08:43 173592 ----a-w c:\windows\system32\hkcmd.exe
2009-02-26 11:49 . 2009-02-26 11:49 151552 ----a-w c:\windows\system32\igfxCoIn_v1666.dll
2009-02-26 11:39 . 2009-02-26 11:39 4569088 ----a-w c:\windows\system32\drivers\igdkmd32.sys
2009-02-26 11:39 . 2007-12-25 11:44 3821568 ----a-w c:\windows\system32\igdumd32.dll
2009-02-26 11:38 . 2009-02-26 11:38 1498564 ----a-w c:\windows\system32\igkrng400.bin
2009-02-26 11:34 . 2008-10-28 08:25 536576 ----a-w c:\windows\system32\igdumdx32.dll
2009-02-26 11:26 . 2008-12-23 10:33 2576384 ----a-w c:\windows\system32\igd10umd32.dll
2009-02-26 11:16 . 2009-02-26 11:16 2674688 ----a-w c:\windows\system32\ig4dev32.dll
2009-02-26 11:16 . 2009-02-26 11:16 4112384 ----a-w c:\windows\system32\ig4icd32.dll
2009-02-26 11:05 . 2007-12-25 11:44 257536 ----a-w c:\windows\system32\igfxTMM.dll
2009-02-26 11:05 . 2009-02-26 11:05 59392 ----a-w c:\windows\system32\oemdspif.dll
2009-02-26 11:04 . 2009-02-26 11:04 200192 ----a-w c:\windows\system32\igfxpph.dll
2009-02-26 11:04 . 2009-02-26 11:04 23552 ----a-w c:\windows\system32\igfxexps.dll
2009-02-26 11:04 . 2007-12-25 11:44 51712 ----a-w c:\windows\system32\igfxsrvc.dll
2009-02-26 11:04 . 2009-02-26 11:04 130048 ----a-w c:\windows\system32\igfxdo.dll
2009-02-26 11:03 . 2007-12-25 11:44 94208 ----a-w c:\windows\system32\hccutils.dll
2009-02-26 11:03 . 2009-02-26 11:03 5702656 ----a-w c:\windows\system32\igfxress.dll
2009-02-26 11:03 . 2007-12-25 11:44 210432 ----a-w c:\windows\system32\igfxdev.dll
2009-02-26 10:02 . 2007-12-25 11:45 319456 ----a-w c:\windows\system32\difxapi.dll
2009-02-15 00:45 . 2009-02-15 00:44 2788800 ----a-w c:\program files\FLV PlayerFCSetup.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-05-15_11.27.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-30 01:15 . 2009-03-31 18:20 97672 c:\windows\System32\ZoneLabs\zlquarantine.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 97672 c:\windows\System32\ZoneLabs\zlquarantine.dll
+ 2009-05-15 12:27 . 2008-11-29 08:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe
- 2009-04-30 01:15 . 2008-11-29 08:19 65424 c:\windows\System32\ZoneLabs\vsdrinst.exe
- 2009-04-30 01:15 . 2009-03-31 18:21 94088 c:\windows\System32\ZoneLabs\lib\zvpn.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 94088 c:\windows\System32\ZoneLabs\lib\zvpn.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 20360 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 20360 c:\windows\System32\ZoneLabs\lib\zsys.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 59272 c:\windows\System32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 59272 c:\windows\System32\ZoneLabs\lib\zpdp.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 14216 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 14216 c:\windows\System32\ZoneLabs\lib\zmenu.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 24968 c:\windows\System32\ZoneLabs\lib\zic.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 24968 c:\windows\System32\ZoneLabs\lib\zic.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 84872 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 84872 c:\windows\System32\ZoneLabs\lib\ZAlert.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 34696 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 34696 c:\windows\System32\ZoneLabs\lib\UpdateUI.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1488.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1488.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1487.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1487.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1486.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1486.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 19336 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 19336 c:\windows\System32\ZoneLabs\lib\oem_1466.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1460.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 10120 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 10120 c:\windows\System32\ZoneLabs\lib\oem_1454.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1445.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 14216 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 14216 c:\windows\System32\ZoneLabs\lib\oem_1440.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 12168 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 12168 c:\windows\System32\ZoneLabs\lib\oem_1413.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 11144 c:\windows\System32\ZoneLabs\lib\oem_1010.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 29576 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 29576 c:\windows\System32\ZoneLabs\lib\NavBar.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 12168 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 12168 c:\windows\System32\ZoneLabs\lib\MainLoop.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 35720 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 35720 c:\windows\System32\ZoneLabs\lib\Alert.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 38280 c:\windows\System32\ZoneLabs\featuremap.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 38280 c:\windows\System32\ZoneLabs\featuremap.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 98184 c:\windows\System32\ZoneLabs\fbl.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 98184 c:\windows\System32\ZoneLabs\fbl.dll
- 2009-04-30 01:16 . 2009-03-31 18:20 74632 c:\windows\System32\ZoneLabs\camupd.dll
+ 2009-05-15 12:29 . 2009-03-31 18:20 74632 c:\windows\System32\ZoneLabs\camupd.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 90112 c:\windows\System32\ZoneLabs\avsys\prremote.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 90112 c:\windows\System32\ZoneLabs\avsys\prremote.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 38400 c:\windows\System32\ZoneLabs\avsys\FSSync.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 38400 c:\windows\System32\ZoneLabs\avsys\FSSync.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 77824 c:\windows\System32\ZoneLabs\avsys\CKAHComm.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 77824 c:\windows\System32\ZoneLabs\avsys\CKAHComm.dll
+ 2009-05-15 12:32 . 2009-05-15 14:46 58924 c:\windows\System32\ZoneLabs\avsys\bases\sfdb.dat
+ 2009-05-15 12:28 . 2006-06-30 13:47 21568 c:\windows\System32\ZoneLabs\avsys\bases\avcmhk4.dll
- 2009-04-30 01:16 . 2006-06-30 13:47 21568 c:\windows\System32\ZoneLabs\avsys\bases\avcmhk4.dll
+ 2009-05-15 12:28 . 2007-06-19 19:39 65248 c:\windows\System32\ZoneLabs\avsys\bases\aphish.dat
- 2009-04-30 01:16 . 2007-06-19 19:39 65248 c:\windows\System32\ZoneLabs\avsys\bases\aphish.dat
+ 2009-05-15 12:28 . 2009-03-31 18:20 69000 c:\windows\System32\zlcomm.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 69000 c:\windows\System32\zlcomm.dll
+ 2007-12-25 11:42 . 2009-05-15 12:35 44422 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-11-17 12:08 . 2009-05-15 12:35 10850 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-438931435-1916302650-4023391876-1000_UserData.bin
- 2009-04-30 01:15 . 2009-03-31 18:20 35208 c:\windows\System32\vswmi.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 35208 c:\windows\System32\vswmi.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 58248 c:\windows\System32\vsregexp.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 58248 c:\windows\System32\vsregexp.dll
+ 2008-11-17 12:04 . 2009-05-15 12:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-11-17 12:04 . 2009-05-15 11:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-11-17 12:04 . 2009-05-15 12:32 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-17 12:04 . 2009-05-15 11:14 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-11-17 12:04 . 2009-05-15 11:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-11-17 12:04 . 2009-05-15 12:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 10:25 . 2009-05-15 12:27 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-05-04 00:28 86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2009-05-15 12:27 51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2009-05-04 00:30 51200 c:\windows\inf\infpub.dat
+ 2009-05-15 12:28 . 2007-06-19 19:39 1628 c:\windows\System32\ZoneLabs\avsys\bases\pdmkl.dat
- 2009-04-30 01:16 . 2007-06-19 19:39 1628 c:\windows\System32\ZoneLabs\avsys\bases\pdmkl.dat
- 2009-05-15 10:40 . 2009-05-15 11:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-15 12:32 . 2009-05-15 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-15 12:32 . 2009-05-15 12:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-15 10:40 . 2009-05-15 11:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-04-30 01:15 . 2009-03-31 18:20 108424 c:\windows\System32\ZoneLabs\zlupdate.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 108424 c:\windows\System32\ZoneLabs\zlupdate.dll
- 2009-04-30 01:16 . 2009-03-31 18:20 302472 c:\windows\System32\ZoneLabs\zlsre.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 302472 c:\windows\System32\ZoneLabs\zlsre.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 178568 c:\windows\System32\ZoneLabs\zlparser.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 178568 c:\windows\System32\ZoneLabs\zlparser.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 172936 c:\windows\System32\ZoneLabs\vsvault.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 172936 c:\windows\System32\ZoneLabs\vsvault.dll
- 2009-04-30 01:14 . 2009-03-31 18:20 108424 c:\windows\System32\ZoneLabs\vsdb.dll
+ 2009-05-15 12:26 . 2009-03-31 18:20 108424 c:\windows\System32\ZoneLabs\vsdb.dll
- 2009-04-30 01:15 . 2009-03-31 18:22 293528 c:\windows\System32\ZoneLabs\vsdatant.sys
+ 2009-05-15 12:27 . 2009-03-31 18:22 293528 c:\windows\System32\ZoneLabs\vsdatant.sys
+ 2009-05-15 12:28 . 2007-01-11 16:48 286787 c:\windows\System32\ZoneLabs\updtrsdk.dll
- 2009-04-30 01:16 . 2007-01-11 16:48 286787 c:\windows\System32\ZoneLabs\updtrsdk.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 176520 c:\windows\System32\ZoneLabs\updclient.exe
+ 2009-05-15 12:28 . 2009-03-31 18:20 176520 c:\windows\System32\ZoneLabs\updclient.exe
- 2009-04-30 01:15 . 2007-10-11 15:51 832984 c:\windows\System32\ZoneLabs\updating.dll
+ 2009-05-15 12:28 . 2007-10-11 15:51 832984 c:\windows\System32\ZoneLabs\updating.dll
- 2009-04-30 01:16 . 2006-09-04 19:59 503875 c:\windows\System32\ZoneLabs\upd_core.dll
+ 2009-05-15 12:28 . 2006-09-04 19:59 503875 c:\windows\System32\ZoneLabs\upd_core.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 431496 c:\windows\System32\ZoneLabs\ssleay32.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 431496 c:\windows\System32\ZoneLabs\ssleay32.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 134536 c:\windows\System32\ZoneLabs\scheduler.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 134536 c:\windows\System32\ZoneLabs\scheduler.dll
+ 2009-05-15 12:28 . 2008-11-17 01:23 796128 c:\windows\System32\ZoneLabs\qrsrecl.dll
- 2009-04-30 01:16 . 2008-11-17 01:23 796128 c:\windows\System32\ZoneLabs\qrsrecl.dll
+ 2009-05-15 12:28 . 2008-11-17 01:23 722400 c:\windows\System32\ZoneLabs\qrbase.dll
- 2009-04-30 01:15 . 2008-11-17 01:23 722400 c:\windows\System32\ZoneLabs\qrbase.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 118664 c:\windows\System32\ZoneLabs\lib\zui.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 118664 c:\windows\System32\ZoneLabs\lib\zui.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 151944 c:\windows\System32\ZoneLabs\lib\ztv.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 151944 c:\windows\System32\ZoneLabs\lib\ztv.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 188808 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 188808 c:\windows\System32\ZoneLabs\lib\Overview.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 354696 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 354696 c:\windows\System32\ZoneLabs\lib\LicenseUI.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 136584 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 136584 c:\windows\System32\ZoneLabs\lib\DashBoard.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 344456 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 344456 c:\windows\System32\ZoneLabs\lib\ConfigWizard.zip.dll
+ 2009-05-15 12:26 . 2009-02-04 17:27 548128 c:\windows\System32\ZoneLabs\icslta.dll
- 2009-04-30 01:14 . 2009-02-04 17:27 548128 c:\windows\System32\ZoneLabs\icslta.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 159112 c:\windows\System32\ZoneLabs\httpblocker.dll
- 2009-04-30 01:16 . 2009-03-31 18:20 159112 c:\windows\System32\ZoneLabs\httpblocker.dll
+ 2009-05-15 12:29 . 2008-03-17 15:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll
- 2009-04-30 01:16 . 2008-03-17 15:52 813568 c:\windows\System32\ZoneLabs\dbghelp.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 143360 c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
- 2009-04-30 01:15 . 2009-03-31 16:18 143360 c:\windows\System32\ZoneLabs\avsys\ScanningProcess.exe
+ 2009-05-15 12:28 . 2009-03-31 16:18 184320 c:\windows\System32\ZoneLabs\avsys\prloader.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 184320 c:\windows\System32\ZoneLabs\avsys\prloader.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 626688 c:\windows\System32\ZoneLabs\avsys\msvcr80.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 626688 c:\windows\System32\ZoneLabs\avsys\msvcr80.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 548864 c:\windows\System32\ZoneLabs\avsys\msvcp80.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 548864 c:\windows\System32\ZoneLabs\avsys\msvcp80.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 274432 c:\windows\System32\ZoneLabs\avsys\kave.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 274432 c:\windows\System32\ZoneLabs\avsys\kave.dll
+ 2009-05-15 12:28 . 2006-09-19 22:12 208960 c:\windows\System32\ZoneLabs\avsys\inv.dll
- 2009-04-30 01:16 . 2006-09-19 22:12 208960 c:\windows\System32\ZoneLabs\avsys\inv.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 331776 c:\windows\System32\ZoneLabs\avsys\CKAHUM.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 331776 c:\windows\System32\ZoneLabs\avsys\CKAHUM.dll
- 2009-04-30 01:16 . 2009-03-31 16:18 110592 c:\windows\System32\ZoneLabs\avsys\CKAHrule.dll
+ 2009-05-15 12:28 . 2009-03-31 16:18 110592 c:\windows\System32\ZoneLabs\avsys\CKAHrule.dll
- 2009-04-30 01:16 . 2009-03-31 18:20 404872 c:\windows\System32\ZoneLabs\av.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 404872 c:\windows\System32\ZoneLabs\av.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 103816 c:\windows\System32\zlcommdb.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 103816 c:\windows\System32\zlcommdb.dll
+ 2006-11-02 13:05 . 2009-05-15 12:35 121456 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-15 12:28 . 2009-03-31 18:20 109960 c:\windows\System32\vsxml.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 109960 c:\windows\System32\vsxml.dll
- 2009-04-30 01:14 . 2009-03-31 18:20 482184 c:\windows\System32\vsutil.dll
+ 2009-05-15 12:26 . 2009-03-31 18:20 482184 c:\windows\System32\vsutil.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 309640 c:\windows\System32\vspubapi.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 309640 c:\windows\System32\vspubapi.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 107400 c:\windows\System32\vsmonapi.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 107400 c:\windows\System32\vsmonapi.dll
+ 2009-05-15 12:26 . 2009-03-31 18:20 229256 c:\windows\System32\vsinit.dll
- 2009-04-30 01:14 . 2009-03-31 18:20 229256 c:\windows\System32\vsinit.dll
+ 2009-05-15 12:27 . 2009-03-31 18:20 110472 c:\windows\System32\vsdata.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 110472 c:\windows\System32\vsdata.dll
- 2009-04-30 01:15 . 2009-03-31 18:22 293528 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_48423f99\vsdatant.sys
+ 2009-05-15 12:27 . 2009-03-31 18:22 293528 c:\windows\System32\DriverStore\FileRepository\vsdatant.inf_48423f99\vsdatant.sys
+ 2009-05-15 12:28 . 2009-03-31 16:18 150544 c:\windows\System32\drivers\klif.sys
- 2009-04-30 01:16 . 2009-03-31 16:18 150544 c:\windows\System32\drivers\klif.sys
+ 2009-03-08 14:05 . 2009-05-15 11:42 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-03-08 14:05 . 2009-05-13 09:46 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2006-11-02 10:25 . 2009-05-15 12:27 143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2009-05-04 00:30 143360 c:\windows\inf\infstrng.dat
+ 2009-05-15 12:28 . 2009-03-31 18:20 1648520 c:\windows\System32\ZoneLabs\vsruledb.dll
- 2009-04-30 01:15 . 2009-03-31 18:20 1648520 c:\windows\System32\ZoneLabs\vsruledb.dll
+ 2009-05-15 12:28 . 2009-03-31 18:20 2404232 c:\windows\System32\ZoneLabs\vsmon.exe
- 2009-04-30 01:15 . 2009-03-31 18:20 2404232 c:\windows\System32\ZoneLabs\vsmon.exe
+ 2009-05-15 12:28 . 2008-11-17 01:23 1512928 c:\windows\System32\ZoneLabs\srescan.dll
- 2009-04-30 01:16 . 2008-11-17 01:23 1512928 c:\windows\System32\ZoneLabs\srescan.dll
- 2009-04-30 01:15 . 2009-03-31 18:21 1536392 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll
+ 2009-05-15 12:28 . 2009-03-31 18:21 1536392 c:\windows\System32\ZoneLabs\lib\zpy.zip.dll
- 2009-04-30 01:16 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\zlasdbup.dat
+ 2009-05-15 12:29 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\zlasdbup.dat
+ 2009-05-15 12:28 . 2008-12-15 00:11 10465257 c:\windows\System32\ZoneLabs\spyware.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2008-11-23 23:03 1784856 ----a-w c:\program files\ToggleEN\tbTogg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2008-06-15 20:50 1571864 ----a-w c:\program files\Freecorder\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 14:04 398768 ----a-w c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ecdee021-0d17-467f-a1ff-c7a115230949}]
2008-09-15 06:47 1784856 ----a-w c:\program files\free-downloads.net\tbfree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ecdee021-0d17-467f-a1ff-c7a115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECDEE021-0D17-467F-A1FF-C7A115230949}"= "c:\program files\free-downloads.net\tbfree.dll" [2008-09-15 1784856]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTogg.dll" [2008-11-23 1784856]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2008-06-15 1571864]

[HKEY_CLASSES_ROOT\clsid\{ecdee021-0d17-467f-a1ff-c7a115230949}]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-01 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-03-31 982408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 8C99888C80
"NoViewOnDrive"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Privoxy.lnk]
backup=c:\windows\pss\Privoxy.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^bixby^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
backup=c:\windows\pss\WordWeb.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-438931435-1916302650-4023391876-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6D20B0FF-EFDC-40A4-A507-821AA48896B2}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{233E9D4F-0379-4E87-81B8-9D760715E843}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EC830771-7530-4821-A33A-21E84239905C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{69851748-C30C-44AF-9263-6E89F6514E2A}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{4D24FAD2-74F3-4110-872F-DBD03CB89050}"= UDP:c:\program files\EA GAMES\MOHAA\MOHAA.exe:Medal of Honor Allied Assault
"{F7EA81E7-29E8-4339-8CF9-10F82B08BEEE}"= TCP:c:\program files\EA GAMES\MOHAA\MOHAA.exe:Medal of Honor Allied Assault
"TCP Query User{48436E88-C33E-4D33-A074-E10EE2468A6C}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{A997D9DD-20BB-4B82-AE56-291B2EF6ED10}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{F4563726-53B8-4431-8C36-1CC750466D53}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{2CD8EDE9-EF44-42A3-9066-1810716064A5}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)
"{047C8753-DE37-4C33-A81F-6CD15BEF84CD}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{40522338-8282-445A-A8CC-F9161D32F4D3}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{7F5F5361-8676-4959-BD7C-8248C27AE3BF}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A3616177-6AD4-4F07-881D-F17DE97E0E0C}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{23964805-B2DF-4F37-8EEB-7803ED60A547}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F24B037F-5540-472A-84BA-FCE2CBCF1CC9}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{D1CF865D-C014-4713-B4BD-F7A0B95F77A6}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{BD8758FF-A0F3-4889-936C-DD198AFC5D25}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{085690A6-6114-430D-BACD-6F0E46963460}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{53D1EE6A-DCB3-4E27-AB3F-E6B7398C948A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{59EE66B5-4D72-41B9-A6E3-B3F7B4E8CCC4}"= UDP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service
"{7EA369DB-7F06-4A50-A8DF-DAB8D9875A02}"= TCP:c:\windows\System32\ZoneLabs\vsmon.exe:TrueVector Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/03/2009 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/03/2009 14:07 72944]
R2 HazardShield;Hazard Shield realtime;c:\windows\System32\hzrService.exe [28/03/2009 19:52 73216]
S2 gupdate1c9b153e39301d0;Google Update Service (gupdate1c9b153e39301d0);c:\program files\Google\Update\GoogleUpdate.exe [30/03/2009 17:23 133104]
S3 LTXMD_VAC;Litex Media Virtual Audio Cable (WDM);c:\windows\System32\drivers\lmvac.sys [17/12/2008 19:52 18912]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/03/2009 14:07 7408]
S4 Disk Cleaner Service;Disk Cleaner Service;c:\program files\Disk Cleaner\DiskCleanerService.exe [25/11/2008 03:14 83256]
S4 Registry Helper Service;Registry Helper Service; [x]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\shell\AutoRun\command - F:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{028de3c0-facc-11dd-9e8e-00030d8945c2}]
\shell\AutoRun\command - G:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\CChat25.inf,PerUserRemove
.
Contents of the 'Scheduled Tasks' folder

2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]

2009-05-15 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 16:22]

2009-05-15 c:\windows\Tasks\User_Feed_Synchronization-{0D47391B-573A-4630-A610-FB9F2BCDB98F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-20 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: SYSTRAN Lookup
IE: SYSTRAN Translate
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\bixby\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
Trusted Zone: microsoft.com\v4.windowsupdate
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: microsoft.com%20https\v5.windowsupdate
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\users\bixby\AppData\Roaming\Mozilla\Firefox\Profiles\b8gqrtok.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\bixby\AppData\Roaming\Mozilla\Firefox\Profiles\b8gqrtok.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\FFAlert.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npstrlnk.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 15:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-15 15:57
ComboFix-quarantined-files.txt 2009-05-15 14:57
ComboFix2.txt 2009-05-15 11:28
ComboFix3.txt 2009-05-01 03:20

Pre-Run: 927,354,880 bytes free
Post-Run: 779,005,952 bytes free

607

# version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=4080 (20090515)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=fe59f7703df3bb4384b81f69ddf37a3a
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-05-15 07:38:31
# local_time=2009-05-15 08:38:31 (+0000, GMT Daylight Time)
# country="United Kingdom"
# osver=6.0.6001 NT Service Pack 1
# scanned=411484
# found=5
# scan_time=7121
C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper12.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper13.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper23.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper24.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000
C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper25.zip Win32/Bagle.gen.zip worm (unable to clean - deleted) 00000000000000000000000000000000

#15 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:48 AM

Posted 15 May 2009 - 04:03 PM

Hi ocean80,


I assume you have done the necessary steps as instructed in MS---> http://support.microsoft.com/?kbid=836941 and you have clean hosts file containing no sites except for what's there when Vista was installed as follows:

127.0.0.1 localhost
::1 localhost


I will give you the final shot if it can sort your thingy out hopefully. If not, I will transfer you to somewhere to troubleshoot your problem since it's not malware related. and you will be better off for continued support.

Step1

IE > Tools > Internet Options > Connections > LAN settings > then make sure everything is un-checked under "Automatic configuration" and "Use a proxy server for your lan" is un-checked under "proxy server" unless you are using a proxy server.

Step2

1. Click the Microsoft Vista Start logo in the bottom left corner of the screen
2. Click All Programs
3. Click Accessories
4. RIGHT-click on Command Prompt
5. Select Run As Administrator
6. In the command window type the following and then hit enter: ipconfig /flushdns
7. You will see the following confirmation:


Windows IP Configuration
Successfully flushed the DNS Resolver Cache.



Then, unplug the internet access, try to Obtain a DNS address automatically , After that, What I'd like you to do is a hard reset with your router if you have one. Leave it on, and there should be a little pinhole in the back of the unit. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). You may also want to ask your ISP for help in case there are custom settings that need to be maintained. When done, get internet access, proceed windows update and tell me how it goes.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users