Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

atapi (rootkit) alureon? all browser redirect task mgr killer plus


  • This topic is locked This topic is locked
24 replies to this topic

#1 rene chney

rene chney

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 05:46 AM

my business is all internet related, which really hurts. below is the dds and hijacked info:

I did find atapi with XDelBox but did not clean or fix it. too scared. Also I am afraid to use Combofix to solve the atapi problem without very good easy directions since I am such a newbi

1. my task manager is inop
2. all browsers redirect
3. email works
4. I can look at web pages with cache only
5. active desktop is in recovery mode
6. malwarebyte will not work
7. rKill stalls and never completes or closes
8. SuperAntiSpyware works if I use alternate start
9. can not completely get rid of microsoft security essentials so that AVG can load

other than that everything is just fine.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:14:39 AM, on 2010-01-26
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\21dc29fa-bff8-4fd4-9ade-5d2ee8712400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Owner\Desktop\rkill.com
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Documents and Settings\Owner\Desktop\pev.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [VeohPlugin] "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\21dc29fa-bff8-4fd4-9ade-5d2ee8712400.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxdn_device - - C:\WINDOWS\system32\lxdncoms.exe
O23 - Service: McAfee Real-time Scanner (McShield) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (file missing)
O23 - Service: McAfee SystemGuards (McSysmon) - Unknown owner - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (file missing)

--
End of file - 5409 bytes
-----------------------------------------------


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-01-27 10:57:34 AM
System Uptime: 2010-01-26 04:06:16 AM (1 hours ago)

Motherboard: Dell Computer Corp. | | 0F5949
Processor: Intel® Pentium® 4 CPU 2.80GHz | Microprocessor | 2790/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 190 GiB total, 43.016 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: ATI Technologies, Inc. 3D RAGE PRO AGP
Device ID: ROOT\DISPLAY\0000
Manufacturer: ATI Technologies, Inc.
Name: ATI Technologies, Inc. 3D RAGE PRO AGP
PNP Device ID: ROOT\DISPLAY\0000
Service: atirage3

==== System Restore Points ===================

RP1: 2010-01-23 10:43:26 PM - Removed Mega Manager
RP2: 2010-01-25 03:19:26 AM - System Checkpoint
RP3: 2010-01-26 02:05:58 AM - Removed Bonjour
RP4: 2010-01-26 02:06:53 AM - Removed GoToMyPC
RP5: 2010-01-26 02:09:04 AM - semi safe

==== Installed Programs ======================

Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.4
Adobe Shockwave Player
Adobe SVG Viewer 3.0
AI RoboForm (All Users)
AiO_Scan_CDA
AiOSoftwareNPI
Apple Mobile Device Support
AutoUpdate
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
B57Inst
Blaze Media Pro
Broadcom 440x 10/100 Integrated Controller
Broadcom Driver Installer
BufferChm
C3100
c3100_Help
Chameleon Confirmer
Chameleon PA Requester
Chameleon Submitter
Combined Community Codec Pack 2007-07-22
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant D850 56K V.9x DFVc Modem
Critical Update for Windows Media Player 11 (KB959772)
Dell Photo Printer 720
Dell ResourceCD
Destinations
DeviceManagementQFolder
DivX Converter
DivX Player
DivX Web Player
DNA
DocProc
DocProcQFolder
Drivers Install For Linksys Easylink Advisor
EPSON Printer Software
EPSON Scan
EPSON Stylus CX5000 Scanner Driver Update
eSupportQFolder
Eudora
Fax_CDA
Free Mp3 Wma Converter V 1.8.0
Google Toolbar for Internet Explorer
Graboid Video 1.6
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Imaging Device Functions 7.0
HP Photosmart Essential
HP Photosmart, Officejet and Deskjet 7.0.A
HP Product Detection
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
ICQ6.5
InstantShareDevicesMFC
Intel® Extreme Graphics Driver
iPod for Windows 2006-06-28
Ipswitch WS_FTP Professional 2007
iTunes
Java™ 6 Update 3
Lexmark 2600 Series
Lexmark Fax Solutions
Lexmark Toolbar
Linksys EasyLink Advisor 1.6 (0032)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft FrontPage 2002
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Standard Edition 2003
Microsoft Office Word Viewer 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Move Media Player
Movie Converter V3 (remove only)
Mozilla ActiveX Control v1.7.12
Mozilla Firefox (2.0.0.20)
MSI to redistribute MS VS2005 CRT libraries
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB933579)
neroxml
NewCopy_CDA
OCR Software by I.R.I.S 7.0
PanoStandAlone
ProductContextNPI
QuickTime
Readme
Scan
ScannerCopy
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
SolutionCenter
Sonic CinePlayer DVD Pack
SoundMAX
SoundMAX NT
Spyware Doctor 7.0
Status
SUPERAntiSpyware Professional
TextPad 4.7
Toolbox
TrayApp
Ulead GIF Animator 5 TBYB
Ulead PhotoImpact 6
Unload
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Veoh Web Player Beta
VeohTV BETA
VLC media player 0.9.9
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WordPerfect Backup 2.0

==== Event Viewer Messages From Past Week ========

2010-01-26 12:34:07 AM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000F1F4CEFA5 has been denied by the DHCP server 65.32.22.114 (The DHCP Server sent a DHCPNACK message).
2010-01-24 11:44:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the AVG WatchDog service to connect.
2010-01-24 11:44:22 AM, error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-24 02:33:40 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000F1F4CEFA5 has been denied by the DHCP server 65.32.22.114 (The DHCP Server sent a DHCPNACK message).
2010-01-23 11:15:16 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2010-01-23 11:12:56 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips intelppm IPSec mfehidk MpFilter MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss Tcpip WS2IFSL
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:56 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2010-01-23 11:12:37 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
2010-01-23 05:45:48 PM, error: Service Control Manager [7000] - The McAfee Real-time Scanner service failed to start due to the following error: The system cannot find the path specified.
2010-01-23 05:45:48 PM, error: Service Control Manager [7000] - The COPYLOCK LPT Driver Ver5.03 service failed to start due to the following error: The system cannot find the file specified.
2010-01-23 05:44:44 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
2010-01-23 05:44:44 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
2010-01-23 03:13:14 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Microsoft Antimalware Service service to connect.
2010-01-23 03:13:14 AM, error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2010-01-23 02:23:13 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2010-01-23 02:22:07 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
2010-01-22 11:25:35 PM, error: Dhcp [1002] - The IP address lease 24.92.20.189 for the Network Card with network address 000F1F4CEFA5 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
2010-01-22 11:19:29 PM, error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{2D08C039-C927-410B-8975-1E71709C706F} because another computer on the network has the same name. The server could not start.
2010-01-22 11:07:41 AM, warning: Windows File Protection [64008] - The protected system file c:\windows\system32\drivers\atapi.sys could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
2010-01-22 11:07:41 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file atapi.sys. This file was restored to the original version to maintain system stability. The file version of the system file is 5.1.2600.5512.
2010-01-22 11:06:46 AM, error: Microsoft Antimalware [1008] -
2010-01-22 10:21:39 PM, error: Service Control Manager [7034] - The GoToMyPC service terminated unexpectedly. It has done this 1 time(s).
2010-01-22 08:38:45 PM, error: Print [6161] - The document http://www.zebrakeys.com/lessons/beginner/learnsongs/?id=7 owned by Owner failed to print on printer Lexmark 2600 Series. Data type: LEMF. Size of the spool file in bytes: 3322666. Number of bytes printed: 0. Total number of pages in the document: 12. Number of pages printed: 2. Client machine: \\NONE-UZDAXOSGLH. Win32 error code returned by the print processor: 0 (0x0).

==== End Of File ===========================



DDS (Ver_09-12-01.01) - NTFSx86
Run by Owner at 5:25:41.95 on 2010-01-26
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.560 [GMT -5:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\lxdncoms.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
C:\Program Files\SUPERAntiSpyware\21dc29fa-bff8-4fd4-9ade-5d2ee8712400.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Owner\Desktop\rkill.com
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe
C:\Documents and Settings\Owner\Desktop\pev.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\dds\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: Microsoft CommBand: {4d5c8c2a-d075-11d0-b416-00c04fb90376} - %SystemRoot%\system32\browseui.dll
TB: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
EB: {32683183-48A0-441B-A342-7C2A440A9478} - No File
EB: SpeedRunner Bar: {cafb2180-ba09-11dc-95ff-0800200c9a66} - %SystemRoot%\system32\shdocvw.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\21dc29fa-bff8-4fd4-9ade-5d2ee8712400.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\progra~1\qualcomm\eudora\EuShlExt.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\63qd6phm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - HiddenExtension: XUL Cache: {BA290238-EB32-41D5-A535-237D4CFEC173} - c:\documents and settings\owner\local settings\application data\{BA290238-EB32-41D5-A535-237D4CFEC173}
FF - HiddenExtension: XUL Cache: {1785454B-4162-4F03-8D33-007B07E312F5} - c:\windows\system32\config\systemprofile\local settings\application data\{1785454b-4162-4f03-8d33-007b07e312f5}\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2006-8-4 214024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 74480]
R2 lxdn_device;lxdn_device;c:\windows\system32\lxdncoms.exe -service --> c:\windows\system32\lxdncoms.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S1 afukjssb;afukjssb;\??\c:\windows\system32\drivers\afukjssb.sys --> c:\windows\system32\drivers\afukjssb.sys [?]
S1 badgycie;badgycie;\??\c:\windows\system32\drivers\badgycie.sys --> c:\windows\system32\drivers\badgycie.sys [?]
S1 cdsdwuwy;cdsdwuwy;\??\c:\windows\system32\drivers\cdsdwuwy.sys --> c:\windows\system32\drivers\cdsdwuwy.sys [?]
S1 cdwubnlr;cdwubnlr;\??\c:\windows\system32\drivers\cdwubnlr.sys --> c:\windows\system32\drivers\cdwubnlr.sys [?]
S1 dfkjhqac;dfkjhqac;\??\c:\windows\system32\drivers\dfkjhqac.sys --> c:\windows\system32\drivers\dfkjhqac.sys [?]
S1 dmqcqhnm;dmqcqhnm;\??\c:\windows\system32\drivers\dmqcqhnm.sys --> c:\windows\system32\drivers\dmqcqhnm.sys [?]
S1 dujsatth;dujsatth;\??\c:\windows\system32\drivers\dujsatth.sys --> c:\windows\system32\drivers\dujsatth.sys [?]
S1 dxfcuurp;dxfcuurp;\??\c:\windows\system32\drivers\dxfcuurp.sys --> c:\windows\system32\drivers\dxfcuurp.sys [?]
S1 eabprghp;eabprghp;\??\c:\windows\system32\drivers\eabprghp.sys --> c:\windows\system32\drivers\eabprghp.sys [?]
S1 edpyxsuy;edpyxsuy;\??\c:\windows\system32\drivers\edpyxsuy.sys --> c:\windows\system32\drivers\edpyxsuy.sys [?]
S1 elgbthdj;elgbthdj;\??\c:\windows\system32\drivers\elgbthdj.sys --> c:\windows\system32\drivers\elgbthdj.sys [?]
S1 ewieuond;ewieuond;\??\c:\windows\system32\drivers\ewieuond.sys --> c:\windows\system32\drivers\ewieuond.sys [?]
S1 fkduakrt;fkduakrt;\??\c:\windows\system32\drivers\fkduakrt.sys --> c:\windows\system32\drivers\fkduakrt.sys [?]
S1 fouabewp;fouabewp;\??\c:\windows\system32\drivers\fouabewp.sys --> c:\windows\system32\drivers\fouabewp.sys [?]
S1 hckqxold;hckqxold;\??\c:\windows\system32\drivers\hckqxold.sys --> c:\windows\system32\drivers\hckqxold.sys [?]
S1 hdahuray;hdahuray;\??\c:\windows\system32\drivers\hdahuray.sys --> c:\windows\system32\drivers\hdahuray.sys [?]
S1 hgwfuzne;hgwfuzne;\??\c:\windows\system32\drivers\hgwfuzne.sys --> c:\windows\system32\drivers\hgwfuzne.sys [?]
S1 hvvpyrtg;hvvpyrtg;\??\c:\windows\system32\drivers\hvvpyrtg.sys --> c:\windows\system32\drivers\hvvpyrtg.sys [?]
S1 ieqdigrv;ieqdigrv;\??\c:\windows\system32\drivers\ieqdigrv.sys --> c:\windows\system32\drivers\ieqdigrv.sys [?]
S1 ijqzojss;ijqzojss;\??\c:\windows\system32\drivers\ijqzojss.sys --> c:\windows\system32\drivers\ijqzojss.sys [?]
S1 jugzfpcx;jugzfpcx;\??\c:\windows\system32\drivers\jugzfpcx.sys --> c:\windows\system32\drivers\jugzfpcx.sys [?]
S1 jusgsfoo;jusgsfoo;\??\c:\windows\system32\drivers\jusgsfoo.sys --> c:\windows\system32\drivers\jusgsfoo.sys [?]
S1 jxfvbqez;jxfvbqez;\??\c:\windows\system32\drivers\jxfvbqez.sys --> c:\windows\system32\drivers\jxfvbqez.sys [?]
S1 kdevvxkm;kdevvxkm;\??\c:\windows\system32\drivers\kdevvxkm.sys --> c:\windows\system32\drivers\kdevvxkm.sys [?]
S1 lbywehos;lbywehos;\??\c:\windows\system32\drivers\lbywehos.sys --> c:\windows\system32\drivers\lbywehos.sys [?]
S1 mcmnngej;mcmnngej;\??\c:\windows\system32\drivers\mcmnngej.sys --> c:\windows\system32\drivers\mcmnngej.sys [?]
S1 mkmncdnh;mkmncdnh;\??\c:\windows\system32\drivers\mkmncdnh.sys --> c:\windows\system32\drivers\mkmncdnh.sys [?]
S1 moytsyfv;moytsyfv;\??\c:\windows\system32\drivers\moytsyfv.sys --> c:\windows\system32\drivers\moytsyfv.sys [?]
S1 mvzpidri;mvzpidri;\??\c:\windows\system32\drivers\mvzpidri.sys --> c:\windows\system32\drivers\mvzpidri.sys [?]
S1 nlowdyon;nlowdyon;\??\c:\windows\system32\drivers\nlowdyon.sys --> c:\windows\system32\drivers\nlowdyon.sys [?]
S1 nyfmuapd;nyfmuapd;\??\c:\windows\system32\drivers\nyfmuapd.sys --> c:\windows\system32\drivers\nyfmuapd.sys [?]
S1 olkffmkl;olkffmkl;\??\c:\windows\system32\drivers\olkffmkl.sys --> c:\windows\system32\drivers\olkffmkl.sys [?]
S1 ooxnnddk;ooxnnddk;\??\c:\windows\system32\drivers\ooxnnddk.sys --> c:\windows\system32\drivers\ooxnnddk.sys [?]
S1 pmkchzzm;pmkchzzm;\??\c:\windows\system32\drivers\pmkchzzm.sys --> c:\windows\system32\drivers\pmkchzzm.sys [?]
S1 pzeccukp;pzeccukp;\??\c:\windows\system32\drivers\pzeccukp.sys --> c:\windows\system32\drivers\pzeccukp.sys [?]
S1 qjxwmeir;qjxwmeir;\??\c:\windows\system32\drivers\qjxwmeir.sys --> c:\windows\system32\drivers\qjxwmeir.sys [?]
S1 qkiduxdh;qkiduxdh;\??\c:\windows\system32\drivers\qkiduxdh.sys --> c:\windows\system32\drivers\qkiduxdh.sys [?]
S1 qtcwpehi;qtcwpehi;\??\c:\windows\system32\drivers\qtcwpehi.sys --> c:\windows\system32\drivers\qtcwpehi.sys [?]
S1 qzbkhcis;qzbkhcis;\??\c:\windows\system32\drivers\qzbkhcis.sys --> c:\windows\system32\drivers\qzbkhcis.sys [?]
S1 riopimuh;riopimuh;\??\c:\windows\system32\drivers\riopimuh.sys --> c:\windows\system32\drivers\riopimuh.sys [?]
S1 roloazvn;roloazvn;\??\c:\windows\system32\drivers\roloazvn.sys --> c:\windows\system32\drivers\roloazvn.sys [?]
S1 saegjfmi;saegjfmi;\??\c:\windows\system32\drivers\saegjfmi.sys --> c:\windows\system32\drivers\saegjfmi.sys [?]
S1 sqegyoxk;sqegyoxk;\??\c:\windows\system32\drivers\sqegyoxk.sys --> c:\windows\system32\drivers\sqegyoxk.sys [?]
S1 swqmyfkc;swqmyfkc;\??\c:\windows\system32\drivers\swqmyfkc.sys --> c:\windows\system32\drivers\swqmyfkc.sys [?]
S1 tdtikobc;tdtikobc;\??\c:\windows\system32\drivers\tdtikobc.sys --> c:\windows\system32\drivers\tdtikobc.sys [?]
S1 tfshthxt;tfshthxt;\??\c:\windows\system32\drivers\tfshthxt.sys --> c:\windows\system32\drivers\tfshthxt.sys [?]
S1 tnvsqzxq;tnvsqzxq;\??\c:\windows\system32\drivers\tnvsqzxq.sys --> c:\windows\system32\drivers\tnvsqzxq.sys [?]
S1 tpxlnlsq;tpxlnlsq;\??\c:\windows\system32\drivers\tpxlnlsq.sys --> c:\windows\system32\drivers\tpxlnlsq.sys [?]
S1 ubfvmgbt;ubfvmgbt;\??\c:\windows\system32\drivers\ubfvmgbt.sys --> c:\windows\system32\drivers\ubfvmgbt.sys [?]
S1 uddklzec;uddklzec;\??\c:\windows\system32\drivers\uddklzec.sys --> c:\windows\system32\drivers\uddklzec.sys [?]
S1 vdjowpak;vdjowpak;\??\c:\windows\system32\drivers\vdjowpak.sys --> c:\windows\system32\drivers\vdjowpak.sys [?]
S1 vnkcqqee;vnkcqqee;\??\c:\windows\system32\drivers\vnkcqqee.sys --> c:\windows\system32\drivers\vnkcqqee.sys [?]
S1 vwspqybs;vwspqybs;\??\c:\windows\system32\drivers\vwspqybs.sys --> c:\windows\system32\drivers\vwspqybs.sys [?]
S1 wpdfebmu;wpdfebmu;\??\c:\windows\system32\drivers\wpdfebmu.sys --> c:\windows\system32\drivers\wpdfebmu.sys [?]
S1 wrktbbhc;wrktbbhc;\??\c:\windows\system32\drivers\wrktbbhc.sys --> c:\windows\system32\drivers\wrktbbhc.sys [?]
S1 wukaxbee;wukaxbee;\??\c:\windows\system32\drivers\wukaxbee.sys --> c:\windows\system32\drivers\wukaxbee.sys [?]
S1 xkfxgmis;xkfxgmis;\??\c:\windows\system32\drivers\xkfxgmis.sys --> c:\windows\system32\drivers\xkfxgmis.sys [?]
S1 xkxpvvdv;xkxpvvdv;\??\c:\windows\system32\drivers\xkxpvvdv.sys --> c:\windows\system32\drivers\xkxpvvdv.sys [?]
S2 CLLPT53;COPYLOCK LPT Driver Ver5.03;\??\c:\program files\attend hrm\bin\cllpt53.sys --> c:\program files\attend hrm\bin\CLLPT53.SYS [?]
S2 FXYFANWI;FXYFANWI;\??\c:\windows\system32\fxyfanwi.ysx --> c:\windows\system32\fxyfanwi.ysx [?]
S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe --> c:\progra~1\mcafee\viruss~1\mcshield.exe [?]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-1-24 30104]
S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe --> c:\progra~1\mcafee\viruss~1\mcsysmon.exe [?]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2006-8-4 79880]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2006-8-4 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2006-8-4 34216]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2006-8-4 40552]

=============== Created Last 30 ================

2010-01-24 18:30:07 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-24 18:27:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-24 18:27:47 0 d-----w- c:\docume~1\owner\applic~1\SUPERAntiSpyware.com
2010-01-24 18:27:34 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-01-24 16:42:45 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-24 16:42:45 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-24 16:42:41 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-01-24 16:22:01 0 d-----w- c:\docume~1\owner\applic~1\AVG8
2010-01-24 05:00:06 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-01-24 05:00:06 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-01-24 03:43:18 50 ----a-w- c:\windows\MegaManager.INI
2010-01-24 03:26:04 0 d-sh--w- c:\documents and settings\owner\IETldCache
2010-01-24 03:16:12 0 d-----w- c:\windows\ie8updates
2010-01-24 03:13:20 0 dc-h--w- c:\windows\ie8
2010-01-23 15:47:50 0 ----a-w- c:\windows\system32\41.exe
2010-01-23 15:17:41 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-23 15:17:41 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-01-23 15:17:41 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-01-23 15:17:41 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-23 15:17:35 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-01-23 15:17:35 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-23 15:17:29 0 d-----w- c:\program files\common files\PC Tools
2010-01-23 15:17:29 0 d-----w- c:\docume~1\owner\applic~1\PC Tools
2010-01-23 15:17:29 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-01-23 15:03:09 0 ----a-w- c:\windows\system32\2995.exe
2010-01-23 14:43:09 0 ----a-w- c:\windows\system32\491.exe
2010-01-23 14:23:08 0 ----a-w- c:\windows\system32\9961.exe
2010-01-23 14:03:08 0 ----a-w- c:\windows\system32\16827.exe
2010-01-23 13:43:08 0 ----a-w- c:\windows\system32\23281.exe
2010-01-23 13:23:07 0 ----a-w- c:\windows\system32\28145.exe
2010-01-23 13:03:07 0 ----a-w- c:\windows\system32\5705.exe
2010-01-23 12:43:07 0 ----a-w- c:\windows\system32\24464.exe
2010-01-23 12:23:06 0 ----a-w- c:\windows\system32\26962.exe
2010-01-23 12:03:06 0 ----a-w- c:\windows\system32\29358.exe
2010-01-23 11:43:06 0 ----a-w- c:\windows\system32\11478.exe
2010-01-23 11:23:05 0 ----a-w- c:\windows\system32\15724.exe
2010-01-23 11:03:05 0 ----a-w- c:\windows\system32\19169.exe
2010-01-23 10:43:05 0 ----a-w- c:\windows\system32\26500.exe
2010-01-23 10:07:26 0 d-----w- C:\Virus Killer
2010-01-23 08:54:06 0 ----a-w- c:\windows\system32\6334.exe
2010-01-23 08:34:05 0 ----a-w- c:\windows\system32\18467.exe
2010-01-23 05:52:46 0 d-----w- c:\program files\InternetSecurity2010
2010-01-23 05:52:39 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-23 05:52:39 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-23 05:52:33 18944 ----a-w- c:\windows\system32\helper32.dll
2010-01-23 05:52:23 18432 ---ha-w- c:\windows\system32\winlogon32.exe
2010-01-23 05:52:23 18432 ---ha-w- c:\windows\system32\smss32.exe
2010-01-23 05:52:13 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-23 05:50:57 0 d-----w- C:\d3fda05644a6880ddd9eb422
2010-01-22 06:18:05 0 d-sha-r- C:\cmdcons
2010-01-22 06:13:50 98816 ----a-w- c:\windows\sed.exe
2010-01-22 06:13:50 77312 ----a-w- c:\windows\MBR.exe
2010-01-22 06:13:50 261632 ----a-w- c:\windows\PEV.exe
2010-01-22 06:13:50 161792 ----a-w- c:\windows\SWREG.exe
2010-01-22 05:47:59 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-21 16:40:48 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-21 16:40:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-21 07:16:21 0 d-----w- c:\windows\system32\wbem\Repository
2010-01-13 03:44:07 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-22 16:09:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-07 21:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll

============= FINISH: 5:27:31.21 ===============


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 26 January 2010 - 08:39 AM

Hello! smile.gif
My name is Sam and I will be helping you.

In order to see what's going on with your computer I'll ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

Important!
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an Malware Removal Expert, not for private use.
Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.



Make sure that you save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please copy and paste the contents of C:\ComboFix.txt in your next reply.


Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 01:40 PM

I ziped the file and sent it to my infected computer from my significant others laptop. renamed combofixnex.exe. ran and a small rectangular box with green status bars appeared with the hourglass symbol. It ran for about 10 seconds the background flashed once and it disappeared. My background is white with a big 'ACTIVE DESKTOP RECOVERY" message with four troubleshooting tips: none work.

what should I do next. all my antispyware is turned off. where else should I check to see what might be causing ComboFix not to run properly?

#4 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 01:47 PM

two errors. one says Microsoft Security Essentials needs to be disabled. I have tried many times to rid myself of this, through control panel add/delete software, program files, but not registry keys.

the other error says that combofix has been compromised by a file patching virus 'Virut' and I should download a freash compy from bleepingcomputer.com/combofix/how-to-use-combofix

I will wait for your command master. more of the same errors are popping up I will reboot and leave alone.

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 26 January 2010 - 06:32 PM

Uh-oh. Virut is very bad, so let's hope that's not what you're dealing with here.


Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.

Please post the contents of the log from DrWeb in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#6 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 07:03 PM

I got it to load but then the green box with the bug emblem just sits there. should it be doing something? I have waited 5 minutes so far.

#7 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 07:13 PM

I would be more than happy to put gotomypc.com on the computer, sign a letter absolving you of all liability and paying you to fix this.

please let me know.

I can not work without my computer.

#8 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 07:58 PM

tried running in safe mode. same problem with dr web, stalled before any files were scanned.

#9 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 26 January 2010 - 08:15 PM

Hang in there. Let's see what we can do.


We need to create an OTL Report
  • Please download OTL from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the "Run Scan" button.
  • The scan should take just a few minutes.
  • Please copy and paste both logs back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#10 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 08:39 PM

before I run and zip the OTL on my laptop, why when I try to put the URL in my browser top URL box do I get "the page can not be found" http://www.megaclick.com/404/error.html in firefox and just a simple ie cannot display the webpage screen in IE? is there a easy fix so I can skip the emailing between machines step?

thanks you soooo much. I feel violated, I also feel anger. I think I could actually do physical harm to the people who make these viruses. aggggh!!

#11 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 26 January 2010 - 08:45 PM

Your computer is badly infected and the malware on it is protecting itself by preventing you from downloading the tools that we need. Do whatever you can to get OTL onto the infected computer and run it. If you can get it to run and show me a log we can start fighting back.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#12 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 09:06 PM

it finished scanning, hurray! but, at the bottom it says: Manual file scan - getting folder structure...

It has been this way for 5 minutes so far. is this done, stalled, or still working. I am excited because I have time tonight, the last few nights family and urgent stuff had to happen, everyone is sleeping right now. thank god, they aways are looking over my shoulder thinking that might help.

#13 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 26 January 2010 - 09:08 PM

Just let it run. It may appear stalled at that point, but it should eventually finish up and present the logs.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#14 rene chney

rene chney
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:01:02 PM

Posted 26 January 2010 - 09:20 PM

OTL logfile created on: 2010-01-26 08:54:55 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop\OTLnew
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: | Date Format: yyyy-MM-dd

1,022.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 42.58 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONE-UZDAXOSGLH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010-01-26 17:48:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTLnew\OTLnew.exe
PRC - [2009-06-05 12:39:22 | 00,292,136 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009-06-05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009-03-08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009-03-06 20:08:02 | 03,558,136 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2008-04-13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe
PRC - [2008-04-13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008-02-27 18:07:26 | 00,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdncoms.exe
PRC - [2006-02-08 06:42:43 | 00,139,322 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2004-03-04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2004-03-04 11:26:20 | 00,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE


========== Modules (SafeList) ==========

MOD - [2010-01-26 17:48:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTLnew\OTLnew.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (McSysmon)
SRV - File not found [Unknown | Stopped] -- -- (McShield)
SRV - [2009-06-05 12:39:14 | 00,541,992 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009-06-05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008-04-13 19:12:36 | 00,033,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\snmp.exe -- (SNMP)
SRV - [2008-04-11 16:15:14 | 00,138,680 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2008-02-27 18:07:26 | 00,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdncoms.exe -- (lxdn_device)
SRV - [2006-03-03 21:03:10 | 00,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005-05-20 10:37:12 | 00,081,920 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004-03-04 11:30:48 | 00,311,296 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003-07-16 15:47:51 | 00,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC)


========== Driver Services (SafeList) ==========

DRV - [2010-01-24 14:35:39 | 00,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-01-24 14:35:39 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010-01-24 11:42:45 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwfd)
DRV - [2010-01-24 11:42:45 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avgfwdx.sys -- (Avgfwdx)
DRV - [2009-06-05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009-03-25 10:06:30 | 00,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2009-03-25 10:06:28 | 00,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009-03-25 10:06:28 | 00,079,880 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2009-03-25 10:06:28 | 00,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009-03-25 10:05:54 | 00,034,216 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2009-03-19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009-01-15 16:17:42 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Running] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008-03-21 15:30:04 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007-11-13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007-03-22 12:57:14 | 00,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007-03-22 12:57:14 | 00,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006-04-12 19:04:39 | 00,049,664 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412)
DRV - [2006-04-12 19:04:39 | 00,021,568 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12)
DRV - [2006-04-12 19:04:39 | 00,016,496 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12)
DRV - [2005-11-21 00:48:21 | 00,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005-10-19 08:59:12 | 00,807,998 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ialmnt5.sys -- (ialm)
DRV - [2005-01-27 15:31:06 | 00,260,352 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm)
DRV - [2004-09-17 09:02:54 | 00,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004-03-22 12:24:00 | 00,004,272 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\bvrp_pci.sys -- (bvrp_pci)
DRV - [2003-11-17 15:59:20 | 00,212,224 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003-11-17 15:58:02 | 00,680,704 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003-11-17 15:56:26 | 01,042,432 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003-07-16 15:42:18 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003-06-30 18:11:52 | 00,043,136 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2003-04-09 13:48:08 | 00,011,043 | R--- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2001-08-22 08:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - [2001-08-17 13:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001-08-17 12:49:00 | 00,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1606980848-220523388-725345543-1003\S-1-5-21-1606980848-220523388-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?ei=utf-8&fr=megaup&p="
FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - HKLM\software\mozilla\Firefox\Extensions\\{BA290238-EB32-41D5-A535-237D4CFEC173}: C:\Documents and Settings\Owner\Local Settings\Application Data\{BA290238-EB32-41D5-A535-237D4CFEC173} [2008-12-20 16:03:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1785454B-4162-4F03-8D33-007B07E312F5}: C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\{1785454B-4162-4F03-8D33-007B07E312F5}\ [2009-01-10 07:23:22 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010-01-23 03:02:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009-09-20 09:29:16 | 00,000,000 | ---D | M]

[2010-01-24 13:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\extensions
[2009-06-22 09:38:58 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009-03-23 06:00:40 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\extensions\{991A772A-BA13-4c1d-A9EF-F897F31DEC7D}
[2009-06-22 09:38:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\extensions\toolbar@alexa.com
[2010-01-21 17:08:52 | 00,002,299 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\alexa.xml
[2010-01-21 17:08:52 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-1.xml
[2008-07-06 07:50:18 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-2.xml
[2008-07-17 17:20:23 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-3.xml
[2008-10-06 11:12:11 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-4.xml
[2009-06-22 09:39:08 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-5.xml
[2009-07-03 23:22:05 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin-6.xml
[2008-02-19 17:16:46 | 00,000,951 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\icqplugin.xml
[2008-01-22 13:48:21 | 00,000,274 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\63qd6phm.default\searchplugins\search.xml
[2010-01-24 12:24:08 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009-07-03 23:21:36 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2009-07-03 23:21:19 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2009-07-03 23:21:19 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2009-07-03 23:21:19 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2009-07-03 23:21:20 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2009-07-03 23:21:20 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007-06-11 12:34:00 | 02,115,816 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

O1 HOSTS File: ([2010-01-24 16:48:31 | 00,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll File not found
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\ShellBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll File not found
O3 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1606980848-220523388-725345543-1003..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-1606980848-220523388-725345543-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\21dc29fa-bff8-4fd4-9ade-5d2ee8712400.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-1606980848-220523388-725345543-1003..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\S-1-5-21-1606980848-220523388-725345543-1003_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-220523388-725345543-1003\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0...D0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - C:\Program Files\Qualcomm\Eudora\EuShlExt.dll (Qualcomm Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006-01-27 10:54:44 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006-01-27 10:54:30 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Error starting restore point: 31
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2010-01-26 20:52:14 | 00,548,352 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTLnew.exe
[2010-01-26 20:51:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OTLnew
[2010-01-26 13:35:45 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010-01-26 13:33:57 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2010-01-26 13:32:08 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2010-01-26 13:31:13 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.0.tmp
[2010-01-26 13:31:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ComboFixNew
[2010-01-26 05:22:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\dds
[2010-01-26 04:22:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\XDelBox
[2010-01-24 16:45:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Unused Desktop Shortcuts
[2010-01-24 13:30:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010-01-24 13:27:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2010-01-24 13:27:47 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010-01-24 13:27:34 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010-01-24 12:29:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010-01-24 12:29:13 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010-01-24 12:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010-01-24 12:24:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010-01-24 12:15:19 | 00,891,248 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010-01-24 11:42:45 | 00,050,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010-01-24 11:42:45 | 00,030,104 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010-01-24 11:42:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010-01-24 11:22:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\AVG8
[2010-01-24 11:13:02 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\winsockxpfix.exe
[2010-01-24 00:00:06 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010-01-24 00:00:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010-01-23 22:26:04 | 00,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2010-01-23 22:16:12 | 00,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2010-01-23 22:13:20 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010-01-23 10:17:41 | 00,207,792 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2010-01-23 10:17:41 | 00,087,784 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2010-01-23 10:17:35 | 00,070,408 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2010-01-23 10:17:29 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010-01-23 10:17:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PC Tools
[2010-01-23 10:17:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010-01-23 05:07:26 | 00,000,000 | ---D | C] -- C:\Virus Killer
[2010-01-23 00:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
[2010-01-23 00:50:57 | 00,000,000 | ---D | C] -- C:\d3fda05644a6880ddd9eb422
[2010-01-22 17:05:17 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2010-01-22 01:18:05 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2010-01-22 01:13:50 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010-01-22 01:13:50 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010-01-22 01:13:50 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010-01-22 01:13:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010-01-22 00:47:59 | 00,181,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010-01-18 11:04:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Lee and Sons Buisness
[2010-01-12 22:44:07 | 00,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2009-01-13 10:13:30 | 00,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDNhcp.dll
[2009-01-13 10:13:29 | 00,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnusb1.dll
[2009-01-13 10:13:29 | 00,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdninpa.dll
[2009-01-13 10:13:29 | 00,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdniesc.dll
[2009-01-13 10:13:28 | 01,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnserv.dll
[2009-01-13 10:13:28 | 00,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnpmui.dll
[2009-01-13 10:13:28 | 00,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnlmpm.dll
[2009-01-13 10:13:28 | 00,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnprox.dll
[2009-01-13 10:13:26 | 00,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdnhbn3.dll
[2009-01-13 10:13:25 | 00,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomm.dll
[2009-01-13 10:13:24 | 00,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdncomc.dll
[2007-09-17 10:09:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007-04-15 13:52:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2006-06-20 09:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2006-01-29 14:04:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[278 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-01-26 20:51:55 | 15,204,352 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010-01-26 20:50:53 | 00,542,917 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\OTLnew.zip
[2010-01-26 19:58:59 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010-01-26 19:58:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010-01-26 19:58:24 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010-01-26 18:50:10 | 28,823,584 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2010-01-26 17:48:12 | 00,548,352 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTLnew.exe
[2010-01-26 13:47:39 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010-01-26 13:30:45 | 03,830,708 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFixNew.zip
[2010-01-26 05:24:56 | 00,522,823 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.zip
[2010-01-26 04:22:17 | 00,899,695 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010-01-24 16:48:31 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010-01-24 13:27:48 | 00,001,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010-01-24 13:27:09 | 05,962,272 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\sas.exe
[2010-01-24 12:15:15 | 00,891,248 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Owner\Desktop\avg_free_stb_all_9_40_cnet.exe
[2010-01-24 11:47:04 | 00,000,065 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2010-01-24 11:42:45 | 00,050,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgfwdx.dll
[2010-01-24 11:42:45 | 00,030,104 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgfwdx.sys
[2010-01-24 11:12:58 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Owner\Desktop\winsockxpfix.exe
[2010-01-23 22:43:18 | 00,000,050 | ---- | M] () -- C:\WINDOWS\MegaManager.INI
[2010-01-23 22:17:12 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010-01-23 12:19:17 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-23 11:57:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2010-01-23 11:37:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2010-01-23 11:17:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2010-01-23 10:03:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
[2010-01-23 09:43:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
[2010-01-23 09:23:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
[2010-01-23 09:03:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
[2010-01-23 08:43:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
[2010-01-23 08:23:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
[2010-01-23 08:03:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
[2010-01-23 07:43:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
[2010-01-23 07:23:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
[2010-01-23 07:03:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
[2010-01-23 06:43:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
[2010-01-23 06:23:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2010-01-23 06:03:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2010-01-23 05:43:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2010-01-23 03:04:42 | 00,018,432 | -H-- | M] () -- C:\WINDOWS\System32\winlogon32.exe
[2010-01-23 03:04:42 | 00,018,432 | -H-- | M] () -- C:\WINDOWS\System32\smss32.exe
[2010-01-23 00:52:33 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll
[2010-01-22 14:57:11 | 00,004,205 | ---- | M] () -- C:\WINDOWS\ULEAD32.INI
[2010-01-22 13:26:13 | 00,000,008 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010-01-22 02:15:51 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010-01-22 01:53:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010-01-22 01:52:58 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010-01-22 01:18:13 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2010-01-21 19:42:24 | 00,263,168 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010-01-21 11:40:48 | 00,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-01-20 22:29:38 | 00,003,215 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\license tag.jpg
[2010-01-14 22:05:51 | 00,025,088 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Pharmacy Survey.xls
[2010-01-14 11:12:06 | 00,181,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010-01-13 14:00:22 | 00,130,560 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-01-11 22:06:57 | 00,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI
[2010-01-10 03:00:10 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wedding vows.doc
[2010-01-07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010-01-07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010-01-05 05:00:21 | 00,133,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\extmgr.dll
[2009-12-31 10:33:06 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieudinit.exe
[2009-12-30 00:54:19 | 00,110,080 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tube site submissions.xls
[2009-12-30 00:07:00 | 00,078,336 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tubesite.doc
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\*.tmp files -> C:\*.tmp -> ]
[278 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-01-26 20:50:53 | 00,542,917 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\OTLnew.zip
[2010-01-26 18:48:37 | 28,823,584 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\drweb-cureit.exe
[2010-01-26 13:30:45 | 03,830,708 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFixNew.zip
[2010-01-26 05:24:55 | 00,522,823 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.zip
[2010-01-26 04:22:14 | 00,899,695 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\XDelBox.zip
[2010-01-24 13:27:48 | 00,001,756 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Professional.lnk
[2010-01-24 13:27:15 | 05,962,272 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\sas.exe
[2010-01-23 22:43:18 | 00,000,050 | ---- | C] () -- C:\WINDOWS\MegaManager.INI
[2010-01-23 10:47:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2010-01-23 10:17:41 | 00,007,412 | ---- | C] () -- C:\WINDOWS\System32\drivers\PCTAppEvent.cat
[2010-01-23 10:17:41 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2010-01-23 10:17:35 | 00,007,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctplsg.cat
[2010-01-23 10:03:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\2995.exe
[2010-01-23 09:43:09 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\491.exe
[2010-01-23 09:23:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\9961.exe
[2010-01-23 09:03:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\16827.exe
[2010-01-23 08:43:08 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\23281.exe
[2010-01-23 08:23:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\28145.exe
[2010-01-23 08:03:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\5705.exe
[2010-01-23 07:43:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\24464.exe
[2010-01-23 07:23:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26962.exe
[2010-01-23 07:03:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\29358.exe
[2010-01-23 06:43:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\11478.exe
[2010-01-23 06:23:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2010-01-23 06:03:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2010-01-23 05:43:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2010-01-23 05:03:16 | 00,263,168 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\rkill.com
[2010-01-23 03:54:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2010-01-23 03:34:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2010-01-23 00:52:33 | 00,018,944 | ---- | C] () -- C:\WINDOWS\System32\helper32.dll
[2010-01-23 00:52:23 | 00,018,432 | -H-- | C] () -- C:\WINDOWS\System32\winlogon32.exe
[2010-01-23 00:52:23 | 00,018,432 | -H-- | C] () -- C:\WINDOWS\System32\smss32.exe
[2010-01-22 13:26:13 | 00,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2010-01-22 02:15:51 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2010-01-22 01:18:13 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2010-01-22 01:18:07 | 00,260,272 | ---- | C] () -- C:\cmldr
[2010-01-22 01:13:50 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010-01-22 01:13:50 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010-01-22 01:13:50 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010-01-22 01:13:50 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010-01-22 01:13:50 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010-01-21 11:40:48 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010-01-21 11:40:48 | 00,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010-01-20 22:29:38 | 00,003,215 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\license tag.jpg
[2010-01-18 11:36:12 | 15,204,352 | ---- | C] () -- C:\Documents and Settings\Owner\ntuser.dat
[2010-01-10 02:49:47 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wedding vows.doc
[2009-09-17 19:59:02 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\Gateway2kEx.dll
[2009-01-13 10:19:55 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdnvs.dll
[2009-01-13 10:19:49 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdncoin.dll
[2009-01-13 10:18:52 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdncaps.dll
[2009-01-13 10:18:51 | 00,782,336 | ---- | C] () -- C:\WINDOWS\System32\lxdndrs.dll
[2009-01-13 10:18:51 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdncnv4.dll
[2009-01-13 10:17:41 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
[2009-01-13 10:17:41 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
[2009-01-13 10:17:21 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
[2009-01-13 10:17:21 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
[2009-01-13 10:13:46 | 00,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdnrwrd.ini
[2009-01-13 10:13:30 | 00,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDNinst.dll
[2009-01-13 10:13:26 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdngrd.dll
[2009-01-09 08:20:28 | 00,003,784 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009-01-09 08:11:22 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2008-11-21 17:56:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008-09-29 07:59:27 | 00,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008-09-15 19:14:24 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008-09-15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008-09-15 19:12:02 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008-09-15 19:11:10 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008-08-29 22:44:53 | 00,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008-05-27 18:16:44 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\NormalizeDSP.dll
[2008-05-17 02:02:11 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2007-06-15 13:51:52 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007-06-15 13:50:13 | 00,000,054 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2007-06-15 13:49:12 | 00,000,025 | ---- | C] () -- C:\WINDOWS\EP_CX5000.ini
[2007-06-09 15:13:27 | 00,000,065 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2007-03-12 01:32:13 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\DirectShowSource.dll
[2007-02-04 18:44:28 | 00,002,581 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006-11-05 23:30:38 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2006-10-21 12:59:59 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\Manipulate.dll
[2006-09-27 19:56:12 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006-09-24 20:53:56 | 00,268,242 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-parse.dll
[2006-09-24 20:53:44 | 02,518,779 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-enc.dll
[2006-09-24 20:52:06 | 00,030,693 | ---- | C] () -- C:\WINDOWS\System32\erdmpg-int.dll
[2006-06-23 16:31:04 | 00,130,560 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006-02-13 15:38:01 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI
[2006-01-30 12:15:24 | 00,000,397 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2006-01-30 08:29:02 | 00,004,205 | ---- | C] () -- C:\WINDOWS\ULEAD32.INI
[2006-01-29 17:28:13 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\drivers\service.ini
[2006-01-29 15:10:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-01-29 14:53:03 | 00,000,349 | ---- | C] () -- C:\WINDOWS\fpexplor.INI
[2006-01-29 14:52:10 | 00,000,615 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006-01-27 11:49:47 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2006-01-27 11:45:31 | 00,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2005-10-14 22:10:24 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\comLyricGetter.dll
[2004-02-10 15:08:00 | 00,000,373 | ---- | C] () -- C:\WINDOWS\System32\dlbccoin.ini
[2004-02-01 14:21:56 | 00,097,280 | ---- | C] () -- C:\WINDOWS\System32\Uncommon.dll
[2002-11-13 15:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbcvs.dll
[2001-07-07 03:00:00 | 00,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:AGP440.sys
[2006-02-12 12:17:55 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2006-02-12 12:17:55 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008-04-13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004-08-04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\$NtServicePackUninstall$\sp3.cab:atapi.sys
[2003-07-16 15:46:14 | 10,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2006-02-12 12:17:55 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2006-02-12 12:17:55 | 22,245,337 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008-09-17 17:26:24 | 23,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2010-01-22 11:09:10 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=1494C60EE680E8E79A2D3E25D5FE50FF -- C:\WINDOWS\system32\drivers\atapi.sys
[2003-07-16 15:24:25 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
[2008-04-13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2004-08-04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-04-13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004-08-04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008-04-13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004-08-04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004-08-04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008-04-13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
--------------------------------------------------------------

OTL Extras logfile created on: 2010-01-26 08:54:55 PM - Run 1
OTL by OldTimer - Version 3.1.27.0 Folder = C:\Documents and Settings\Owner\Desktop\OTLnew
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: | Date Format: yyyy-MM-dd

1,022.00 Mb Total Physical Memory | 611.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189.91 Gb Total Space | 42.58 Gb Free Space | 22.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: NONE-UZDAXOSGLH
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxdncoms.exe" = C:\WINDOWS\system32\lxdncoms.exe:*:Enabled:Lexmark Communications System -- ( )
"C:\Program Files\Lexmark 2600 Series\lxdnamon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnamon.exe:*:Enabled:Lexmark Device Monitor -- ()
"C:\Program Files\Lexmark 2600 Series\frun.exe" = C:\Program Files\Lexmark 2600 Series\frun.exe:*:Enabled:Lexmark Productivity Studio -- ()
"C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" = C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- ()
"C:\Program Files\Lexmark 2600 Series\lxdnmon.exe" = C:\Program Files\Lexmark 2600 Series\lxdnmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnpswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe" = C:\Program Files\Lexmark 2600 Series\Diagnostics\LXDNdiag.exe:*:Enabled: -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdnjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe" = C:\Program Files\Ipswitch\WS_FTP Professional\wsftpgui.exe:*:Enabled:WS_FTP Pro Application -- (Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington, MA 02421)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\U.exe" = C:\U.exe:*:Enabled:enable -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{06047825-A8C9-48F9-A452-CD78F7E91584}" = Eudora
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX5000 Scanner Driver Update
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{48FC70BF-0767-4B0B-A120-72625FB00D3B}" = WordPerfect Backup 2.0
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 TBYB
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0050048383C9}" = Microsoft FrontPage 2002
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Professional
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F02CE0-491C-11D4-A44A-0000E86D2305}" = Ulead PhotoImpact 6
"{D4576E0D-2295-4B8E-B663-B68086B00EE5}" = Sonic CinePlayer DVD Pack
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AI RoboForm" = AI RoboForm (All Users)
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Blaze Media Pro" = Blaze Media Pro
"Chameleon Confirmer_is1" = Chameleon Confirmer
"Chameleon Partner Account Requester_is1" = Chameleon PA Requester
"Chameleon Submitter_is1" = Chameleon Submitter
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2007-07-22
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Dell Photo Printer 720" = Dell Photo Printer 720
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"Graboid Video" = Graboid Video 1.6
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"Lexmark 2600 Series" = Lexmark 2600 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieConverterV3" = Movie Converter V3 (remove only)
"Mozilla ActiveX Control v1.7.12" = Mozilla ActiveX Control v1.7.12
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SoundMAX NT" = SoundMAX NT
"Spyware Doctor" = Spyware Doctor 7.0
"Veoh Web Player Beta" = Veoh Web Player Beta
"VLC media player" = VLC media player 0.9.9
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1606980848-220523388-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2010-01-24 03:40:00 PM | Computer Name = NONE-UZDAXOSGLH | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x000a2de5.

Error - 2010-01-24 03:50:55 PM | Computer Name = NONE-UZDAXOSGLH | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x000a2de5.

Error - 2010-01-25 09:19:28 AM | Computer Name = NONE-UZDAXOSGLH | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x000a2de5.

Error - 2010-01-26 02:22:14 AM | Computer Name = NONE-UZDAXOSGLH | Source = MsiInstaller | ID = 11920
Description = Product: Microsoft Antimalware -- Error 1920. Service 'Microsoft Antimalware
Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges
to start system services.

Error - 2010-01-26 02:22:16 AM | Computer Name = NONE-UZDAXOSGLH | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2010-01-26 02:46:05 AM | Computer Name = NONE-UZDAXOSGLH | Source = MsiInstaller | ID = 11920
Description = Product: Microsoft Antimalware -- Error 1920. Service 'Microsoft Antimalware
Service' (MsMpSvc) failed to start. Verify that you have sufficient privileges
to start system services.

Error - 2010-01-26 02:46:07 AM | Computer Name = NONE-UZDAXOSGLH | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 2010-01-26 02:50:48 AM | Computer Name = NONE-UZDAXOSGLH | Source = Application Error | ID = 1000
Description = Faulting application superantispyware.exe, version 4.33.0.1000, faulting
module superantispyware.exe, version 4.33.0.1000, fault address 0x000a2de5.

Error - 2010-01-26 03:25:33 AM | Computer Name = NONE-UZDAXOSGLH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

Error - 2010-01-26 05:23:07 AM | Computer Name = NONE-UZDAXOSGLH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: An internal certificate chaining error has occurred.

[ System Events ]
Error - 2010-01-26 08:45:31 PM | Computer Name = NONE-UZDAXOSGLH | Source = Service Control Manager | ID = 7001
Description = The Apple Mobile Device service depends on the TCP/IP Protocol Driver
service which failed to start because of the following error: %%31

Error - 2010-01-26 08:45:31 PM | Computer Name = NONE-UZDAXOSGLH | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2010-01-26 08:45:31 PM | Computer Name = NONE-UZDAXOSGLH | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD Fips intelppm IPSec mfehidk MRxSmb NetBIOS NetBT OMCI RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
WS2IFSL

Error - 2010-01-26 08:45:52 PM | Computer Name = NONE-UZDAXOSGLH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-01-26 08:46:58 PM | Computer Name = NONE-UZDAXOSGLH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2010-01-26 08:47:09 PM | Computer Name = NONE-UZDAXOSGLH | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2010-01-26 08:58:41 PM | Computer Name = NONE-UZDAXOSGLH | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 2010-01-26 08:58:41 PM | Computer Name = NONE-UZDAXOSGLH | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 2010-01-26 08:59:44 PM | Computer Name = NONE-UZDAXOSGLH | Source = Service Control Manager | ID = 7000
Description = The COPYLOCK LPT Driver Ver5.03 service failed to start due to the
following error: %%2

Error - 2010-01-26 08:59:44 PM | Computer Name = NONE-UZDAXOSGLH | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%3


< End of report >


#15 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:01:02 PM

Posted 27 January 2010 - 08:22 AM

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    CODE
    :OTL
    [2010-01-23 00:52:46 | 00,000,000 | ---D | C] -- C:\Program Files\InternetSecurity2010
    [7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
    [3 C:\*.tmp files -> C:\*.tmp -> ]
    [278 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2010-01-23 11:57:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
    [2010-01-23 11:37:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
    [2010-01-23 11:17:39 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
    [2010-01-23 10:03:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\2995.exe
    [2010-01-23 09:43:09 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\491.exe
    [2010-01-23 09:23:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\9961.exe
    [2010-01-23 09:03:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\16827.exe
    [2010-01-23 08:43:08 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\23281.exe
    [2010-01-23 08:23:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\28145.exe
    [2010-01-23 08:03:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\5705.exe
    [2010-01-23 07:43:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\24464.exe
    [2010-01-23 07:23:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26962.exe
    [2010-01-23 07:03:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\29358.exe
    [2010-01-23 06:43:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\11478.exe
    [2010-01-23 06:23:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
    [2010-01-23 06:03:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
    [2010-01-23 05:43:05 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
    [2010-01-23 03:04:42 | 00,018,432 | -H-- | M] () -- C:\WINDOWS\System32\winlogon32.exe
    [2010-01-23 03:04:42 | 00,018,432 | -H-- | M] () -- C:\WINDOWS\System32\smss32.exe
    [2010-01-23 00:52:33 | 00,018,944 | ---- | M] () -- C:\WINDOWS\System32\helper32.dll

    :files
    C:\WINDOWS\ServicePackFiles\i386\atapi.sys | C:\WINDOWS\system32\drivers\atapi.sys /replace

    :Commands
    [purity]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • You will get a log that shows the results of the fix. Please post it.
  • Then also run and post a new OTL log.


Let me know if you notice any changes in your computer's behavior after taking these steps.



Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users