Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacked at search engines, can't update anti-malware programs.


  • This topic is locked This topic is locked
24 replies to this topic

#1 christianullman

christianullman

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 May 2009 - 02:05 PM

Hi guys, hope you can help me. Here is an outline of my situation -

I use a Windows XP operating system.

I can't use system restore.

I can't download UPDATES for Avira, Malwarebytes, SUPERAntiSpyware - they either "time out" or won't complete. (All three programs work, and I can scan my computer with them - but I can't update any of them - my problem arose a week after downloading, and running, all three programs.)

When using Google and Yahoo! search, my browser gets hijacked and is sent to various advertisements that have nothing to do with the search query.

Computer is running slower than slow. Browser window takes forever to pop up. (I use Firefox as my browser.)

I tried to reinstall my Windows XP, but when I opened the disk, I was informed that I needed the serial number for my copy of XP (which conveniently for Microsoft, was NOT in the sealed disk envelope). So I can't reinstall Windows XP because I don't have that serial number.

I've tried about everything I can think of doing. Have downloaded several other different malware/spyware tools - none of which I can operate (they won't work, they time-out, etc. - when I tried to download an Adobe Flashplayer recently, the same thing happened, can't get it to work).

Any help you can give me would be appreciated - my DDS.txt log file appears below; my Attach.txt file is attached.

---------------


DDS (Ver_09-05-14.01) - NTFSx86
Run by Chris Ullman at 14:50:51.85 on Thu 05/28/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.222.18 [GMT -5:00]

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\PeoplePC\ISP6230\Browser\PPShared.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris Ullman\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
BHO: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\compan~1\installs\cpn\ycomp5_5_7_0.dll
TB: PeoplePal Toolbar: {a8fb8eb3-183b-4598-924d-86f0e5e37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll
TB: VMN Toolbar: {a057a204-bacc-4d26-8287-79a187e26987} - c:\progra~1\vmntoo~1\VMNTOO~1.DLL
EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Yahoo! Pager] c:\program files\yahoo!\messenger\ypager.exe -quiet
uRun: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\RegistryBooster.exe /S
uRun: [SUPERAntiSpyware] c:\program files\squidbilly\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [DXDllRegExe] dxdllreg.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Zone Labs Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Bart Station] c:\program files\peoplepc\isp6230\bin\PPCOLink.exe -STATION
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
dRun: [uidenhiufgsduiazghs] c:\windows\temp\htk0i.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\izonem~1.lnk - c:\program files\arcsoft\polaroid izone photobase\iZone Monitor.exe
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycdict.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - {4C171D40-8277-11D5-AD55-00010333D0AD} - c:\program files\yahoo!\messenger\yhexbmes0521.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: !SASWinLogon - c:\program files\squidbilly\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\squidbilly\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\chrisu~1\applic~1\mozilla\firefox\profiles\kox62kqp.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\squidbilly\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\squidbilly\SASKUTIL.SYS [2009-4-28 72944]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-25 279264]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\squidbilly\SASENUM.SYS [2009-4-28 7408]

=============== Created Last 30 ================

2009-05-23 18:19 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-05-23 02:59 54,156 a---h--- c:\windows\QTFont.qfn
2009-05-23 02:59 1,409 a------- c:\windows\QTFont.for
2009-05-12 15:43 <DIR> --d----- c:\program files\CA VMN Anti-Spyware
2009-05-12 15:43 <DIR> --d----- c:\docume~1\chrisu~1\applic~1\EmailNotifier
2009-05-12 15:43 <DIR> --d----- c:\docume~1\alluse~1\applic~1\EmailNotifier
2009-05-12 15:43 <DIR> --d----- c:\program files\vmntoolbar
2009-05-12 15:43 <DIR> --d----- c:\docume~1\chrisu~1\applic~1\vmntoolbar
2009-05-12 15:43 <DIR> --d----- c:\docume~1\chrisu~1\applic~1\Dynamic
2009-05-12 15:43 <DIR> --d----- c:\docume~1\chrisu~1\applic~1\Sites
2009-05-12 15:43 <DIR> --d----- c:\docume~1\chrisu~1\applic~1\SiteClasses
2009-05-12 15:43 <DIR> --d----- c:\program files\Visicom Media
2009-05-08 16:31 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-08 16:31 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-08 16:31 <DIR> --d----- c:\program files\Macaroon
2009-05-08 16:26 <DIR> --d----- c:\program files\Squidbilly
2009-05-08 16:26 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-05-05 17:08 26,000 a------- c:\windows\system32\E3TL.DLL
2009-05-05 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Zenturi
2009-05-05 16:51 <DIR> --d----- c:\documents and settings\chris ullman\.housecall6.6
2009-05-05 16:10 <DIR> --d----- C:\!KillBox
2009-05-04 17:43 89,088 a------- c:\windows\system32\atl71.dll
2009-05-04 17:43 4,224 a------- c:\windows\system32\dllcache\beep.sys
2009-05-04 17:43 <DIR> --d----- c:\program files\Remove-it
2009-05-02 13:50 1 a------- c:\windows\system32\uniq.tll
2009-05-02 13:50 22,538 a------- c:\windows\system32\lmppcsetup.exe

==================== Find3M ====================

2009-05-05 15:29 330,410 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-04 22:26 84,365 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2002-07-31 19:55 104 ---sh--- c:\windows\WSYS049.SYS

============= FINISH: 14:51:31.85 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 29 May 2009 - 02:09 PM

Hello christianullman

Welcome to BleepingComputer :thumbup2:
========================
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

Edited by kahdah, 29 May 2009 - 02:09 PM.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#3 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 May 2009 - 07:02 PM

Thanks for the advice, but...I cannot rename anything that I download. My computer will not let me.

I am only given the option to save the download "as is" (as named), or cancel it. I am not given the option to save the download using a different name.

Again, thanks for the suggestion to download ComboFix but that won't solve my problem.

(FYI: I tried downloading ComboFix without changing its name, and it wouldn't work after I downloaded it. So...suggesting I download something else won't help me here.)

Perhaps someone can check out my DDS logs and spot the culprit?

Any help would be appreciated...thank you very much.

#4 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 29 May 2009 - 07:14 PM

In order to fully diagnose your logs I need to see more.
See if you can download these.

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#5 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 29 May 2009 - 10:33 PM

Hey, thank you for your help, kahdah! I appreciate you taking the time.

I followed your instructions regarding the downloads and scans...here are the logs for the two scans that you instructed me to run -

OTLtxt log:

OTL logfile created on: 5/28/2009 9:42:32 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Chris Ullman\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.42 Mb Total Physical Memory | 52.48 Mb Available Physical Memory | 23.60% Memory free
545.46 Mb Paging File | 353.45 Mb Available in Paging File | 64.80% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 27.44 Gb Free Space | 73.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISNOTEBOOK
Current User Name: Chris Ullman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
PRC - C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
PRC - C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Zone Labs Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
PRC - C:\Program Files\PeoplePC\ISP6230\Browser\Bartshel.exe (PeoplePC)
PRC - C:\Program Files\PeoplePC\ISP6230\Browser\PPShared.exe (PeoplePC)
PRC - C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Chris Ullman\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqwmi [On_Demand | Stopped]) -- C:\Program Files\HPQ\SHARED\HPQWMI.exe (Hewlett-Packard Development Company, L.P.)
SRV - (iPodService [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Computer, Inc.)
SRV - (vsmon [Auto | Running]) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Zone Labs Inc.)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcmwl5.sys (Broadcom Corporation)
DRV - (CAMCAUD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camcaud.sys (Conexant Systems Inc.)
DRV - (CAMCHALA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\camchal.sys (Conexant Systems Inc.)
DRV - (eabfiltr [System | Running]) -- C:\WINDOWS\system32\drivers\EABFiltr.sys (Hewlett-Packard Company)
DRV - (eabusb [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\eabusb.sys (Hewlett-Packard Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HSFHWICH [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (RTL8023 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtlnic51.sys (Realtek Semiconductor Corporation )
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\Squidbilly\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\Squidbilly\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\Squidbilly\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys ()
DRV - (SMCIRDA [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\smcirda.sys (SMC)
DRV - (SynTP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys (Synaptics, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (vsdatant [System | Running]) -- C:\WINDOWS\System32\vsdatant.sys (Zone Labs Inc.)
DRV - (w22n51 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\w22n51.sys (Intel® Corporation)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\wA301a.sys (Intel Corporation)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {34B3AB76-2344-4AB7-AC57-2DDF8B63C917}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.7

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/01 20:25:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/27 15:05:38 | 00,000,000 | ---D | M]

[2009/03/19 17:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mozilla\Extensions
[2009/03/19 17:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/12/09 10:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mozilla\Firefox\Profiles\91fel2ku.Default User\extensions
[2005/12/09 10:11:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mozilla\Firefox\Profiles\91fel2ku.Default User\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/27 15:04:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mozilla\Firefox\Profiles\kox62kqp.default\extensions
[2009/05/27 22:12:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/05/02 03:31:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{34B3AB76-2344-4AB7-AC57-2DDF8B63C917}
[2009/04/01 00:36:04 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/19 20:43:33 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/19 20:43:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/02/19 14:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 14:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/02/19 14:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 14:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/02/19 14:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 14:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 14:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (610580 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.pctipp.ch
O1 - Hosts: 127.0.0.1 pctipp.ch
O1 - Hosts: 127.0.0.1 www.raymond.cc
O1 - Hosts: 127.0.0.1 raymond.cc
O1 - Hosts: 127.0.0.1 www.claymania.com
O1 - Hosts: 127.0.0.1 claymania.com
O1 - Hosts: 127.0.0.1 www.elephantboycomputers.com
O1 - Hosts: 127.0.0.1 elephantboycomputers.com
O1 - Hosts: 127.0.0.1 www.it-mate.co.uk
O1 - Hosts: 127.0.0.1 it-mate.co.uk
O1 - Hosts: 127.0.0.1 mysteryfcm.co.uk
O1 - Hosts: 127.0.0.1 www.mysteryfcm.co.uk
O1 - Hosts: 127.0.0.1 www.internetinspiration.co.uk
O1 - Hosts: 127.0.0.1 internetinspiration.co.uk
O1 - Hosts: 127.0.0.1 www.mvps.org
O1 - Hosts: 127.0.0.1 mvps.org
O1 - Hosts: 127.0.0.1 bughunter.it-mate.co.uk
O1 - Hosts: 127.0.0.1 www.bughunter.it-mate.co.uk
O1 - Hosts: 127.0.0.1 www.siri.geekstogo.com
O1 - Hosts: 127.0.0.1 siri.geekstogo.com
O1 - Hosts: 127.0.0.1 siri.urz.free.fr
O1 - Hosts: 127.0.0.1 www.siri.urz.free.fr
O1 - Hosts: 127.0.0.1 noahdfear.geekstogo.com
O1 - Hosts: 127.0.0.1 www.noahdfear.geekstogo.com
O1 - Hosts: 16272 more lines...
O2 - BHO: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (VMN Toolbar) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKLM\..\Toolbar: (PeoplePal Toolbar) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll (PeoplePC)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-8287-79A187E26987} - C:\Program Files\vmntoolbar\vmntoolbar.dll (Visicom Media Inc. )
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A8FB8EB3-183B-4598-924D-86F0E5E37085} - c:\program files\peoplepc\toolbar\ppctoolbar.dll (PeoplePC)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Bart Station] C:\Program Files\PeoplePC\ISP6230\BIN\PPCOLink.exe -STATION (PeoplePC)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe ()
O4 - HKLM..\Run: [DXDllRegExe] dxdllreg.exe File not found
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start (Hewlett-Packard )
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe" (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe ()
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" (Zone Labs Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\Squidbilly\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\iZone Monitor.lnk = C:\Program Files\ArcSoft\Polaroid iZone PhotoBase\iZone Monitor.exe (Arcsoft Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (Yahoo! Inc.)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [Tcpip] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [NTDS] - C:\WINDOWS\System32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [Network Location Awareness (NLA) Namespace] - C:\WINDOWS\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\system32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\system32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\Squidbilly\SASWINLO.dll - C:\Program Files\Squidbilly\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\system32\WlNotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O27 - HKLM IFEO\Your Image File Name Here without a path: Debugger - C:\WINDOWS\System32\ntsd.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\Squidbilly\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{151999a4-123c-11dd-898d-00904bb450d8}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{151999a4-123c-11dd-898d-00904bb450d8}\Shell\AutoRun\command - "" = E:\autorun.exe -- File not found
O33 - MountPoints2\{151999a4-123c-11dd-898d-00904bb450d8}\Shell\phone\command - "" = E:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/05/28 21:34:00 | 00,000,000 | ---D | M]
O34 - HKLM BootExecute: (MACHINE) - File not found
O34 - HKLM BootExecute: (BootExecut) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/05/28 21:33:55 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\xhcdo5ou.exe
[2009/05/28 21:32:57 | 00,501,760 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Chris Ullman\Desktop\OTL.exe
[2009/05/28 21:27:06 | 00,013,868 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Slave Article.rtf
[2009/05/28 19:55:01 | 00,001,517 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\My Documents\New Post Forum.rtf
[2009/05/28 19:54:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/28 19:54:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/28 15:06:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Desktop\Malware Problem
[2009/05/28 14:12:14 | 00,093,960 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Part 4.rtf
[2009/05/28 14:11:42 | 00,143,537 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 3.rtf
[2009/05/28 14:11:04 | 00,239,084 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 2.rtf
[2009/05/28 14:10:34 | 00,079,306 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 1.rtf
[2009/05/28 14:09:50 | 00,005,705 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Acknowledgments.rtf
[2009/05/28 14:09:08 | 00,004,048 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Foreword.rtf
[2009/05/28 02:00:33 | 00,000,210 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Where You Left Off.rtf
[2009/05/27 22:18:16 | 00,002,137 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Friday Tasks.rtf
[2009/05/27 18:19:06 | 00,000,728 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Business Card.rtf
[2009/05/27 16:10:26 | 00,000,501 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Kinkos Tasks.rtf
[2009/05/26 13:46:05 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Take Wand's Site Down.rtf
[2009/05/25 22:33:46 | 00,000,555 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Sites to Feature on CMU.rtf
[2009/05/25 12:42:35 | 00,000,724 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Corlive Account Info.rtf
[2009/05/25 12:32:10 | 00,000,340 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Alternative to Form Email.rtf
[2009/05/24 12:59:11 | 00,000,246 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\My Documents\View This.rtf
[2009/05/24 00:20:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Desktop\123 Pitch Folder
[2009/05/23 18:19:33 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/05/23 02:59:00 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/05/23 02:59:00 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/05/21 20:55:49 | 00,000,648 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Sign Up for Facebook and MySpace.rtf
[2009/05/21 17:01:52 | 00,001,316 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Good Pub Norcross.rtf
[2009/05/21 13:19:20 | 00,001,126 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Naylor Email Forms.rtf
[2009/05/20 18:07:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\My Documents\New Folder (2)
[2009/05/19 18:22:30 | 00,000,403 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Call Pru Agents.rtf
[2009/05/18 16:34:58 | 00,005,053 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Upcoming Networking Events.rtf
[2009/05/17 18:04:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Desktop\Real Estate Stuff
[2009/05/17 17:35:16 | 00,000,198 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Wifi Password.rtf
[2009/05/17 17:22:37 | 00,000,366 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Transfer Moi's Domain.rtf
[2009/05/12 16:08:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\FileZilla
[2009/05/12 16:08:18 | 00,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client
[2009/05/12 15:43:56 | 00,000,000 | ---D | C] -- C:\Program Files\CA VMN Anti-Spyware
[2009/05/12 15:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\EmailNotifier
[2009/05/12 15:43:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2009/05/12 15:43:44 | 00,000,000 | ---D | C] -- C:\Program Files\vmntoolbar
[2009/05/12 15:43:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\vmntoolbar
[2009/05/12 15:43:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\Dynamic
[2009/05/12 15:43:26 | 00,012,800 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Application Data\Settings.cfg
[2009/05/12 15:43:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\Sites
[2009/05/12 15:43:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Application Data\SiteClasses
[2009/05/12 15:43:06 | 00,000,000 | ---D | C] -- C:\Program Files\Visicom Media
[2009/05/08 17:22:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Desktop\Computer Security
[2009/05/08 16:31:06 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/08 16:31:03 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/08 16:31:00 | 00,000,000 | ---D | C] -- C:\Program Files\Macaroon
[2009/05/08 16:26:55 | 00,000,000 | ---D | C] -- C:\Program Files\Squidbilly
[2009/05/08 16:26:00 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/05/08 00:38:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Chris Ullman\Desktop\unfreez
[2009/05/07 17:35:37 | 00,000,221 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Pay Rent Thursday.rtf
[2009/05/05 17:25:02 | 00,000,268 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Post Problems Here.rtf
[2009/05/05 17:08:11 | 00,026,000 | ---- | C] () -- C:\WINDOWS\System32\E3TL.DLL
[2009/05/05 17:07:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/05/05 16:10:57 | 00,000,000 | ---D | C] -- C:\!KillBox
[2009/05/05 16:10:38 | 00,092,672 | ---- | C] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Chris Ullman\Desktop\KillBox.exe
[2009/05/04 17:43:57 | 00,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\atl71.dll
[2009/05/04 17:43:57 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/05/04 17:43:52 | 00,000,000 | ---D | C] -- C:\Program Files\Remove-it
[2009/05/02 13:50:56 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/02 13:50:29 | 00,022,538 | ---- | C] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/30 16:37:21 | 02,430,976 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\My Documents\Jessica Auria Rockstar Puppy.tlx
[2009/04/29 16:31:25 | 00,001,550 | ---- | C] () -- C:\Documents and Settings\Chris Ullman\Desktop\Next Five Tasks.rtf
[2008/09/30 18:35:31 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2008/08/13 01:51:26 | 00,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/08/13 01:51:25 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/04/24 23:33:13 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2008/04/24 17:59:06 | 00,000,084 | ---- | C] () -- C:\WINDOWS\CCWVform.ini
[2008/04/23 19:16:10 | 00,000,078 | ---- | C] () -- C:\WINDOWS\pwkforms.ini
[2008/04/22 14:12:04 | 00,000,082 | ---- | C] () -- C:\WINDOWS\forminfo.ini
[2008/04/22 13:51:27 | 00,000,104 | -HS- | C] () -- C:\WINDOWS\WSYS049.SYS
[2005/02/23 01:27:01 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/01/26 01:46:40 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2004/08/07 08:39:38 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 08:30:20 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 08:18:30 | 00,000,461 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/07 01:07:42 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 03:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/05/03 21:33:56 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2003/05/03 21:28:01 | 00,000,894 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2003/05/03 21:16:04 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/05/03 21:10:22 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[2009/05/28 21:34:00 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\xhcdo5ou.exe
[2009/05/28 21:33:06 | 00,501,760 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Chris Ullman\Desktop\OTL.exe
[2009/05/28 21:27:07 | 00,013,868 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Slave Article.rtf
[2009/05/28 19:55:01 | 00,001,517 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\New Post Forum.rtf
[2009/05/28 19:25:47 | 00,000,890 | -H-- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/05/28 19:24:33 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Chris Ullman\Local Settings\desktop.ini
[2009/05/28 19:24:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/28 19:24:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/28 19:24:26 | 23,329,5872 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/28 15:40:19 | 00,000,728 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Business Card.rtf
[2009/05/28 15:39:52 | 27,649,536 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Chris Ullman Substitute Site.tlx
[2009/05/28 15:24:31 | 00,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2009/05/28 14:12:14 | 00,093,960 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Part 4.rtf
[2009/05/28 14:11:42 | 00,143,537 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 3.rtf
[2009/05/28 14:11:04 | 00,239,084 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 2.rtf
[2009/05/28 14:10:36 | 00,079,306 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Pt. 1.rtf
[2009/05/28 14:09:50 | 00,005,705 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Acknowledgments.rtf
[2009/05/28 14:09:08 | 00,004,048 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Plot Foreword.rtf
[2009/05/28 03:03:59 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Friday Tasks.rtf
[2009/05/28 02:00:33 | 00,000,210 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Where You Left Off.rtf
[2009/05/27 18:05:33 | 05,350,912 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\123savebig.com Pitch Page.tlx
[2009/05/27 16:10:42 | 00,000,501 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Kinkos Tasks.rtf
[2009/05/27 00:53:47 | 26,656,768 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Moi's Web Site.tlx
[2009/05/27 00:27:47 | 01,417,728 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Bethani Web Site.tlx
[2009/05/26 21:24:22 | 00,000,221 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Pay Rent Thursday.rtf
[2009/05/26 13:46:05 | 00,000,187 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Take Wand's Site Down.rtf
[2009/05/26 03:48:22 | 02,430,976 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Jessica Auria Rockstar Puppy.tlx
[2009/05/25 22:33:46 | 00,000,555 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Sites to Feature on CMU.rtf
[2009/05/25 12:42:35 | 00,000,724 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Corlive Account Info.rtf
[2009/05/25 12:32:10 | 00,000,340 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Alternative to Form Email.rtf
[2009/05/24 12:59:17 | 00,000,246 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\View This.rtf
[2009/05/23 23:45:12 | 00,001,316 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Good Pub Norcross.rtf
[2009/05/23 20:10:33 | 00,005,053 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Upcoming Networking Events.rtf
[2009/05/23 02:59:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/05/23 02:59:00 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/05/22 22:56:18 | 00,000,648 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Sign Up for Facebook and MySpace.rtf
[2009/05/21 19:26:57 | 02,003,456 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Naylor Team Relocation Site.tlx
[2009/05/21 19:25:25 | 00,001,126 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Naylor Email Forms.rtf
[2009/05/20 23:12:46 | 00,001,550 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Next Five Tasks.rtf
[2009/05/20 22:34:34 | 00,227,208 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/05/19 18:22:30 | 00,000,403 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Call Pru Agents.rtf
[2009/05/17 23:26:16 | 01,961,472 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Greg Mancini Web Site.tlx
[2009/05/17 23:21:32 | 01,193,984 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Crystal Clear Web Site.tlx
[2009/05/17 23:16:43 | 01,961,472 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Amy Maynard Web Site 2.tlx
[2009/05/17 23:15:05 | 01,961,472 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Amy Maynard Web Site.tlx
[2009/05/17 22:59:28 | 12,859,904 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Oregon Home Builders Site.tlx
[2009/05/17 17:42:59 | 00,000,366 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Transfer Moi's Domain.rtf
[2009/05/17 17:35:31 | 00,000,198 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Wifi Password.rtf
[2009/05/17 14:06:23 | 01,629,184 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Graham Marden's Floating Homes.tlx
[2009/05/17 05:28:01 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/05/12 16:06:08 | 00,012,800 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Application Data\Settings.cfg
[2009/05/10 13:34:49 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Placemat 3.tlx
[2009/05/05 17:25:03 | 00,000,268 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\Desktop\Post Problems Here.rtf
[2009/05/05 17:08:11 | 00,026,000 | ---- | M] () -- C:\WINDOWS\System32\E3TL.DLL
[2009/05/05 16:10:39 | 00,092,672 | ---- | M] (Option^Explicit Software vbtechcd@gmail.com) -- C:\Documents and Settings\Chris Ullman\Desktop\KillBox.exe
[2009/05/03 23:20:20 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS.PCB
[2009/05/02 13:50:56 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/05/02 13:50:29 | 00,022,538 | ---- | M] () -- C:\WINDOWS\System32\lmppcsetup.exe
[2009/04/30 23:35:55 | 37,936,128 | ---- | M] () -- C:\Documents and Settings\Chris Ullman\My Documents\Olexa Ventures.tlx

========== LOP Check ==========

[2009/05/23 18:19:33 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/23 18:19:33 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2003/05/03 21:03:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2003/05/03 21:55:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/03/14 04:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7
[2009/05/12 20:04:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EmailNotifier
[2008/04/27 04:29:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GIRDAC
[2009/03/05 23:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2005/02/20 03:45:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2003/05/03 21:13:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/07/04 21:24:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2003/05/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/03/06 01:08:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2005/05/02 23:11:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/05/05 17:07:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zenturi
[2009/05/23 19:06:25 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Chris Ullman\Application Data
[2009/02/15 01:49:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Adobe
[2005/02/06 21:05:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\AdobeUM
[2003/05/03 21:55:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Apple Computer
[2005/12/20 22:57:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Arcsoft
[2008/04/22 14:14:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\CoffeeCup Software
[2005/01/26 05:21:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Common Files
[2009/05/12 15:43:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Dynamic
[2009/05/12 15:43:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\EmailNotifier
[2009/05/12 16:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\FileZilla
[2009/02/15 01:47:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Flock
[2009/04/08 03:36:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Help
[2005/01/26 05:20:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\HP
[2003/05/03 19:24:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Identities
[2005/01/25 14:42:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\InterVideo
[2005/01/24 18:54:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Lavasoft
[2006/12/01 23:09:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Lore4More
[2006/11/28 10:38:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\LoseAgain33
[2007/03/02 21:58:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Macromedia
[2009/03/05 23:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Malwarebytes
[2009/05/05 17:07:50 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Microsoft
[2008/07/13 15:58:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\mjusbsp
[2009/03/19 17:11:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Mozilla
[2005/09/28 02:57:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\MSNInstaller
[2009/02/15 01:19:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Opera
[2009/05/12 16:06:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\SiteClasses
[2009/05/12 15:43:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Sites
[2005/05/02 23:18:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Sonic
[2003/05/03 20:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Sun
[2009/05/05 14:30:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\SUPERAntiSpyware.com
[2003/05/03 21:56:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Symantec
[2005/01/25 01:31:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Template
[2009/03/05 22:54:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Uniblue
[2009/05/27 15:08:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\vmntoolbar
[2005/02/25 17:58:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Yahoo!
[2007/12/05 21:18:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Chris Ullman\Application Data\Yahoo! Messenger
[2004/08/04 03:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/05/28 19:24:29 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========

< End of report >

---------------

Extras.txt log:

OTL Extras logfile created on: 5/28/2009 9:42:32 PM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Chris Ullman\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

222.42 Mb Total Physical Memory | 52.48 Mb Available Physical Memory | 23.60% Memory free
545.46 Mb Paging File | 353.45 Mb Available in Paging File | 64.80% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 27.44 Gb Free Space | 73.67% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHRISNOTEBOOK
Current User Name: Chris Ullman
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 (Microsoft Corporation)
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink File not found
C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{12825486-AACC-4471-A100-90D1103F9E7D}_is1" = Remove-it
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7AE05271-5CBB-48D7-9B72-FDB4FD57EA4D}" = Polaroid iZone PhotoBase
"{882F2BCD-C6A3-4D91-8A09-B2B34CB7E481}" = muvee autoProducer DVD Edition - HPH
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.00 B3
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{EB3526D4-4C7C-4F45-8303-340A23E4F950}" = HPIZFix3
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Browser Files Installation" = Browser Files Installation
"CA_VMN_antispyware" = CA VMN Anti-Spyware (remove only)
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_3080103C" = SoftV92 Data Fax Modem with SmartCP
"CoffeeCup Flash Password Wizard" = CoffeeCup Flash Password Wizard
"Conexant PCI Audio" = Conexant AC-Link Audio
"CuteSITE Builder" = CuteSITE Builder
"E.M. Easy DVD Copy_is1" = E.M. Easy DVD Copy 2.0
"FileZilla Client" = FileZilla Client 3.2.4.1
"GIRDAC Image Converter Trial" = GIRDAC Image Converter Trial
"HijackThis" = HijackThis 2.0.2
"InstallShield_{35AFD495-EC2E-4B2B-B9DB-30EEBC74049D}" = iTunes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"MSNINST" = MSN
"PeoplePC Online" = PeoplePC Online
"PeoplePC Toolbar" = PeoplePC: PeoplePal Toolbar 6.2
"QuickTime" = QuickTime
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.0
"vmntoolbar" = VMN Toolbar
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! extras
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Messenger Explorer Bar" = Yahoo! Messenger Explorer Bar
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/5/2009 2:24:58 PM | Computer Name = CHRISNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application csb.exe, version 5.0.0.150, faulting module textctl.ocx,
version 5.0.0.150, fault address 0x00005feb.

Error - 5/7/2009 5:05:18 PM | Computer Name = CHRISNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application ypager.exe, version 6.0.0.1750, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/12/2009 5:12:55 PM | Computer Name = CHRISNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 5.5.62.4, faulting module
vsruledb.dll, version 5.5.62.4, fault address 0x00038add.

Error - 5/12/2009 5:37:17 PM | Computer Name = CHRISNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application vsmon.exe, version 5.5.62.4, faulting module
vsruledb.dll, version 5.5.62.4, fault address 0x00038add.

Error - 5/13/2009 7:30:42 PM | Computer Name = CHRISNOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/14/2009 12:39:45 AM | Computer Name = CHRISNOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 6.0.2900.2180, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/17/2009 7:10:16 AM | Computer Name = CHRISNOTEBOOK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/21/2009 3:51:10 AM | Computer Name = CHRISNOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application SUPERAntiSpyware.exe, version 4.26.0.1002, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/25/2009 1:42:39 AM | Computer Name = CHRISNOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3334, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 5/27/2009 4:19:13 PM | Computer Name = CHRISNOTEBOOK | Source = Application Hang | ID = 1002
Description = Hanging application HijackThis.exe, version 2.0.0.2, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/28/2009 3:26:35 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:27:03 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:27:54 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:28:50 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:29:38 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:30:29 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:31:10 PM | Computer Name = CHRISNOTEBOOK | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.

Error - 5/28/2009 3:38:08 PM | Computer Name = CHRISNOTEBOOK | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 5/28/2009 8:30:13 PM | Computer Name = CHRISNOTEBOOK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00904BB450D8. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 5/28/2009 8:31:24 PM | Computer Name = CHRISNOTEBOOK | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00904BB450D8. The following
error occurred: %%121. Your computer will continue to try and obtain an address on
its own from the network address (DHCP) server.


< End of report >

--------------

GMER.log:

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-28 23:19:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwDeleteKey [0xF1007110]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwDeleteValueKey [0xF1007070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwLoadKey [0xF1007190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwReplaceKey [0xF1007240]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwRestoreKey [0xF10072C0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.) ZwSetValueKey [0xF1006FC0]
SSDT \??\C:\Program Files\Squidbilly\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF0F84DF0]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F0FF7490] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F0FF7490] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F0FF7490] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F0FF7490] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [F10129C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F0FF7310] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F0FF7490] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F0FF76E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F0FF75A0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Zone Labs Inc.)

---- EOF - GMER 1.0.15 ----

Edited by christianullman, 29 May 2009 - 10:34 PM.


#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 30 May 2009 - 06:35 AM

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :files
     c:\windows\temp\htk0i.exe
    
    :Commands
    [emptytemp]
    [resethosts]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
====================
Then you should be able to update everything.

Please update\run Malwarebytes' Anti-Malware.

Double Click the Malwarebytes Anti-Malware icon to run the application.
  • Click on the update tab then click on Check for updates.
  • If an update is found, it will download and install the latest version.
  • Once the update has loaded, go to the Scanner tab and select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 May 2009 - 12:15 PM

Hi kahdah...thanks again for your help.

I did what you instructed me to do. Pasted the code into the box at the bottom of OTL. Ran the fix. I then tried to update MalwareBytes and the same problem occurred. I couldn't connect to it. Tried to update SAS and Avira and couldn't do that either.

I noticed that right after I pasted the code into OTL at the bottom of the program icon, and clicked "Run Fix", the top two lines of code that I pasted in, disappeared. Don't know if that helps you or not.

Here's the log -

========== FILES ==========
File\Folder c:\windows\temp\htk0i.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\ZLT07a6e.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 2.1.1.0 log created on 05292009_124332

Files moved on Reboot...
File C:\WINDOWS\temp\ZLT07a6e.TMP not found!

Registry entries deleted on Reboot...

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 30 May 2009 - 12:19 PM

ok strange that you still cannot connect.

Let's keep pegging away at it:

Download avz4.zip from here
  • Unzip it to your desktop to a folder named avz4
  • Double click on AVZ.exe to run it.
  • Run an update by clicking the Auto Update button on the Right of the Log window: Posted Image
  • Click Start to begin the update
Note: If you recieve an error message, chose a different source, then click Start again
  • After the update, from the "File" menu, choose "Standard Scripts"
  • Put a check next to item 2: Advanced System Investigation
  • Click Execute selected scripts
  • At the next prompt, click the OK button
  • Let the scan run and click "OK" when the completion prompt pops up
  • Now Close out of the Standard Scripts window, and exit AVZ
  • Navigate to the avz4 folder and locate the folder LOG
  • Inside the LOG folder you will find virusinfo_syscheck.htm and virusinfo_syscheck.zip
  • Attach the Compressed file, virusinfo_syscheck.zip, to your next reply.

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 May 2009 - 04:38 PM

Okay - I did what you asked.

The compressed file is attached to this reply...

Attached Files



#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 30 May 2009 - 05:09 PM

Nothing shows in any of the logs other than a registry leftover.

Have you tried to disable your firewall to see if it by happen stance is blocking those applications from connecting?
If you have not done so then please do so now.

Let me know if that allows for you to update anything.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#11 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 May 2009 - 06:04 PM

Yes, I disabled my firewall (ZoneAlarm) and still couldn't update. Then I tried to allow MalwareBytes access to the Net via ZoneAlarm, still couldn't update. I tried to do a system restore again - couldn't do it.

#12 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 May 2009 - 07:19 PM

Hello again...hey, I managed to download updates for MalwareBytes and SAS.

I ran a scan just now - deleted two Trojans. Nothing much has changed though, in terms of how my computer is running. My browswer still gets hijacked at Google and Yahoo!, when I do searches. Also, the computer is still running really slow. I think my system restore works now (I noticed one of trojans that was removed was a system restore trojan), but I haven't tried using system restore yet. I can only go back to April 22nd and I don't know if I had these problems back then or not. Thought I'd wait to hear back from you as per your suggestions.

Here's the log for MalwareBytes for the scan I just did -

Malwarebytes' Anti-Malware 1.37
Database version: 2198
Windows 5.1.2600 Service Pack 2

5/29/2009 7:42:04 PM
mbam-log-2009-05-29 (19-42-04).txt

Scan type: Full Scan (C:\|)
Objects scanned: 124594
Time elapsed: 24 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{1c74fea9-2d71-4415-8ae0-5dbb04006415}\RP937\A0050263.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lmppcsetup.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

#13 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 30 May 2009 - 09:04 PM

I'm curious how did you manage to get them to update?


Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#14 christianullman

christianullman
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 30 May 2009 - 11:09 PM

I shut down ZoneAlarm (for the fourth time), and finally I could update files to MalwareBytes and SAS. Same for Avira. I ran Avira and it found and deleted two things: HTML/FakeAlert.lok, and ADSPY/Agent.hqi.

Here is the GooredFix log:

GooredFix v1.92 by jpshortstuff
Log created at 00:05 on 30/05/2009 running Option #1 (Chris Ullman)
Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{34B3AB76-2344-4AB7-AC57-2DDF8B63C917}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#15 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:08:41 PM

Posted 30 May 2009 - 11:46 PM

Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users