Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Vundo Infection


  • This topic is locked This topic is locked
21 replies to this topic

#1 inquire1

inquire1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 23 January 2010 - 03:45 PM

My antispyware programs keep finding the Vundo virus on my system. Occasionally the system slows down and either a strange pop-up appears or Explorer opens to a blank page. On one occasion, Malewarebytes quit loading and I had trouble redownloading it (it works at this point). Malwarebytes and SuperAnti only seem to temporarily take care of the problem. Any advice or help in permanently removing this will be greatly appreciated. Thanks in advance!

jk


DDS File:


DDS (Ver_09-12-01.01) - NTFSx86
Run by jkoziol at 14:59:20.50 on Sat 01/23/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.315 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\Domino.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\lxcrcoms.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://cnn.com/
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [EPSON Stylus CX7400 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticda.exe /fu "c:\windows\temp\E_S146.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\jkoziol\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [LogitechSoftwareUpdate] "c:\program files\logitech\video\ManifestEngine.exe" boot
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [RoboPDF] c:\windows\system32\spool\drivers\w32x86\2\RPDFLchr.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Domino] c:\windows\Domino.exe
mRun: [lxcrmon.exe] "c:\program files\lexmark 2400 series\lxcrmon.exe"
mRun: [EzPrint] "c:\program files\lexmark 2400 series\ezprint.exe"
mRun: [LXCRCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXCRtime.dll,_RunDLLEntry@16
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [Ggilixudu] rundll32.exe "c:\windows\oxejovap.dll",Startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\mbammo\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\mbammo\mbamgui.exe /install /silent
StartupFolder: c:\docume~1\jkoziol\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-explorer: NoSMBalloonTip = 1 (0x1)
uPolicies-explorer: NoSMConfigurePrograms = 1 (0x1)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
Trusted Zone: cnn.com\www
Trusted Zone: previstar.com\vpn
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} - hxxp://www.ipix.com/download/ipixx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo2.walgreens.com/WalgreensActivia.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1184956454937
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://webcam.sewanee.edu/activex/AxisCamControl.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://m-cam.uchicago.edu/activex/AMC.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
AppInit_DLLs: hivikivo.dll c:\windows\system32\vajarusu.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: paberaleb - {45ae93ce-a8f9-49ad-834b-1932e591a326} - c:\windows\system32\vajarusu.dll
STS: tokatiluy: {45ae93ce-a8f9-49ad-834b-1932e591a326} - c:\windows\system32\vajarusu.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli jazefara.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jkoziol\applic~1\mozilla\firefox\profiles\4ojwk2b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com/
FF - plugin: c:\documents and settings\jkoziol\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jkoziol\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF} - c:\documents and settings\jkoziol\local settings\application data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-30 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-5-30 27784]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-11-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-11-23 74480]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloaded programs\VCdRom.sys [2001-12-19 8576]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-1-23 486280]
R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-20 587096]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-3 297752]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2004-5-3 80384]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-11-23 7408]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-1-18 16512]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [2006-7-18 99840]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [2008-8-20 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [2008-8-20 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [2008-8-20 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [2008-8-20 59520]

=============== Created Last 30 ================

2010-01-23 19:53:24 54016 ----a-w- c:\windows\system32\drivers\racyon.sys
2010-01-23 19:39:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 19:39:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 19:39:56 0 d-----w- c:\program files\MBAMMO
2010-01-23 16:12:32 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-23 16:12:11 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-23 16:12:10 0 d-----w- c:\windows\system32\ZoneLabs
2010-01-23 16:12:07 422437 ----a-w- c:\windows\system32\vsconfig.xml
2010-01-23 16:12:05 0 d-----w- c:\program files\Zone Labs
2010-01-23 16:11:22 0 d-----w- c:\windows\Internet Logs
2010-01-22 01:14:05 0 d-----w- C:\VundoFix Backups
2010-01-18 21:42:14 203576 ----a-w- c:\windows\system32\RICHTX32.OCX
2010-01-18 21:42:14 108336 ----a-w- c:\windows\system32\mswinsck.ocx
2010-01-18 21:42:13 209192 ----a-w- c:\windows\system32\tabctl32.ocx
2010-01-18 21:42:13 0 d-----w- c:\program files\CyberMistress
2010-01-18 04:02:26 0 d-----w- c:\docume~1\alluse~1\applic~1\RandomDresserData
2010-01-18 04:01:38 0 d-----w- c:\program files\RandomDresser
2010-01-17 21:48:15 0 ----a-w- c:\windows\Aqodohi.bin
2010-01-17 21:48:14 120 ----a-w- c:\windows\Kcusu.dat
2010-01-11 21:56:30 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2010-01-11 21:56:30 0 d-----w- c:\program files\Belarc
2009-12-30 15:09:23 2180096 ----a-w- c:\windows\system32\drivers\lvsvf2.sys
2009-12-30 15:00:16 0 d-----w- c:\program files\common files\Logitech
2009-12-30 14:59:53 86016 ----a-w- c:\windows\system32\vatee.ax
2009-12-30 14:59:53 856064 ----a-w- c:\windows\system32\Ltwvc12n.dll
2009-12-30 14:59:53 466944 ----a-w- c:\windows\system32\QCUI2.dll
2009-12-30 14:59:52 90112 ----a-w- c:\windows\system32\LQCUI2.dll
2009-12-30 14:59:52 78336 ----a-w- c:\windows\system32\lffax12n.dll
2009-12-30 14:59:52 406016 ----a-w- c:\windows\system32\ltkrn12n.dll
2009-12-30 14:59:52 328704 ----a-w- c:\windows\system32\LFCMP12n.DLL
2009-12-30 14:59:52 30720 ----a-w- c:\windows\system32\lfbmp12n.dll
2009-12-30 14:59:52 259072 ----a-w- c:\windows\system32\LTDIS12n.dll
2009-12-30 14:59:52 207872 ----a-w- c:\windows\system32\ltefx12n.dll
2009-12-30 14:59:52 164864 ----a-w- c:\windows\system32\ltimg12n.dll
2009-12-30 14:59:52 141312 ----a-w- c:\windows\system32\lftif12n.dll
2009-12-30 14:59:52 131072 ----a-w- c:\windows\system32\ltfil12n.DLL
2009-12-26 22:26:23 0 d-----w- c:\program files\Trend Micro

==================== Find3M ====================

2010-01-22 00:00:37 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 07:46:59 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46:50 17408 ------w- c:\windows\system32\corpol.dll
2008-06-09 15:49:21 287 ----a-w- c:\program files\Shortcut to RoboForm2Go (E).lnk
2008-10-08 16:54:28 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008100820081009\index.dat

============= FINISH: 15:02:48.56 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:42 AM

Posted 29 January 2010 - 06:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. In the custom scan box paste the following:
    CODE
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
  6. Push the button.
  7. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 01 February 2010 - 08:51 PM

Thanks in advance for the help. Right now I'm still getting Google search hijacks. The system randomly slows down, then to get to a web page, I have to refresh a couple times. I removed an HP printer app and got a warning saying it contained a keylogger.

Here are the two logs, starting with the OTL, then the Extras. Thanks again, your assistance is greatly appreciated.

Let me know what else you need.


OTL logfile created on: 2/1/2010 8:04:03 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\jkoziol\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 15.48 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RS0502
Current User Name: jkoziol
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/01 19:38:08 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jkoziol\Desktop\OTL.exe
PRC - [2010/02/01 18:19:45 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/02/01 18:19:41 | 002,033,432 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/02/01 18:19:38 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/02/01 18:19:38 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/02/01 18:19:38 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/02/01 18:19:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/01/21 19:00:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2010/01/12 07:17:59 | 002,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/11 11:03:53 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/11/22 15:42:50 | 001,037,192 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/11/26 08:58:04 | 000,587,096 | ---- | M] (Lavasoft AB) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
PRC - [2007/08/06 13:58:55 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/08/18 15:58:14 | 000,049,152 | ---- | M] () -- C:\WINDOWS\Domino.exe
PRC - [2006/03/14 08:01:00 | 000,026,112 | ---- | M] (TechSmith Corporation) -- C:\Program Files\TechSmith\SnagIt 8\TscHelp.exe
PRC - [2006/03/06 13:48:46 | 000,286,720 | ---- | M] () -- C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
PRC - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) -- C:\WINDOWS\system32\lxcrcoms.exe
PRC - [2006/02/07 01:10:34 | 000,098,304 | ---- | M] (Lexmark International Inc.) -- C:\Program Files\Lexmark 2400 Series\ezprint.exe
PRC - [2005/12/09 19:29:52 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2005/09/08 04:20:00 | 000,122,940 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\DLA\DLACTRLW.EXE
PRC - [2005/07/19 17:32:18 | 000,221,184 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/05/12 20:43:50 | 000,364,544 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2005/05/12 20:00:00 | 000,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2004/10/30 13:59:54 | 000,385,024 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
PRC - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2004/09/07 15:08:02 | 000,389,120 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2004/09/07 15:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
PRC - [2004/09/07 15:03:40 | 000,245,760 | ---- | M] (Intel) -- C:\Program Files\Intel\Wireless\Bin\1XConfig.exe
PRC - [2004/09/07 15:02:40 | 000,086,016 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
PRC - [2004/09/07 15:02:04 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2004/01/22 11:54:40 | 000,108,032 | ---- | M] (Macromedia) -- C:\WINDOWS\system32\spool\drivers\w32x86\2\RPDFLchr.exe


========== Modules (SafeList) ==========

MOD - [2010/02/01 19:38:08 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jkoziol\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2010/02/01 18:19:37 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/01/21 19:00:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/11/22 15:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/06 12:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/03/20 15:43:26 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008/11/07 14:28:16 | 000,132,424 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/10/10 04:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/29 10:18:44 | 000,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2007/11/26 08:58:04 | 000,587,096 | ---- | M] (Lavasoft AB) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe -- (aawservice)
SRV - [2007/09/06 08:16:45 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/20 11:37:35 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2007/08/13 09:34:03 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2007/01/19 11:54:14 | 000,097,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006/02/20 15:23:08 | 000,495,616 | ---- | M] ( ) [On_Demand | Running] -- C:\WINDOWS\System32\lxcrcoms.exe -- (lxcr_device)
SRV - [2005/05/12 20:43:50 | 000,364,544 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2004/10/22 03:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/07 15:12:32 | 000,225,353 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2004/09/07 15:05:10 | 000,360,521 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2004/09/07 15:02:40 | 000,086,016 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng)
SRV - [2004/09/07 15:02:04 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc)
SRV - [2003/07/28 11:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2010/02/01 18:19:50 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/02/01 18:19:50 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/02/01 18:19:50 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/11/23 08:43:30 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/23 08:43:30 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/11/23 08:43:28 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/11/22 15:42:54 | 000,486,280 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/05/18 13:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/05/06 01:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2008/05/06 01:01:50 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/11/12 09:55:04 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2007/09/04 08:43:00 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/08/17 20:56:46 | 000,059,520 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMWWAN.sys -- (PTDMWWAN)
DRV - [2007/08/17 20:56:40 | 000,039,936 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMVsp.sys -- (PTDMVsp)
DRV - [2007/08/17 20:56:38 | 000,041,856 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMMdm.sys -- (PTDMMdm)
DRV - [2007/08/17 20:56:34 | 000,029,952 | ---- | M] (DEVGURU Co,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PTDMBus.sys -- (PTDMBus)
DRV - [2007/07/26 18:06:18 | 000,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/07/20 13:08:01 | 000,017,056 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP) AEGIS Protocol (IEEE 802.1x)
DRV - [2007/06/13 08:24:16 | 001,469,312 | ---- | M] (ZSMC.Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZS211.sys -- (ZSMC211) ZSMC USB PC Camera (ZS0211)
DRV - [2006/07/18 12:40:40 | 000,099,840 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr97310v.sys -- (MR97310_VGA_DUAL_CAMERA)
DRV - [2006/01/19 19:41:52 | 000,010,368 | R--- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/09/18 17:02:52 | 000,005,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerGuardian2\pgfilter.sys -- (pgfilter)
DRV - [2005/09/12 02:30:00 | 000,089,264 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2005/09/08 04:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 04:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 04:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 04:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 04:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 04:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 04:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 11:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 11:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/12 04:20:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/05/12 20:46:20 | 001,132,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/03/21 11:00:24 | 000,004,096 | ---- | M] (SuperAdBlocker.com) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\sabprocenum.sys -- (SABProcEnum)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2005/01/31 11:20:04 | 000,211,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)
DRV - [2004/12/13 16:14:00 | 000,039,904 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\cercsr6.sys -- (cercsr6)
DRV - [2004/10/21 14:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/08/31 07:53:04 | 000,011,354 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2004/08/23 13:49:30 | 000,121,472 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2004/08/12 07:44:04 | 000,234,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\iwca.sys -- (IWCA)
DRV - [2004/08/04 05:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 05:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2004/06/17 14:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/03 15:26:16 | 000,080,384 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2004/03/17 11:04:14 | 000,013,059 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001/12/19 10:45:00 | 000,008,576 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Downloaded Programs\VCdRom.sys -- (vcdrom)
DRV - [2001/08/22 07:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://cnn.com/
IE - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://cnn.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}:1.9.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Firefox\Extensions\\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}: C:\Documents and Settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF} [2010/01/17 16:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/02/01 18:19:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/11 11:04:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/21 19:01:09 | 000,000,000 | ---D | M]

[2009/12/11 15:41:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkoziol\Application Data\Mozilla\Extensions
[2010/02/01 18:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jkoziol\Application Data\Mozilla\Firefox\Profiles\4ojwk2b2.default\extensions
[2010/02/01 18:21:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\tbFre1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [Domino] C:\WINDOWS\Domino.exe ()
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EzPrint] C:\Program Files\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe (Logitech Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech Inc.)
O4 - HKLM..\Run: [LXCRCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtime.DLL ()
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe File not found
O4 - HKLM..\Run: [RoboPDF] C:\WINDOWS\system32\spool\drivers\w32x86\2\RPDFLchr.exe (Macromedia)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [EPSON Stylus CX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDA.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [Google Update] C:\Documents and Settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [LogitechSoftwareUpdate] C:\Program Files\Logitech\Video\ManifestEngine.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe (TechSmith Corporation)
O4 - Startup: C:\Documents and Settings\jkoziol\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Security present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..Trusted Domains: cnn.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..Trusted Domains: previstar.com ([vpn] https in Trusted sites)
O15 - HKU\S-1-5-21-3937978654-3413530169-4077935632-1643\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/200707...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} http://www.ipix.com/download/ipixx.cab (iPIX ActiveX Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.7.109.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo2.walgreens.com/WalgreensActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1184956454937 (WUWebControl Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.0...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.sewanee.edu/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} http://m-cam.uchicago.edu/activex/AMC.cab (AxisMediaControlEmb Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = previstar.priv
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (hivikivo.dll) - File not found
O20 - AppInit_DLLs: (c:\windows\system32\vajarusu.dll) - C:\WINDOWS\System32\vajarusu.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\IntelWireless: DllName - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll (Intel Corporation)
O21 - SSODL: paberaleb - {45ae93ce-a8f9-49ad-834b-1932e591a326} - C:\WINDOWS\System32\vajarusu.dll File not found
O22 - SharedTaskScheduler: {45ae93ce-a8f9-49ad-834b-1932e591a326} - tokatiluy - C:\WINDOWS\System32\vajarusu.dll File not found
O24 - Desktop WallPaper: C:\Documents and Settings\jkoziol\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jkoziol\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/20 12:46:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{27e5140c-0f19-11dd-aae9-0013ce40e1a1}\Shell - "" = AutoRun
O33 - MountPoints2\{27e5140c-0f19-11dd-aae9-0013ce40e1a1}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/07/20 12:46:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe - (Google)
MsConfig - StartUpFolder: C:^Documents and Settings^jkoziol^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk - Reg Error: Value error. - File not found
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe File not found
MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe File not found
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: ZSSnp211 - hkey= - key= - C:\WINDOWS\ZSSnp211.exe (ZSMCSNAP)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2

SafeBootMin: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: aawservice - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft AB)
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: hitmanpro35 - Reg Error: Value error.
SafeBootNet: hitmanpro35.sys - Reg Error: Value error.
SafeBootNet: HitmanPro35Crusader - Reg Error: Value error.
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: nm - File not found
SafeBootNet: nm.sys - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.2
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.2
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {DA1888A2-EC20-43AF-0895-56A8CD7D3A68} - Security Update for Microsoft .NET Framework 2.0 (KB922770)
ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297)
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EB313669-C128-E8CB-5477-3F1F0DBAB49E} - NetShow
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {EFB9E280-0AEE-E9F4-0B56-8221B9228D5E} - NetShow
ActiveX: {F95FAB06-C2B7-7F19-B89E-7E53F21CEB4E} - Browser Customizations
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corp.)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\LVCodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2010/02/01 19:38:08 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jkoziol\Desktop\OTL.exe
[2010/02/01 18:20:16 | 000,000,000 | -H-D | C] -- C:\$AVG
[2010/02/01 18:19:50 | 000,360,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/01 18:19:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/02/01 18:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/02/01 18:02:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/02/01 18:02:20 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/02/01 18:02:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/25 09:39:32 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jkoziol\Recent
[2010/01/24 14:42:49 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/01/24 13:09:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/01/24 13:09:26 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/01/23 14:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/23 14:39:57 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/23 14:39:56 | 000,000,000 | ---D | C] -- C:\Program Files\MBAMMO
[2010/01/23 11:12:27 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/01/23 11:12:22 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/01/23 11:12:22 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/01/23 11:12:14 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/01/23 11:12:11 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/01/23 11:12:11 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/01/23 11:12:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/01/23 11:12:09 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/01/23 11:12:09 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/01/23 11:12:07 | 000,486,280 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/01/23 11:12:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/01/23 11:11:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/01/23 11:11:21 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/01/23 11:11:21 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/01/23 11:11:21 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/01/21 20:14:05 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2010/01/21 19:01:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/01/21 19:01:09 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 19:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 19:01:09 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/18 16:42:14 | 000,203,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\RICHTX32.OCX
[2010/01/18 16:42:14 | 000,108,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mswinsck.ocx
[2010/01/18 16:42:13 | 000,209,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\tabctl32.ocx
[2010/01/18 16:42:13 | 000,000,000 | ---D | C] -- C:\Program Files\CyberMistress
[2010/01/17 23:02:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RandomDresserData
[2010/01/17 23:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\RandomDresser
[2010/01/17 16:48:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}
[2010/01/11 16:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\Belarc
[2010/01/03 14:11:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\Logitech-LS
[2009/11/08 18:28:24 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrinpa.dll
[2009/11/08 18:28:24 | 000,393,216 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcriesc.dll
[2009/11/08 18:27:26 | 001,183,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrserv.dll
[2009/11/08 18:27:26 | 000,995,328 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrusb1.dll
[2009/11/08 18:27:26 | 000,610,304 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomc.dll
[2009/11/08 18:27:26 | 000,536,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrlmpm.dll
[2009/11/08 18:27:26 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrcomm.dll
[2009/11/08 18:27:26 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrprox.dll
[2009/11/08 18:27:26 | 000,114,688 | ---- | C] ( ) -- C:\WINDOWS\System32\lxcrpplc.dll
[2007/08/13 09:07:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\1-Step RoboPDF
[2007/08/07 20:28:02 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.sys
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/01 20:10:43 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643UA.job
[2010/02/01 19:49:37 | 000,002,335 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2010/02/01 19:48:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/02/01 19:48:08 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/02/01 19:45:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/01 19:45:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/01 19:41:06 | 013,893,632 | ---- | M] () -- C:\Documents and Settings\jkoziol\ntuser.dat
[2010/02/01 19:41:06 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\jkoziol\ntuser.ini
[2010/02/01 19:38:08 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jkoziol\Desktop\OTL.exe
[2010/02/01 19:32:52 | 000,087,608 | ---- | M] () -- C:\Documents and Settings\jkoziol\Application Data\inst.exe
[2010/02/01 19:32:52 | 000,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.sys
[2010/02/01 19:32:52 | 000,007,887 | ---- | M] () -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.cat
[2010/02/01 19:32:52 | 000,001,144 | ---- | M] () -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.inf
[2010/02/01 18:19:59 | 054,966,920 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/01 18:19:51 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
[2010/02/01 18:19:51 | 000,001,514 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/02/01 18:19:50 | 000,360,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2010/02/01 18:19:50 | 000,333,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2010/02/01 18:19:50 | 000,113,461 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavichjw.avm
[2010/02/01 18:19:50 | 000,028,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2010/02/01 17:07:04 | 000,000,934 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643Core.job
[2010/02/01 08:26:10 | 000,015,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/30 01:19:29 | 000,000,664 | ---- | M] () -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\d3d9caps.dat
[2010/01/26 17:00:31 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/24 14:42:49 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\WINDOWS\System32\bootdelete.exe
[2010/01/24 01:06:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Aqodohi.bin
[2010/01/23 14:40:03 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 14:31:47 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Kcusu.dat
[2010/01/23 14:24:17 | 000,006,456 | -H-- | M] () -- C:\WINDOWS\System32\pususega
[2010/01/23 11:13:04 | 000,422,437 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/23 11:12:32 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/21 19:00:37 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2010/01/21 19:00:37 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2010/01/21 19:00:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2010/01/21 19:00:37 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2010/01/21 19:00:37 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2010/01/19 16:24:34 | 000,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg
[2010/01/18 19:49:07 | 000,009,569 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2010/01/17 14:21:32 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2010/01/17 14:21:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2010/01/16 17:05:48 | 006,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg
[2010/01/16 17:05:48 | 000,492,629 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg
[2010/01/12 06:46:03 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2010/01/12 06:46:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2010/01/11 16:56:35 | 000,001,755 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/07 16:07:14 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/01/07 16:07:04 | 000,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/01/04 15:48:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2010/01/04 15:48:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2010/01/03 14:14:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2010/01/03 14:14:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,006,456 | -H-- | C] () -- C:\WINDOWS\System32\pususega
[2010/02/01 18:19:51 | 000,001,514 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 9.0.lnk
[2010/01/24 13:09:58 | 000,015,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/01/23 14:40:03 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/01/23 11:12:32 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/01/23 11:12:07 | 000,422,437 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/01/17 16:48:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Aqodohi.bin
[2010/01/17 16:48:14 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Kcusu.dat
[2010/01/11 16:56:35 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2010/01/11 16:56:30 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/12/30 10:00:20 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/11/08 18:28:26 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxcrvs.dll
[2009/11/08 18:28:22 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\lxcrcoin.dll
[2009/11/08 18:27:51 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxcrdrs.dll
[2009/11/08 18:27:51 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxcrcaps.dll
[2009/11/08 18:27:50 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxcrcnv4.dll
[2009/11/08 18:27:27 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\LXCRinst.dll
[2009/10/04 13:38:00 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2009/10/03 09:33:27 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/07/26 13:00:01 | 000,000,318 | ---- | C] () -- C:\WINDOWS\ReSize.INI
[2009/07/23 14:27:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ransom.INI
[2009/06/28 15:59:45 | 000,000,370 | ---- | C] () -- C:\WINDOWS\VivTV.ini
[2009/06/28 02:19:20 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\d3d9caps.dat
[2008/12/26 22:42:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\game.INI
[2008/08/21 13:59:47 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
[2008/07/20 20:21:15 | 000,000,054 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2008/07/18 23:08:59 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/07/08 19:56:41 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/07/06 18:17:28 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/07/05 12:35:26 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AVIConverter.INI
[2008/06/10 19:07:20 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/06/10 19:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/06/10 19:03:26 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/06/09 10:49:21 | 000,000,287 | ---- | C] () -- C:\Program Files\Shortcut to RoboForm2Go (E).lnk
[2008/05/22 17:18:54 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2007/11/12 09:55:04 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\jkoziol\Application Data\inst.exe
[2007/10/28 17:30:20 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/08 10:29:47 | 000,000,317 | ---- | C] () -- C:\WINDOWS\IpxViewr.INI
[2007/10/08 10:25:39 | 000,000,037 | ---- | C] () -- C:\WINDOWS\ipixActivex.ini
[2007/08/31 08:30:29 | 000,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/13 09:10:48 | 000,000,351 | ---- | C] () -- C:\WINDOWS\WHOffice.INI
[2007/08/13 09:01:59 | 000,009,569 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/07 20:28:08 | 000,000,055 | ---- | C] () -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.log
[2007/08/07 20:28:02 | 000,081,920 | ---- | C] () -- C:\Documents and Settings\jkoziol\Application Data\ezpinst.exe
[2007/08/07 20:28:02 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.cat
[2007/08/07 20:28:02 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\jkoziol\Application Data\pcouffin.inf
[2007/08/07 12:47:58 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/08/06 18:23:04 | 000,155,648 | ---- | C] () -- C:\Documents and Settings\jkoziol\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/07/23 09:53:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/07/23 09:30:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/07/23 08:49:07 | 000,087,800 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2007/07/20 14:20:52 | 000,000,175 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/20 13:01:53 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\stac97co.dll
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/11/18 13:47:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/12 07:44:10 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\iwca.dll
[2003/03/07 01:05:46 | 000,115,712 | ---- | C] () -- C:\WINDOWS\System32\Crush32.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/12 09:58:20 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2001/10/12 09:57:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2000/12/07 09:13:58 | 000,015,164 | ---- | C] () -- C:\WINDOWS\Mr310twv.ini
[1995/10/16 16:55:44 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >


< MD5 for: AGP440.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/08 11:11:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/08 11:11:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 05:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/08 11:11:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/08 11:11:34 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 05:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: IASTOR.SYS >
[2006/05/11 11:30:52 | 000,247,808 | ---- | M] (Intel Corporation) MD5=294110966CEDD127629C5BE48367C8CF -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2006/03/16 19:51:32 | 000,099,840 | ---- | M] (NVIDIA Corporation) MD5=B7FB72492B753930EC70A0F49D04F12F -- C:\WINDOWS\dell\nvraid\NvAtaBus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 05:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:103E5DF0
< End of report >







OTL Extras logfile created on: 2/1/2010 8:04:03 PM - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Documents and Settings\jkoziol\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 327.00 Mb Available Physical Memory | 32.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.89 Gb Total Space | 15.48 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RS0502
Current User Name: jkoziol
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- (Microsoft Corporation)
"%windir%\system32\drivers\svchost.exe" = %windir%\system32\drivers\svchost.exe:*:Enabled:svchost -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}" = Adobe Audition 2.0
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{096A81D0-D6D6-4193-A122-1951E0783D28}" = Previstar CPS - Statusboards (Build 5.0.2.1322)
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 18
"{28DA872A-0848-48CF-B749-19A198157A2A}" = mDriver
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2C9A62F0-D1B3-4E2C-A7D9-24F38FF2A379}" = GEAR driver installer for x86 and x64
"{2E7B6B00-5ECD-49A1-8FD4-4B647C5D8027}" = Adobe Captivate 3
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{44D02D8B-FFB3-4245-8D26-68D10B4C4023}" = ZSMC USB PC Camera (ZS0211)
"{44E75850-B838-43D2-8F37-84D3FB71FF6E}" = VGA Dual-Mode Camera
"{46891FF9-F43A-4AE6-B3F2-5C3FD4CC4B81}" = 1-Step RoboPDF 3.1
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.06
"{52503B4E-149A-4731-A6FF-495067EABFDC}" = TI_Inst
"{5299C5E1-70F9-3D1D-A1FA-BDECA4EC8015}" = Google Talk Plugin
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6DE14BE4-6F04-4935-8ABD-A0A19FE2E55A}" = mCore
"{6FFFE74E-3FBD-4E2E-97F9-5E9A2A077626}" = mIWCA
"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85E6BACC-C8B2-49DD-A28B-6318E516E0CF}" = Ovation
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8B422518-2C90-4F72-9989-356EA3731669}" = Macromedia Captivate
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3 Platinum
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}" = Adobe Illustrator CS
"{92D34E42-4C6F-11D5-A76D-006008D256FF}" = Nancy Drew: Treasure in the Royal Tower
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{949DBB22-2FB7-4de1-804C-23D495A988D8}" = CuteFTP 8 Home
"{991B1E79-12B6-40C3-A081-1FC47C6F2F37}" = Bulk Rename Utility 2, 5, 4, 3
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = C-Major Audio
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B29B0066-547B-402c-9C0D-090E2F928A01}" = PANTECH PC USB Modem Software
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software
"{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}" = mToolkit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D13E9EC4-BBB2-49BA-9E4C-10270F542411}" = RoboHelp Office X5.0.2 Update
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DDCC4FB0-3C82-494F-9376-66E5F1486358}" = Ovation
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware 2007
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{E80D3B3D-86EE-4B6B-831B-C5B0D30F71DE}" = Microsoft Office Live Meeting 2005
"{E89B484C-B913-49A0-959B-89E836001658}" = GEAR 32bit Driver Installer
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{ECD5DF04-44C7-43C6-A05A-A43F05344FC0}" = RoboSource Control
"{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}" = Adobe Stock Photos 1.0
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FFE6976E-4341-429C-BBBC-1303B01BD970}" = Previstar CPS - GIS (Build 5.0.2.1319)
"Abexo Free Registry Cleaner" = Abexo Free Registry Cleaner
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.1.0 Professional
"Adobe Audition 2.0" = Adobe Audition 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe InDesign CS2 - {7F4C8163-F259-49A0-A018-2857A90578BC}" = Adobe InDesign CS2
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AVG9Uninstall" = AVG 9.0
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"AviSynth" = AviSynth 2.5
"AXIS Media Control Embedded" = AXIS Media Control Embedded
"Belarc Advisor" = Belarc Advisor 8.1
"BitTorrent" = BitTorrent
"Boilsoft AVI to VCD SVCD DVD Converter_is1" = Boilosft AVI to VCD SVCD DVD Converter 3.61
"CCleaner" = CCleaner
"Check Identical Files_is1" = Check Identical Files version 2.20
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.92 Modem
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"CutePDF Writer Installation" = CutePDF Writer 2.7
"CUZ4_is1" = CAM UnZip 4.42
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 6_is1" = DVDFab 6.0.6.0 (04/09/2009)
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.0.11
"Forte Agent" = Forté Agent
"Freecorder Toolbar" = Freecorder Toolbar
"Freecorder Toolbar3.02" = Freecorder Toolbar 3.02 Application
"FreeUndelete" = FreeUndelete
"Google Updater" = Google Updater
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{46891FF9-F43A-4AE6-B3F2-5C3FD4CC4B81}" = 1-Step RoboPDF 3.1
"InstallShield_{52503B4E-149A-4731-A6FF-495067EABFDC}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{D13E9EC4-BBB2-49BA-9E4C-10270F542411}" = RoboHelp Office X5.0.2 Update
"InstallShield_{ECD5DF04-44C7-43C6-A05A-A43F05344FC0}" = RoboSource Control
"InstallShield_{FA291352-8B46-4678-B344-C176F28C5C3E}" = RoboHelp Office X5
"IPIX Viewer" = IPIX Viewer
"KLiteCodecPack_is1" = K-Lite Codec Pack 3.9.5 (Standard)
"Lexmark 2400 Series" = Lexmark 2400 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mmfvsetup_is1" = MixMeister Fusion + Video 7.3.2
"Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7)
"Mp3tag" = Mp3tag v2.43
"mr97310v_930effb4fb2946cade43a25b55651187aae405f3" = Windows Driver Package - Camera Maker (MR97310_VGA_DUAL_CAMERA) Image 07/18/2006 2.0.1.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PeerGuardian_is1" = PeerGuardian 2.0
"ProInst" = Intel® PROSet/Wireless Software
"Python 2.4.1" = Python 2.4.1
"QcDrv" = Logitech® Camera Driver
"QuickPar" = QuickPar 0.9
"RadLight MPC DirectShow Filter" = RadLight MPC DirectShow Filter (remove only)
"RealPlayer 6.0" = RealPlayer
"Savings Bond Wizard" = Savings Bond Wizard
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
"ThumbsPlus7" = ThumbsPlus version 7.0
"TurboTax 2008" = TurboTax 2008
"VivTV" = VivTV
"VZAccess Manager" = VZAccess Manager
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 3 Free 3.92
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Creator" = Xilisoft DVD Creator
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/1/2010 5:10:30 PM | Computer Name = RS0502 | Source = Google Update | ID = 20
Description =

Error - 2/1/2010 5:14:16 PM | Computer Name = RS0502 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/1/2010 6:10:33 PM | Computer Name = RS0502 | Source = Google Update | ID = 20
Description =

Error - 2/1/2010 7:10:32 PM | Computer Name = RS0502 | Source = Google Update | ID = 20
Description =

Error - 2/1/2010 8:10:31 PM | Computer Name = RS0502 | Source = Google Update | ID = 20
Description =

Error - 2/1/2010 8:47:52 PM | Computer Name = RS0502 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/1/2010 8:47:55 PM | Computer Name = RS0502 | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x8007054b). The specified domain either does not exist
or could not be contacted. Enrollment will not be performed.

Error - 2/1/2010 8:48:19 PM | Computer Name = RS0502 | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The specified domain either does not exist or could not be contacted.
). Group Policy processing aborted.

Error - 2/1/2010 8:48:37 PM | Computer Name = RS0502 | Source = UserInit | ID = 1000
Description = Could not execute the following script \\previstar.priv\sysvol\previstar.priv\scripts\startup.bat.
No network provider accepted the given network path. .

Error - 2/1/2010 9:10:41 PM | Computer Name = RS0502 | Source = Google Update | ID = 20
Description =

[ PREVISTAR Events ]
Error - 11/4/2007 1:51:20 PM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 11/7/2007 3:46:27 PM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = The requested operation cannot be performed on a file with a user-mapped
section open.

Error - 3/2/2008 6:53:56 PM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 3/2/2008 6:54:55 PM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:49:28 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:50:27 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:51:47 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:53:52 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:54:10 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

Error - 4/24/2008 11:58:51 AM | Computer Name = RS0502 | Source = Previstar.Gis | ID = 3
Description = An error has occurred while establishing a connection to the server.
When connecting to SQL Server 2005, this failure may be caused by the fact that
under the default settings SQL Server does not allow remote connections. (provider:
Named Pipes Provider, error: 40 - Could not open a connection to SQL Server) -->Server:
, at Procedure Call:

[ System Events ]
Error - 2/1/2010 10:59:36 AM | Computer Name = RS0502 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 119 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 12:59:36 PM | Computer Name = RS0502 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 239 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 1:14:18 PM | Computer Name = RS0502 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PREVISTAR due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2/1/2010 4:59:37 PM | Computer Name = RS0502 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 479 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 5:29:17 PM | Computer Name = RS0502 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PREVISTAR due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2/1/2010 8:24:54 PM | Computer Name = RS0502 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 2/1/2010 8:47:53 PM | Computer Name = RS0502 | Source = NETLOGON | ID = 5719
Description = No Domain Controller is available for domain PREVISTAR due to the
following: %%1311. Make sure that the computer is connected to the network and try
again.
If the problem persists, please contact your domain administrator.

Error - 2/1/2010 8:48:49 PM | Computer Name = RS0502 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 2/1/2010 8:48:57 PM | Computer Name = RS0502 | Source = Service Control Manager | ID = 7023
Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated
with the following error: %%2147500053

Error - 2/1/2010 9:03:52 PM | Computer Name = RS0502 | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 29 minutes. NtpClient has no source of accurate
time.


< End of report >


#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:42 AM

Posted 05 February 2010 - 10:59 AM

Hi,

please also run a scan with gmer:

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 05 February 2010 - 08:16 PM

Okay, here you go! Let me know what's next.

Thanks!


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-05 19:40:20
Windows 5.1.2600 Service Pack 3
Running: ggi8hgdz.exe; Driver: C:\DOCUME~1\jkoziol\LOCALS~1\Temp\fwldrpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xEE629630]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xEE622D80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xEE647070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xEE629E40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xEE629FB0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xEE623C60]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xEE648780]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xEE648160]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xEE649080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xEE6492B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xEE623750]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xEE64A430]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xEE649A40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xEE629180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xEE64A0D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xEE624080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xEE64A8E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xEE647970]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xEE5B70B0]

---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\DRIVERS\gtipci21.sys entry point in "init" section [0xF70A5A80]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [EE62D3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [EE62D3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [EE62D3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [EE62D3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [EE62D3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [EE62F7C0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [EE62EE90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [EE62F080] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Registry - GMER 1.0.15 ----

Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D7F92E8-744C-A522-67FE-C2B4A1D230C0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D7F92E8-744C-A522-67FE-C2B4A1D230C0}@napndjigfphagbbjmfofapbcedmf 0x6A 0x61 0x65 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23E50C84-F562-6971-DD25-27E1B81F59E0}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23E50C84-F562-6971-DD25-27E1B81F59E0}@iabaofkbcenhipjhie 0x69 0x61 0x63 0x70 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23E50C84-F562-6971-DD25-27E1B81F59E0}@hahagbkklkmllgac 0x6A 0x61 0x62 0x70 ...

---- EOF - GMER 1.0.15 ----


#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:42 AM

Posted 05 February 2010 - 08:20 PM

Hi,

please run a scan with ComboFix next:

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 05 February 2010 - 10:43 PM

Here you go. As an update, the google hijack seems to have stopped, but there still are delays when accessing websites.

Thanks!

ComboFix 10-02-05.02 - jkoziol 02/05/2010 22:05:57.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.524 [GMT -5:00]
Running from: c:\my documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\jkoziol\Application Data\.#
c:\documents and settings\jkoziol\Application Data\inst.exe
c:\documents and settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}
c:\documents and settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}\chrome.manifest
c:\documents and settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}\chrome\content\_cfg.js
c:\documents and settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}\chrome\content\overlay.xul
c:\documents and settings\jkoziol\Local Settings\Application Data\{0EA9AAF0-0685-48E6-96AA-FF885D6F7EAF}\install.rdf
c:\recycler\S-1-5-21-1202660629-1965331169-682003330-1003
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\ModemLog_PANTECH USB Modem .txt

.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.

2010-02-01 23:20 . 2010-02-01 23:20 -------- d-----w- C:\$AVG
2010-02-01 23:19 . 2010-02-01 23:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-01 23:19 . 2010-02-01 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-01 23:00 . 2010-01-25 12:38 3777816 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
2010-01-24 19:42 . 2010-01-24 19:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-01-24 18:09 . 2010-02-01 13:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-24 18:09 . 2010-01-24 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-01-24 18:09 . 2010-01-24 18:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-23 19:39 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 19:39 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 19:39 . 2010-01-23 19:40 -------- d-----w- c:\program files\MBAMMO
2010-01-23 16:12 . 2010-01-23 16:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-23 16:12 . 2009-11-22 20:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-23 16:12 . 2009-11-22 20:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-23 16:12 . 2009-11-22 20:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-23 16:12 . 2010-01-23 16:12 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-23 16:12 . 2010-01-23 16:12 -------- d-----w- c:\program files\Zone Labs
2010-01-23 16:11 . 2010-02-06 03:21 -------- d-----w- c:\windows\Internet Logs
2010-01-22 01:14 . 2010-01-22 01:14 -------- d-----w- C:\VundoFix Backups
2010-01-22 00:01 . 2010-01-22 00:01 61440 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79886d27-n\decora-sse.dll
2010-01-22 00:01 . 2010-01-22 00:01 503808 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f5301c4-n\msvcp71.dll
2010-01-22 00:01 . 2010-01-22 00:01 499712 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f5301c4-n\jmc.dll
2010-01-22 00:01 . 2010-01-22 00:01 348160 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7f5301c4-n\msvcr71.dll
2010-01-22 00:01 . 2010-01-22 00:01 12800 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-79886d27-n\decora-d3d.dll
2010-01-18 21:42 . 2010-01-19 23:29 -------- d-----w- c:\program files\CyberMistress
2010-01-18 04:02 . 2010-01-18 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\RandomDresserData
2010-01-18 04:01 . 2010-02-02 00:36 -------- d-----w- c:\program files\RandomDresser
2010-01-17 21:48 . 2010-01-24 06:06 0 ----a-w- c:\windows\Aqodohi.bin
2010-01-17 21:48 . 2010-01-23 19:31 120 ----a-w- c:\windows\Kcusu.dat
2010-01-12 22:44 . 2010-01-12 22:44 1956072 ----a-w- c:\documents and settings\jkoziol\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-01-11 21:56 . 2010-01-11 21:56 -------- d-----w- c:\program files\Belarc
2010-01-11 21:56 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 02:33 . 2010-01-23 16:47 3744041 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-06 02:13 . 2007-08-16 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-05 13:17 . 2007-08-06 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-03 12:24 . 2010-02-03 12:39 2857984 ----a-w- c:\windows\Internet Logs\xDBC.tmp
2010-02-02 00:35 . 2009-02-14 18:50 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 00:33 . 2007-11-12 14:55 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-02-02 00:32 . 2007-08-08 01:28 -------- d-----w- c:\documents and settings\jkoziol\Application Data\Vso
2010-02-02 00:32 . 2007-08-08 01:28 47360 ----a-w- c:\documents and settings\jkoziol\Application Data\pcouffin.sys
2010-02-02 00:32 . 2007-08-08 01:28 47360 ----a-w- c:\documents and settings\jkoziol\Application Data\pcouffin.sys
2010-02-02 00:32 . 2008-12-29 23:39 -------- d-----w- c:\program files\DNA
2010-02-01 23:19 . 2009-02-03 21:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-01 23:19 . 2008-05-30 14:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-01 23:19 . 2008-05-30 14:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-01 23:19 . 2008-05-30 14:38 -------- d-----w- c:\program files\AVG
2010-02-01 22:59 . 2007-09-05 14:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-01 21:51 . 2007-08-09 00:13 -------- d-----w- c:\program files\Thumbs7
2010-02-01 00:36 . 2007-09-13 23:35 -------- d-----w- c:\documents and settings\jkoziol\Application Data\BitTorrent
2010-01-31 17:52 . 2009-12-11 03:19 117760 ----a-w- c:\documents and settings\jkoziol\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-30 06:19 . 2009-06-28 07:19 664 ----a-w- c:\documents and settings\jkoziol\Local Settings\Application Data\d3d9caps.dat
2010-01-26 12:31 . 2007-10-08 16:49 -------- d-----w- c:\program files\PeerGuardian2
2010-01-23 14:02 . 2009-04-04 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 00:01 . 2007-09-05 13:54 -------- d-----w- c:\program files\Common Files\Java
2010-01-22 00:00 . 2009-03-29 21:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 19:13 . 2007-12-28 13:24 -------- d-----w- c:\documents and settings\jkoziol\Application Data\GrabIt
2010-01-13 00:28 . 2008-07-21 00:45 -------- d-----w- c:\program files\Kids Cam Show and Share Creativity Center
2010-01-12 12:17 . 2009-12-11 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-12 12:07 . 2009-11-08 23:29 -------- d-----w- c:\program files\lx_cats
2010-01-05 20:12 . 2009-12-24 12:35 52224 ----a-w- c:\documents and settings\jkoziol\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2009-12-30 15:00 . 2009-12-30 15:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-30 14:59 . 2009-12-30 14:55 -------- d-----w- c:\program files\Logitech
2009-12-30 14:59 . 2007-07-20 18:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 16:41 . 2009-12-21 13:29 -------- d-----w- c:\program files\Half-Life 2
2009-12-26 22:26 . 2009-12-26 22:26 -------- d-----w- c:\program files\Trend Micro
2009-12-14 13:30 . 2009-12-14 13:30 -------- d-----w- c:\documents and settings\jkoziol\Application Data\DVDFab
2009-12-11 20:41 . 2009-12-11 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-12-11 20:34 . 2009-12-11 20:34 -------- d-----w- c:\program files\CCleaner
2009-12-11 03:19 . 2009-12-11 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-11 03:18 . 2009-12-11 03:18 -------- d-----w- c:\documents and settings\jkoziol\Application Data\SUPERAntiSpyware.com
2009-12-11 03:17 . 2007-08-07 02:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-04 15:03 . 2009-12-04 15:03 251376 ----a-w- c:\documents and settings\jkoziol\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-11-21 15:51 . 2004-08-04 10:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-15 15:40 . 2009-11-15 14:34 79488 ----a-w- c:\documents and settings\jkoziol\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-06-09 15:49 . 2008-06-09 15:49 287 ----a-w- c:\program files\Shortcut to RoboForm2Go (E).lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-17 11:38 2166296 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-12 2002160]
"Google Update"="c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-26 135664]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"RoboPDF"="c:\windows\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe" [2004-01-22 108032]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\jkoziol\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-6 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-01 23:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 20:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3937978654-3413530169-4077935632-1643\Scripts\Logon\0\0]
"Script"=\\previstar.priv\sysvol\previstar.priv\scripts\startup.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jkoziol^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-06 18:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 15:06 57344 ----a-w- c:\windows\ZSSnp211.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2008 9:38 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/1/2010 6:19 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloaded programs\VCdRom.sys [12/19/2001 10:45 AM 8576]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/1/2010 6:19 PM 285392]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 3:26 PM 80384]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/18/2008 10:12 AM 16512]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 12:40 PM 99840]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [8/20/2008 6:40 AM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [8/20/2008 6:40 AM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [8/20/2008 6:40 AM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [8/20/2008 6:40 AM 59520]
.
Contents of the 'Scheduled Tasks' folder

2010-02-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-06 20:43]

2010-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643Core.job
- c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 22:02]

2010-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643UA.job
- c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: cnn.com\www
Trusted Zone: previstar.com\vpn
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://m-cam.uchicago.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\jkoziol\Application Data\Mozilla\Firefox\Profiles\4ojwk2b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jkoziol\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-QuickTime Task - c:\program files\QuickTime\qttask.exe
SharedTaskScheduler-{45ae93ce-a8f9-49ad-834b-1932e591a326} - c:\windows\system32\vajarusu.dll
SSODL-paberaleb-{45ae93ce-a8f9-49ad-834b-1932e591a326} - c:\windows\system32\vajarusu.dll
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-05 22:21
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D7F92E8-744C-A522-67FE-C2B4A1D230C0}*]
"napndjigfphagbbjmfofapbcedmf"=hex:6a,61,65,70,62,6f,6f,6b,61,6f,6f,6e,66,64,
64,68,65,70,65,6c,00,f5

[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23E50C84-F562-6971-DD25-27E1B81F59E0}*]
"iabaofkbcenhipjhie"=hex:69,61,63,70,68,6d,62,6a,61,68,69,67,6a,61,6f,65,62,6f,
00,00
"hahagbkklkmllgac"=hex:6a,61,62,70,65,6c,66,6f,62,65,6a,6a,62,64,66,70,6b,6a,
62,6a,00,00

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1020)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(3368)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2010-02-05 22:31:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-06 03:31
ComboFix2.txt 2008-02-15 19:45

Pre-Run: 16,898,404,352 bytes free
Post-Run: 16,802,639,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - CCBA47D4CB3A98FE65F2A3F9A447B480


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:42 AM

Posted 08 February 2010 - 11:06 AM

Hi,

there are a couple of leftovers on your system, please run the following script:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-
RegNull::
[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D7F92E8-744C-A522-67FE-C2B4A1D230C0}*]
[HKEY_USERS\S-1-5-21-3937978654-3413530169-4077935632-1643\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23E50C84-F562-6971-DD25-27E1B81F59E0}*]


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 08 February 2010 - 03:38 PM

Alrighty, here's the latest.

Let me know what's next!

Thanks,

jk



ComboFix 10-02-08.01 - jkoziol 02/08/2010 14:55:26.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.487 [GMT -5:00]
Running from: c:\my documents\Downloads\ComboFix.exe
Command switches used :: c:\my documents\Downloads\cfscript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\jkoziol\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp
c:\docume~1\jkoziol\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
c:\docume~1\jkoziol\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp
c:\documents and settings\jkoziol\Local Settings\temp\Adobelm_Cleanup.0001.dir.0000\~de7b92.tmp
c:\documents and settings\jkoziol\Local Settings\temp\Adobelm_Cleanup.0001.dir.0000\~df394b.tmp
c:\documents and settings\jkoziol\Local Settings\temp\Adobelm_Cleanup.0001.dir.0001\~df394b.tmp

.
((((((((((((((((((((((((( Files Created from 2010-01-08 to 2010-02-08 )))))))))))))))))))))))))))))))
.

2010-02-01 23:20 . 2010-02-01 23:20 -------- d-----w- C:\$AVG
2010-02-01 23:19 . 2010-02-01 23:19 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-01 23:19 . 2010-02-01 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 19:42 . 2010-01-24 19:42 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-01-24 18:09 . 2010-02-01 13:26 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-24 18:09 . 2010-01-24 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-01-24 18:09 . 2010-01-24 18:09 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-01-23 19:39 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-23 19:39 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 19:39 . 2010-01-23 19:40 -------- d-----w- c:\program files\MBAMMO
2010-01-23 16:12 . 2010-01-23 16:12 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-23 16:12 . 2009-11-22 20:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-23 16:12 . 2009-11-22 20:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-23 16:12 . 2009-11-22 20:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-23 16:12 . 2010-01-23 16:12 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-23 16:12 . 2010-01-23 16:12 -------- d-----w- c:\program files\Zone Labs
2010-01-23 16:11 . 2010-02-08 20:13 -------- d-----w- c:\windows\Internet Logs
2010-01-22 01:14 . 2010-01-22 01:14 -------- d-----w- C:\VundoFix Backups
2010-01-18 21:42 . 2010-01-19 23:29 -------- d-----w- c:\program files\CyberMistress
2010-01-18 04:02 . 2010-01-18 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\RandomDresserData
2010-01-18 04:01 . 2010-02-02 00:36 -------- d-----w- c:\program files\RandomDresser
2010-01-17 21:48 . 2010-01-24 06:06 0 ----a-w- c:\windows\Aqodohi.bin
2010-01-17 21:48 . 2010-01-23 19:31 120 ----a-w- c:\windows\Kcusu.dat
2010-01-11 21:56 . 2010-01-11 21:56 -------- d-----w- c:\program files\Belarc
2010-01-11 21:56 . 2008-02-27 17:49 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-08 19:55 . 2007-10-08 16:49 -------- d-----w- c:\program files\PeerGuardian2
2010-02-08 19:52 . 2007-08-16 13:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-08 19:52 . 2007-08-16 13:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-08 19:51 . 2007-08-07 02:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-02-08 19:46 . 2007-08-06 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-08 19:42 . 2007-08-09 00:13 -------- d-----w- c:\program files\Thumbs7
2010-02-07 00:15 . 2007-09-13 23:35 -------- d-----w- c:\documents and settings\jkoziol\Application Data\BitTorrent
2010-02-02 00:35 . 2009-02-14 18:50 -------- d-----w- c:\program files\Common Files\Apple
2010-02-02 00:33 . 2007-11-12 14:55 -------- d-----w- c:\program files\DVDFab Platinum 4
2010-02-02 00:32 . 2007-08-08 01:28 -------- d-----w- c:\documents and settings\jkoziol\Application Data\Vso
2010-02-02 00:32 . 2007-08-08 01:28 47360 ----a-w- c:\documents and settings\jkoziol\Application Data\pcouffin.sys
2010-02-02 00:32 . 2008-12-29 23:39 -------- d-----w- c:\program files\DNA
2010-02-01 23:19 . 2009-02-03 21:42 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-01 23:19 . 2008-05-30 14:38 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-01 23:19 . 2008-05-30 14:38 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-01 23:19 . 2008-05-30 14:38 -------- d-----w- c:\program files\AVG
2010-02-01 22:59 . 2007-09-05 14:04 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-30 06:19 . 2009-06-28 07:19 664 ----a-w- c:\documents and settings\jkoziol\Local Settings\Application Data\d3d9caps.dat
2010-01-23 14:02 . 2009-04-04 14:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-22 00:01 . 2007-09-05 13:54 -------- d-----w- c:\program files\Common Files\Java
2010-01-22 00:00 . 2009-03-29 21:29 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-18 19:13 . 2007-12-28 13:24 -------- d-----w- c:\documents and settings\jkoziol\Application Data\GrabIt
2010-01-13 00:28 . 2008-07-21 00:45 -------- d-----w- c:\program files\Kids Cam Show and Share Creativity Center
2010-01-12 12:17 . 2009-12-11 03:18 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-12 12:07 . 2009-11-08 23:29 -------- d-----w- c:\program files\lx_cats
2009-12-30 15:00 . 2009-12-30 15:00 -------- d-----w- c:\program files\Common Files\Logitech
2009-12-30 14:59 . 2009-12-30 14:55 -------- d-----w- c:\program files\Logitech
2009-12-30 14:59 . 2007-07-20 18:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-29 16:41 . 2009-12-21 13:29 -------- d-----w- c:\program files\Half-Life 2
2009-12-26 22:26 . 2009-12-26 22:26 -------- d-----w- c:\program files\Trend Micro
2009-12-14 13:30 . 2009-12-14 13:30 -------- d-----w- c:\documents and settings\jkoziol\Application Data\DVDFab
2009-12-11 20:41 . 2009-12-11 20:41 0 ----a-w- c:\windows\nsreg.dat
2009-12-11 20:34 . 2009-12-11 20:34 -------- d-----w- c:\program files\CCleaner
2009-12-11 03:19 . 2009-12-11 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-11 03:18 . 2009-12-11 03:18 -------- d-----w- c:\documents and settings\jkoziol\Application Data\SUPERAntiSpyware.com
2008-06-09 15:49 . 2008-06-09 15:49 287 ----a-w- c:\program files\Shortcut to RoboForm2Go (E).lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-11-17 11:38 2166296 ----a-w- c:\program files\Freecorder\tbFre1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre1.dll" [2009-11-17 2166296]

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-12 2002160]
"Google Update"="c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-26 135664]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-13 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"RoboPDF"="c:\windows\System32\spool\DRIVERS\W32X86\2\RPDFLchr.exe" [2004-01-22 108032]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Domino"="c:\windows\Domino.exe" [2006-08-18 49152]
"lxcrmon.exe"="c:\program files\Lexmark 2400 Series\lxcrmon.exe" [2006-03-06 286720]
"EzPrint"="c:\program files\Lexmark 2400 Series\ezprint.exe" [2006-02-07 98304]
"LXCRCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll" [2006-02-24 65536]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-06-08 458752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\jkoziol\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-6 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 110592]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2006-3-14 5517312]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
"NoSMBalloonTip"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-01 23:19 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 20:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-3937978654-3413530169-4077935632-1643\Scripts\Logon\0\0]
"Script"=\\previstar.priv\sysvol\previstar.priv\scripts\startup.bat

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
backup=c:\windows\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^jkoziol^Start Menu^Programs^Startup^RollerCoaster Tycoon 3 Registration.lnk]
backup=c:\windows\pss\RollerCoaster Tycoon 3 Registration.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-08-06 18:58 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 15:06 57344 ----a-w- c:\windows\ZSSnp211.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/30/2008 9:38 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/1/2010 6:19 PM 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\downloaded programs\VCdRom.sys [12/19/2001 10:45 AM 8576]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/1/2010 6:19 PM 285392]
R3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [5/3/2004 3:26 PM 80384]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/18/2008 10:12 AM 16512]
S3 MR97310_VGA_DUAL_CAMERA;VGA Dual-Mode Camera;c:\windows\system32\drivers\mr97310v.sys [7/18/2006 12:40 PM 99840]
S3 PTDMBus;PANTECH USB Modem Composite Device Driver ;c:\windows\system32\drivers\PTDMBus.sys [8/20/2008 6:40 AM 29952]
S3 PTDMMdm;PANTECH USB Modem Drivers ;c:\windows\system32\drivers\PTDMMdm.sys [8/20/2008 6:40 AM 41856]
S3 PTDMVsp;PANTECH USB Modem Serial Port ;c:\windows\system32\drivers\PTDMVsp.sys [8/20/2008 6:40 AM 39936]
S3 PTDMWWAN;PANTECH USB Modem WWAN Driver;c:\windows\system32\drivers\PTDMWWAN.sys [8/20/2008 6:40 AM 59520]
.
Contents of the 'Scheduled Tasks' folder

2010-02-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-06 20:43]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643Core.job
- c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 22:02]

2010-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3937978654-3413530169-4077935632-1643UA.job
- c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-26 22:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://cnn.com/
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Trusted Zone: cnn.com\www
Trusted Zone: previstar.com\vpn
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://m-cam.uchicago.edu/activex/AMC.cab
FF - ProfilePath - c:\documents and settings\jkoziol\Application Data\Mozilla\Firefox\Profiles\4ojwk2b2.default\
FF - prefs.js: browser.startup.homepage - hxxp://cnn.com/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\jkoziol\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\jkoziol\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-08 15:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCRCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll

- - - - - - - > 'explorer.exe'(1764)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\Intel\Wireless\Bin\ZcfgSvc.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\lxcrcoms.exe
c:\program files\TechSmith\SnagIt 8\TSCHelp.exe
.
**************************************************************************
.
Completion time: 2010-02-08 15:29:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-08 20:28
ComboFix2.txt 2010-02-06 03:31
ComboFix3.txt 2008-02-15 19:45

Pre-Run: 12,446,711,808 bytes free
Post-Run: 14,149,308,416 bytes free

- - End Of File - - 58A7AE15FAAF43F4E334D592BC78CE32


#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:02:42 AM

Posted 09 February 2010 - 12:58 PM

Hi,

that is looking pretty good! smile.gif

Please run an online scan to see what is left:
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

How is the PC doing?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 09 February 2010 - 01:12 PM

I will run the scan later this evening when I get home. I haven't had any warnings, weird pop-ups or hijacks, but the browsers are still slow. When I go to an address, it takes forever, unless I refresh the page, then it goes right to it. Perhaps it's something unrelated, but it started at the same time.

I do plan on dumping AVG and Zone Alarm from this computer for something better, but I didn't want to make any changes while you were working on it.

Thanks again. I'll get you the report as soon as I can.

jk

#12 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 10 February 2010 - 04:37 PM

No threats found! Still having connection issues. I have to click links and refresh pages multiple times to connect. Should I assume it's an unrelated issue, or is there something else I should look for?

Thanks!

jk

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 12 February 2010 - 11:16 PM

Hello.

I'll continue to help you. Please post a new set of OTL logs as mentioned in the 1st post from myrti. I believe it's unrelated issue, what browser is this happening in? I had this problem before too on one of my systems so let's see what we can do here.

Thanks.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 inquire1

inquire1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:42 PM

Posted 14 February 2010 - 03:19 PM

Will do as soon as I get home.

Thanks!

#15 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 15 February 2010 - 12:43 PM

Thanks for letting me know.
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users