Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Having trouble with SearchClick8 Virus


  • This topic is locked This topic is locked
8 replies to this topic

#1 Starion89

Starion89

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 22 February 2010 - 09:25 PM

Hey Guys my name is Steve in from Delaware...I joined this forum because of a recent trojan that was somehow put on my laptop. I'm running Windows XP SP2. I've tried Ad-Aware, Spyware Doctor, Spybot S&D, Trojan Remover, and AVG.

My computer is running better then it did, but now for some reason whenever I do a Google search and click on a link I'm redirected to "searchclick8", then to other sites that are clearly malicious. I'm kind of out of ideas here and it's pretty annoying as Google is my #1 tool for classes. Any help is much appreciated. Here is the HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:08 PM, on 2/22/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Steve\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [F.lux] "C:\Documents and Settings\Steve\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKUS\S-1-5-19\..\Run: [sadahamojo] Rundll32.exe "kogasedu.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Spyware Doctor] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Spyware Doctor] (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.buy-security-essentials.com
O15 - Trusted Zone: http://*.download-soft-package.com
O15 - Trusted Zone: http://*.download-software-package.com
O15 - Trusted Zone: http://*.get-key-se10.com
O15 - Trusted Zone: http://*.is-software-download.com
O15 - Trusted Zone: http://*.buy-security-essentials.com (HKLM)
O15 - Trusted Zone: http://*.get-key-se10.com (HKLM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O17 - HKLM\System\CCS\Services\Tcpip\..\{CFD1CF89-6048-411F-BF11-089E23AAB58A}: NameServer = 83.149.115.157,4.2.2.1,192.168.2.1 68.87.75.198
O17 - HKLM\System\CCS\Services\Tcpip\..\{F9D43D8E-99AF-43AB-A99C-225CB4DE1229}: NameServer = 83.149.115.157,4.2.2.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Filter hijack: text/html - {da4f52dd-69e2-4e82-bd49-79ba7f9d6859} - C:\WINDOWS\system32\mst123.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 14040 bytes

Edited by Orange Blossom, 22 February 2010 - 09:27 PM.
Move to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 25 February 2010 - 12:24 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Starion89

Starion89
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 27 February 2010 - 11:24 AM

Hello,

Thank you for the reply. I was able to run DDS and it gave me this log:

DDS (Ver_09-12-01.01) - NTFSx86
Run by Steve at 11:21:14.31 on Sat 02/27/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3007.2220 [GMT -5:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\Steve\Local Settings\Apps\F.lux\flux.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Steve\My Documents\Downloads\dds(2).scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: PCTools Site Guard: {5c8b2a36-3db1-42a4-a3cb-d426709bbfeb} - c:\progra~1\spywar~1\tools\iesdsg.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: PCTools Browser Monitor: {b56a7d7d-6927-48c8-a975-17df180c71ac} - c:\progra~1\spywar~1\tools\iesdpb.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Spyware Doctor]
uRun: [F.lux] "c:\documents and settings\steve\local settings\apps\f.lux\flux.exe" /noshow
uRun: [Google Update] "c:\documents and settings\steve\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [INPROCOMMWireless] c:\program files\atheros\wireless\utility\WlanUtil.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [<NO NAME>]
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
dRun: [Spyware Doctor]
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
TCP: {CFD1CF89-6048-411F-BF11-089E23AAB58A} = 83.149.115.157,4.2.2.1,192.168.2.1 68.87.75.198
TCP: {F9D43D8E-99AF-43AB-A99C-225CB4DE1229} = 83.149.115.157,4.2.2.1
Filter: text/html - {da4f52dd-69e2-4e82-bd49-79ba7f9d6859} -
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli kogasedu.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steve\applic~1\mozilla\firefox\profiles\qca70k8b.default\
FF - plugin: c:\documents and settings\steve\local settings\application data\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-12-9 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-9 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-2-21 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-9 360584]
R1 ikhfile;File Security Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhfile.sys [2009-9-6 30592]
R1 ikhlayer;Kernel Anti-Spyware Driver;c:\windows\system32\drivers\ikhlayer.sys [2009-9-6 51072]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-10 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-12-10 2304192]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-7-23 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-9 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-12-9 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-12-9 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-12-9 25736]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-12-10 5832712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-9 30104]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [2008-7-9 132695]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [2008-7-9 528096]

=============== Created Last 30 ================

2010-02-22 05:17:48 0 d-----w- c:\program files\Quick Startup
2010-02-22 05:17:48 0 d-----w- c:\docume~1\steve\applic~1\GlarySoft
2010-02-22 04:55:14 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-22 04:55:14 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-22 04:55:14 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-22 04:55:14 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-22 04:55:14 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-22 04:55:13 0 d-----w- c:\program files\Trojan Remover
2010-02-22 04:55:13 0 d-----w- c:\docume~1\steve\applic~1\Simply Super Software
2010-02-22 04:55:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-02-22 04:31:11 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-22 04:20:40 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-22 03:12:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-22 03:05:55 0 d-----w- c:\program files\Lavasoft
2010-02-19 04:57:04 93 ----a-w- c:\windows\wininit.ini
2010-02-19 04:08:27 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 04:08:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-19 04:05:59 0 d-----w- c:\program files\Trend Micro
2010-02-18 22:18:00 8 ----a-w- c:\docume~1\alluse~1\applic~1\mswintmp.dat
2010-02-18 22:18:00 0 ----a-w- c:\windows\system32\ES15.exe
2010-02-18 22:17:59 0 ----a-w- c:\windows\system32\helpers32.dll
2010-02-05 03:25:45 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-05 03:24:02 0 d-----w- c:\program files\iPod
2010-02-05 03:23:55 0 d-----w- c:\program files\iTunes
2010-02-04 00:43:37 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-02-04 00:43:37 0 d-----w- c:\program files\CpuIdle
2010-02-04 00:02:22 0 d-----w- c:\program files\SpeedFan
2010-02-04 00:02:21 45 ----a-w- c:\windows\system32\initdebug.nfo

==================== Find3M ====================

2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 04:31:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-10 04:30:50 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-08 18:53:08 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19:32 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 01:08:16 22 ----a-w- C:\DFU.zip
1601-01-01 00:03:28 11264 --sha-w- c:\windows\system32\sadezaji.dll
1601-01-01 00:03:28 22528 --sha-w- c:\windows\system32\vumehijo.dll

============= FINISH: 11:22:07.14 ===============


GMER Kept logging me out when it got to a certain point, so I ran it in safe mode and this is what it came up with:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-27 10:45:51
Windows 5.1.2600 Service Pack 2
Running: t1jwdc2n.exe; Driver: C:\DOCUME~1\Steve\LOCALS~1\Temp\ugtyrpog.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF764787E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF7647BFE]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- EOF - GMER 1.0.15 ----




Thanks Again
-Steve

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 27 February 2010 - 11:59 AM

Hello, Starion89
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 Starion89

Starion89
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 27 February 2010 - 06:59 PM

Hello,

Ran ComboFix...here is the log

ComboFix 10-02-27.04 - Steve 02/27/2010 18:08:47.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3007.2199 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\Schrauber.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\mswintmp.dat
C:\LOG.TXT
c:\windows\system32\ES15.exe
c:\windows\system32\helpers32.dll
c:\windows\system32\sadezaji.dll
c:\windows\system32\twain_32.dll
c:\windows\system32\vumehijo.dll
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

.
((((((((((((((((((((((((( Files Created from 2010-01-27 to 2010-02-27 )))))))))))))))))))))))))))))))
.

2010-02-22 05:17 . 2010-02-22 05:17 -------- d-----w- c:\program files\Quick Startup
2010-02-22 05:17 . 2010-02-22 05:17 -------- d-----w- c:\documents and settings\Steve\Application Data\GlarySoft
2010-02-22 04:56 . 2010-02-23 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-22 04:55 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-22 04:55 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-22 04:55 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-22 04:55 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-22 04:55 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\program files\Trojan Remover
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\documents and settings\Steve\Application Data\Simply Super Software
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-22 04:31 . 2010-02-22 04:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-22 04:21 . 2010-02-22 04:21 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Sunbelt Software
2010-02-22 04:20 . 2010-02-22 04:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-22 03:12 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-22 03:05 . 2010-02-22 04:20 -------- d-----w- c:\program files\Lavasoft
2010-02-22 03:05 . 2010-02-22 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-19 04:08 . 2010-02-19 04:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 04:08 . 2010-02-19 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-19 04:05 . 2010-02-19 04:05 -------- d-----w- c:\program files\Trend Micro
2010-02-05 03:25 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-05 03:24 . 2010-02-05 03:24 -------- d-----w- c:\program files\iPod
2010-02-05 03:23 . 2010-02-05 03:25 -------- d-----w- c:\program files\iTunes
2010-02-04 00:43 . 2010-02-04 00:43 -------- d-----w- c:\program files\CpuIdle
2010-02-04 00:43 . 2010-02-04 00:43 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-02-04 00:02 . 2010-02-19 00:14 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-27 15:49 . 2008-10-03 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-23 12:23 . 2010-02-22 04:29 3507536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-02-23 12:23 . 2010-02-22 04:29 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\LIBEMAIL.DLL
2010-02-22 04:31 . 2010-02-22 04:31 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-22 04:31 . 2010-02-22 04:31 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-22 04:31 . 2010-02-22 03:12 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-22 04:31 . 2010-02-22 04:31 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-22 04:31 . 2010-02-22 03:12 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-22 04:31 . 2010-02-22 03:12 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-22 04:29 . 2010-02-22 03:11 815184 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-10 16:50 . 2009-10-20 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-05 04:28 . 2008-09-23 02:50 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2010-02-05 03:23 . 2008-07-18 20:54 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 15:53 . 2010-02-22 04:20 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-04 01:37 . 2008-10-03 20:49 -------- d-----w- c:\program files\Google
2010-02-04 01:33 . 2008-08-21 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-04 01:32 . 2008-10-07 19:09 -------- d-----w- c:\program files\Maxthon
2010-02-04 01:28 . 2009-03-17 02:26 -------- d-----w- c:\program files\1&1
2010-02-04 00:49 . 2008-08-21 04:07 -------- d-----w- c:\documents and settings\Steve\Application Data\skypePM
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-04 15:53 . 2010-01-04 15:53 -------- d-----w- c:\documents and settings\Steve\Application Data\AVG9
2010-01-04 15:52 . 2009-12-10 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-31 16:14 . 2004-08-12 14:06 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-12 14:09 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2008-07-09 11:52 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-12 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 23:05 . 2010-02-23 01:12 3613560 ----a-w- c:\documents and settings\Steve\Application Data\Simply Super Software\Trojan Remover\jue174.exe
2009-12-11 23:05 . 2010-02-22 04:56 3613560 ----a-w- c:\documents and settings\Steve\Application Data\Simply Super Software\Trojan Remover\yijD3.exe
2009-12-10 20:33 . 2009-12-10 04:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-10 04:31 . 2009-12-10 04:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-10 04:31 . 2009-12-10 04:31 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-10 04:31 . 2009-12-10 04:31 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-10 04:31 . 2009-12-10 04:31 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-10 04:31 . 2009-12-10 04:31 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-10 04:30 . 2009-12-10 04:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-10 04:30 . 2009-12-10 04:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-08 18:53 . 2004-08-12 14:02 2136064 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2015744 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 01:08 . 2009-12-06 01:06 22 ----a-w- C:\DFU.zip
2009-12-04 20:28 . 2009-12-04 20:28 1683456 ----a-w- c:\documents and settings\Steve\Application Data\Folding@home-x86\FahCore_82.exe
2009-12-04 14:41 . 2004-08-12 14:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"F.lux"="c:\documents and settings\Steve\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-10 04:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/9/2009 11:31 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/9/2009 11:31 PM 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/21/2010 10:12 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 11:31 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/9/2009 11:31 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/10/2009 3:33 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/10/2009 3:33 PM 2304192]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/23/2008 8:46 PM 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/9/2009 11:30 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/9/2009 11:31 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/9/2009 11:31 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/9/2009 11:31 PM 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/10/2009 3:33 PM 5832712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:28 PM 135664]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/9/2009 11:30 PM 30104]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [7/9/2008 10:17 AM 132695]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [7/9/2008 10:04 AM 528096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:30]

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-02-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 02:27]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:28]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:28]

2010-02-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 04:50]

2010-02-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 04:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {CFD1CF89-6048-411F-BF11-089E23AAB58A} = 83.149.115.157,4.2.2.1,192.168.2.1 68.87.75.198
TCP: {F9D43D8E-99AF-43AB-A99C-225CB4DE1229} = 83.149.115.157,4.2.2.1
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\qca70k8b.default\
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Spyware Doctor - (no file)
HKLM-Run-INPROCOMMWireless - c:\program files\Atheros\Wireless\Utility\WlanUtil.exe
HKU-Default-Run-Spyware Doctor - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-27 18:22
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc25.tmp"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Spyware Doctor\sdhelp.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\ICO.EXE
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
.
**************************************************************************
.
Completion time: 2010-02-27 18:32:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-27 23:32

Pre-Run: 90,615,975,936 bytes free
Post-Run: 93,089,714,176 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - A0170BDA0991FEA2052D31BC21139882

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 01 March 2010 - 01:18 PM

Hi,


1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
Folder::
c:\documents and settings\Steve\Local Settings\Apps\F.lux
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F.lux"=-


Save this as CFScript.txt, in the same location as ComboFix.exe




Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.







Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.





  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    safebootminimal
    safebootnetwork
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 Starion89

Starion89
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:06:48 AM

Posted 01 March 2010 - 07:35 PM

Tom,

Here are the logs in the order you requested them. F.Lux is a program that dims the backlight on my laptop...I'm hoping that's not the problem cause I really like the program.

ComboFix Log:

ComboFix 10-02-27.04 - Steve 03/01/2010 18:31:16.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.3007.2067 [GMT -5:00]
Running from: c:\documents and settings\Steve\Desktop\Schrauber.exe
Command switches used :: c:\documents and settings\Steve\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Security Suite Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steve\Local Settings\Apps\F.lux
c:\documents and settings\Steve\Local Settings\Apps\F.lux\flux.exe
c:\documents and settings\Steve\Local Settings\Apps\F.lux\runtime\Calibri-14-1.400000-400-0.ytf
c:\documents and settings\Steve\Local Settings\Apps\F.lux\runtime\flux.psd
c:\documents and settings\Steve\Local Settings\Apps\F.lux\runtime\flux.tre
c:\documents and settings\Steve\Local Settings\Apps\F.lux\uninstall.exe
c:\documents and settings\Steve\Local Settings\Apps\F.lux\update\setup.exe

.
((((((((((((((((((((((((( Files Created from 2010-02-01 to 2010-03-01 )))))))))))))))))))))))))))))))
.

2010-02-23 01:12 . 2009-12-11 23:05 3613560 ----a-w- c:\documents and settings\Steve\Application Data\Simply Super Software\Trojan Remover\jue174.exe
2010-02-22 05:17 . 2010-02-22 05:17 -------- d-----w- c:\program files\Quick Startup
2010-02-22 05:17 . 2010-02-22 05:17 -------- d-----w- c:\documents and settings\Steve\Application Data\GlarySoft
2010-02-22 04:56 . 2010-02-23 01:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-22 04:56 . 2009-12-11 23:05 3613560 ----a-w- c:\documents and settings\Steve\Application Data\Simply Super Software\Trojan Remover\yijD3.exe
2010-02-22 04:55 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-02-22 04:55 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-02-22 04:55 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-02-22 04:55 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-02-22 04:55 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\program files\Trojan Remover
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\documents and settings\Steve\Application Data\Simply Super Software
2010-02-22 04:55 . 2010-02-22 04:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-02-22 04:31 . 2010-02-22 04:31 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-22 04:31 . 2010-02-22 04:31 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-22 04:31 . 2010-02-22 04:31 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-02-22 04:31 . 2010-02-22 04:31 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-22 04:30 . 2010-02-22 04:30 562272 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-22 04:30 . 2010-02-22 04:30 221408 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-02-22 04:30 . 2010-02-22 04:30 1230160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-02-22 04:30 . 2010-02-22 04:30 247120 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-02-22 04:30 . 2010-02-22 04:30 17480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-22 04:21 . 2010-02-22 04:21 -------- d-----w- c:\documents and settings\Steve\Local Settings\Application Data\Sunbelt Software
2010-02-22 04:20 . 2010-02-22 04:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-22 04:20 . 2010-02-04 15:53 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-02-22 03:12 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-02-22 03:12 . 2010-02-22 04:31 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-22 03:12 . 2010-02-22 03:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2010-02-22 03:12 . 2010-02-22 04:31 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-22 03:12 . 2010-02-22 04:31 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-22 03:12 . 2010-02-22 04:30 393896 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-22 03:12 . 2010-02-22 03:12 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2010-02-22 03:12 . 2010-02-22 04:30 390320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-22 03:12 . 2010-02-22 04:30 167312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-22 03:12 . 2010-02-22 04:30 6330848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-22 03:05 . 2010-02-22 04:20 -------- d-----w- c:\program files\Lavasoft
2010-02-22 03:05 . 2010-02-22 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-02-19 04:08 . 2010-02-19 04:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-19 04:08 . 2010-02-19 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-19 04:05 . 2010-02-19 04:05 -------- d-----w- c:\program files\Trend Micro
2010-02-05 03:25 . 2008-04-17 18:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-02-05 03:24 . 2010-02-05 03:24 -------- d-----w- c:\program files\iPod
2010-02-05 03:23 . 2010-02-05 03:25 -------- d-----w- c:\program files\iTunes
2010-02-04 00:43 . 2010-02-04 00:43 -------- d-----w- c:\program files\CpuIdle
2010-02-04 00:43 . 2010-02-04 00:43 4484 ----a-w- c:\windows\system32\drivers\cpuidlep.sys
2010-02-04 00:02 . 2010-02-19 00:14 -------- d-----w- c:\program files\SpeedFan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-01 20:18 . 2008-10-03 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-02-23 12:23 . 2010-02-22 04:29 3507536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\vcore.dll
2010-02-23 12:23 . 2010-02-22 04:29 283984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\LIBEMAIL.DLL
2010-02-22 04:30 . 2010-02-22 03:11 329048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-22 04:30 . 2010-02-22 03:11 94712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-22 04:30 . 2010-02-22 03:11 961984 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-22 04:30 . 2010-02-22 03:11 835312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-22 04:30 . 2010-02-22 03:11 842992 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-22 04:30 . 2010-02-22 03:11 1593320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-10 16:50 . 2009-10-20 03:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-05 04:28 . 2008-09-23 02:50 -------- d-----w- c:\documents and settings\Steve\Application Data\U3
2010-02-05 03:23 . 2008-07-18 20:54 -------- d-----w- c:\program files\Common Files\Apple
2010-02-04 01:37 . 2008-10-03 20:49 -------- d-----w- c:\program files\Google
2010-02-04 01:33 . 2008-08-21 04:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-04 01:32 . 2008-10-07 19:09 -------- d-----w- c:\program files\Maxthon
2010-02-04 01:28 . 2009-03-17 02:26 -------- d-----w- c:\program files\1&1
2010-02-04 00:49 . 2008-08-21 04:07 -------- d-----w- c:\documents and settings\Steve\Application Data\skypePM
2010-01-23 00:51 . 2010-01-23 00:51 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-01-04 15:53 . 2010-01-04 15:53 -------- d-----w- c:\documents and settings\Steve\Application Data\AVG9
2010-01-04 15:52 . 2009-12-10 04:30 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-31 16:14 . 2004-08-12 14:06 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-12 14:09 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-12 13:58 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-16 12:58 . 2008-07-09 11:52 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-12 13:56 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 20:33 . 2009-12-10 04:31 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-10 04:31 . 2009-12-10 04:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-10 04:31 . 2009-12-10 04:31 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-10 04:31 . 2009-12-10 04:31 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-10 04:31 . 2009-12-10 04:31 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-10 04:31 . 2009-12-10 04:31 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-10 04:30 . 2009-12-10 04:30 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-10 04:30 . 2009-12-10 04:30 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-08 18:53 . 2004-08-12 14:02 2136064 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2015744 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-06 01:08 . 2009-12-06 01:06 22 ----a-w- C:\DFU.zip
2009-12-04 20:28 . 2009-12-04 20:28 1683456 ----a-w- c:\documents and settings\Steve\Application Data\Folding@home-x86\FahCore_82.exe
2009-12-04 14:41 . 2004-08-12 14:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-08-23 455968]
"Google Update"="c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-22 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mouse Suite 98 Daemon"="ICO.EXE" [2004-07-14 57344]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-14 102400]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-10-19 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-08-23 8478720]
"nwiz"="nwiz.exe" [2007-08-23 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-08-23 81920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 185896]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-10 04:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Cpqset"=c:\program files\Hewlett-Packard\Default Settings\cpqset.exe
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Ad-Watch"=c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\cygwin\\usr\\X11R6\\bin\\XWin.exe"=
"c:\\Program Files\\Maple 10\\jre\\bin\\maple.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/9/2009 11:31 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/9/2009 11:31 PM 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/21/2010 10:12 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 11:31 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/9/2009 11:31 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/10/2009 3:33 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/10/2009 3:33 PM 2304192]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/23/2008 8:46 PM 24652]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/9/2009 11:30 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/9/2009 11:31 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/9/2009 11:31 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/9/2009 11:31 PM 25736]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/10/2009 3:33 PM 5832712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/5/2010 8:28 PM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 10:52 AM 1229232]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/9/2009 11:30 PM 30104]
S3 NaiAvFilter102;NAI Anti Virus;\Device\NaiAvFilter102.sys --> \Device\NaiAvFilter102.sys [?]
S3 NetWlan5;Symbol Based 802.11b Wireless LAN Card Driver;c:\windows\system32\drivers\NetWlan5.sys [7/9/2008 10:17 AM 132695]
S3 WLAN_400_500_SERVICE;HP WLAN W400/W500 Wireless Network Adapter Service;c:\windows\system32\drivers\ar5211.sys [7/9/2008 10:04 AM 528096]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-08-23 21:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-03-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 04:30]

2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]

2010-03-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-10-03 02:27]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:28]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:28]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004Core.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 04:50]

2010-03-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004UA.job
- c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-22 04:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: is-software-download.com
Trusted Zone: buy-security-essentials.com
Trusted Zone: get-key-se10.com
TCP: {CFD1CF89-6048-411F-BF11-089E23AAB58A} = 83.149.115.157,4.2.2.1,192.168.2.1 68.87.75.198
TCP: {F9D43D8E-99AF-43AB-A99C-225CB4DE1229} = 83.149.115.157,4.2.2.1
FF - ProfilePath - c:\documents and settings\Steve\Application Data\Mozilla\Firefox\Profiles\qca70k8b.default\
FF - plugin: c:\documents and settings\Steve\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Flux - c:\documents and settings\Steve\Local Settings\Apps\F.lux\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-01 18:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\mchInjDrv]
"ImagePath"="\??\c:\windows\TEMP\mc25.tmp"
.
Completion time: 2010-03-01 18:43:02
ComboFix-quarantined-files.txt 2010-03-01 23:42
ComboFix2.txt 2010-02-27 23:32

Pre-Run: 93,026,918,400 bytes free
Post-Run: 92,982,120,448 bytes free

- - End Of File - - 401FE8A795FDCBAF0C1A0E7AC6DB2F3F


MalwareBytes Log:

Malwarebytes' Anti-Malware 1.44
Database version: 3811
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

3/1/2010 6:53:48 PM
mbam-log-2010-03-01 (18-53-48).txt

Scan type: Quick Scan
Objects scanned: 128560
Time elapsed: 3 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 9
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-security-essentials.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-soft-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\download-software-package.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\get-key-se10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cfd1cf89-6048-411f-bf11-089e23aab58a}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1,192.168.2.1 68.87.75.198 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f9d43d8e-99af-43ab-a99c-225cb4de1229}\NameServer (Trojan.DNSChanger) -> Data: 83.149.115.157,4.2.2.1 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\pcidisk.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\p6mgtz1.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

OTL Log:

OTL logfile created on: 3/1/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Steve\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 86.62 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LAPTOP
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/01 19:20:59 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\My Documents\Downloads\OTL.exe
PRC - [2010/02/21 23:29:59 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/21 23:29:55 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/18 15:57:07 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 19:16:38 | 010,358,056 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2010/01/18 08:00:33 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgfws9.exe
PRC - [2009/12/10 15:33:43 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/10 15:33:41 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/12/10 15:33:06 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/12/09 23:31:17 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/08/28 19:48:20 | 000,518,120 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
PRC - [2009/08/28 19:48:08 | 000,015,376 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
PRC - [2009/08/28 19:48:02 | 000,245,288 | ---- | M] () -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
PRC - [2008/07/20 21:44:17 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/02 16:17:14 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) -- C:\Program Files\Spyware Doctor\sdhelp.exe
PRC - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/12 09:07:46 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\unsecapp.exe
PRC - [2004/07/14 14:36:54 | 000,057,344 | ---- | M] (Primax Electronics Ltd.) -- C:\WINDOWS\system32\ICO.EXE


========== Modules (SafeList) ==========

MOD - [2010/03/01 19:20:59 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\My Documents\Downloads\OTL.exe
MOD - [2006/10/31 16:29:50 | 000,101,448 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\tools\swpg.DAT
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/02/21 23:29:55 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/18 08:00:33 | 002,304,192 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgfws9.exe -- (avgfws9)
SRV - [2009/12/10 15:33:41 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/10 15:33:36 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2008/12/16 01:43:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/10/25 10:44:08 | 000,065,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/02 16:17:14 | 000,895,088 | ---- | M] (PC Tools Research Pty Ltd) [Auto | Running] -- C:\Program Files\Spyware Doctor\sdhelp.exe -- (SDhelper)
SRV - [2005/05/20 10:37:12 | 000,081,920 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE -- (HP Port Resolver)
SRV - [2005/03/14 12:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/10/16 05:31:06 | 000,073,728 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE -- (HP Status Server)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/07/20 21:44:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/18 15:57:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/18 15:57:11 | 000,000,000 | ---D | M]

[2008/09/02 21:52:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2010/02/28 21:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\qca70k8b.default\extensions
[2010/01/27 01:29:25 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\qca70k8b.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2008/09/02 21:52:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/02/27 18:21:02 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (PCTools Site Guard) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\Program Files\Spyware Doctor\tools\iesdsg.dll (PC Tools)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (PCTools Browser Monitor) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [Mouse Suite 98 Daemon] C:\WINDOWS\System32\ICO.EXE (Primax Electronics Ltd.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe ( Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Steve\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\Program Files\Spyware Doctor\tools\iesdpb.dll (PC Tools)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 (Java Plug-in 1.6.0_07)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 68.87.75.198
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/07/09 06:57:29 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/07/08 21:03:00 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} -
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58550188179980288)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/01 18:47:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Malwarebytes
[2010/03/01 18:47:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/01 18:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/01 18:47:37 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/01 18:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/01 18:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/02/27 17:58:00 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/27 17:56:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/27 17:56:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/27 17:56:30 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/27 17:56:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/27 17:56:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/27 17:50:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/22 00:19:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Anti-Virus and System Utilities
[2010/02/22 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Quick Startup
[2010/02/22 00:17:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\GlarySoft
[2010/02/21 23:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/21 23:55:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Simply Super Software
[2010/02/21 23:55:13 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/02/21 23:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Application Data\Simply Super Software
[2010/02/21 23:55:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/02/21 23:31:11 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/21 23:21:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\Sunbelt Software
[2010/02/21 23:20:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/21 22:12:38 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2010/02/21 22:05:55 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/02/21 22:05:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2010/02/18 23:08:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/02/18 23:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/18 23:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/01/05 20:34:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/01/05 20:33:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/05 20:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2010/01/05 20:28:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/12/27 03:00:18 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/10/08 18:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/23 11:10:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2005/09/24 00:49:16 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/01 19:15:38 | 008,650,752 | -H-- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/01 19:04:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/03/01 19:03:07 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/03/01 19:02:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/01 19:02:46 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 19:02:43 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 19:02:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 19:02:39 | 3152,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 18:50:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004UA.job
[2010/03/01 18:47:42 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/01 18:40:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/01 17:38:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/01 16:50:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2025429265-1500820517-682003330-1004Core.job
[2010/03/01 13:39:43 | 056,483,219 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/02/27 17:58:08 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/02/27 17:48:16 | 003,874,477 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\Schrauber.exe
[2010/02/27 10:46:03 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/02/26 15:27:05 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\t1jwdc2n.exe
[2010/02/25 23:02:46 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\PUTTY.RND
[2010/02/25 17:45:50 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\Google Chrome.lnk
[2010/02/24 19:56:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/24 17:34:27 | 000,568,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\iavifw.avm
[2010/02/21 23:31:10 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2010/02/19 00:00:11 | 000,001,744 | -H-- | M] () -- C:\WINDOWS\System32\zonikofa
[2010/02/18 23:57:04 | 000,000,093 | ---- | M] () -- C:\WINDOWS\wininit.ini
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,001,744 | -H-- | C] () -- C:\WINDOWS\System32\zonikofa
[2010/03/01 18:47:42 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/27 17:58:08 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/02/27 17:58:03 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/27 17:56:30 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/27 17:56:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/27 17:56:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/27 17:56:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/27 17:56:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/27 17:49:00 | 003,874,477 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\Schrauber.exe
[2010/02/27 10:48:27 | 3152,986,112 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/26 15:27:04 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\t1jwdc2n.exe
[2010/02/21 23:55:14 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/02/21 23:55:14 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/02/21 23:55:14 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/02/21 23:55:14 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/02/21 23:51:05 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/02/18 23:57:04 | 000,000,093 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/03 19:43:37 | 000,004,484 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpuidlep.sys
[2009/09/10 16:34:49 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2009/02/12 12:07:28 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/12/27 13:20:15 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2008/12/25 19:12:43 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/25 19:11:57 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2008/12/16 02:03:00 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/11/02 23:53:16 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\PUTTY.RND
[2008/10/20 00:24:27 | 000,000,067 | ---- | C] () -- C:\WINDOWS\Easy Video to DVD.INI
[2008/10/19 23:38:04 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/09/23 09:45:29 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/09/19 16:55:10 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/09/19 16:54:18 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2008/09/02 10:52:22 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/08/24 03:09:30 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/08/24 03:09:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2008/07/09 15:11:21 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/07/09 15:11:21 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/07/09 15:11:21 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/07/09 15:11:20 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/07/09 15:06:30 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/07/09 08:12:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\QSwitch.txt
[2008/07/09 08:12:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DSwitch.txt
[2008/07/09 08:12:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\AtStart.txt
[2008/07/09 08:03:50 | 000,008,181 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
[2008/07/09 08:03:50 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
[2008/07/09 07:53:01 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/05/12 12:23:22 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2002/05/15 22:29:04 | 000,000,607 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2001/11/23 17:18:00 | 000,000,597 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 12:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1998/10/10 23:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2009/04/07 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest
[2010/01/04 10:52:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2009/04/06 21:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/07/22 00:51:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/07/22 00:50:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2008/07/09 08:13:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2008/09/04 13:39:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates
[2008/11/22 16:45:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2008/09/04 14:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2010/02/21 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/02/22 20:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/23 20:46:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/02/21 23:20:41 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2009/11/25 15:13:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/03/16 21:26:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\1&1
[2009/09/21 13:13:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Avanquest
[2010/01/04 10:53:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\AVG9
[2009/10/25 23:19:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\FileZilla
[2009/12/04 15:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Folding@home-x86
[2010/02/22 00:17:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GlarySoft
[2010/02/21 15:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LimeWire
[2008/11/20 01:19:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\RTPlayer
[2008/09/21 14:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Ruckus Network
[2010/02/21 23:55:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Simply Super Software
[2008/11/22 14:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Tunebite
[2010/03/01 19:04:49 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2007/10/09 15:49:00 | 001,409,405 | ---- | M] () -- C:\dfu.exe


< MD5 for: AGP440.SYS >
[2004/08/12 09:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 13:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/12 09:06:15 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\atapi.sys
[2004/08/12 08:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2004/08/12 08:55:51 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\eventlog.dll
[2004/08/12 08:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2004/08/12 08:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004/08/12 08:57:17 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2007/09/29 21:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\swsetup\SP38088\Files\64\iastor.sys
[2007/09/29 21:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\swsetup\SP38088\Files\32\iastor.sys
[2004/08/12 09:11:50 | 000,467,200 | ---- | M] (Intel Corporation) MD5=F26BFD48B1C314E0F23BF77ACFA75940 -- C:\WINDOWS\dell\iastor\iastor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 13:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/12 09:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2004/08/12 09:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004/08/12 09:02:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\IDE\Win2K\sata_ide\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\IDE\WinXP\sata_ide\nvata.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\IDE\Win2K\sataraid\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\IDE\WinXP\sataraid\nvatabus.sys
[2006/01/26 23:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\swsetup\SP33411\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2007/05/04 14:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\Win2K\sata_ide\nvgts.sys
[2007/05/04 14:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\Win2K\sataraid\nvgts.sys
[2007/05/04 14:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\WinXP\sata_ide\nvgts.sys
[2007/05/04 14:50:10 | 000,103,936 | ---- | M] (NVIDIA Corporation) MD5=859794817394AFAE6E79E069BA5125BA -- C:\NVIDIA\nForceWin2KXP\14.10\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: SCECLI.DLL >
[2004/08/12 09:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2004/08/12 09:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004/08/12 09:04:44 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

EXTRAS Log:

OTL Extras logfile created on: 3/1/2010 7:21:33 PM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Steve\My Documents\Downloads
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 75.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 174.47 Gb Total Space | 86.62 Gb Free Space | 49.65% Space Free | Partition Type: NTFS
Drive D: | 11.84 Gb Total Space | 2.00 Gb Free Space | 16.86% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVE-LAPTOP
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
https [open] --
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\cygwin\usr\X11R6\bin\XWin.exe" = C:\cygwin\usr\X11R6\bin\XWin.exe:*:Disabled:XWin -- ()
"C:\Program Files\Maple 10\jre\bin\maple.exe" = C:\Program Files\Maple 10\jre\bin\maple.exe:*:Enabled:maple -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\AVG\AVG9\avgam.exe" = C:\Program Files\AVG\AVG9\avgam.exe:*:Enabled:avgam.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgdiagex.exe" = C:\Program Files\AVG\AVG9\avgdiagex.exe:*:Enabled:avgdiagex.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0CDD5599-836A-4650-8BE7-F33D8D915A0D}" = dj6980
"{0F40754C-F1FD-43df-B73E-9DA38399CDD6}" = hpf_ProductContext
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14A67CE0-4F30-4607-885B-43EE27BAC746}" = Readme
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 J1
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D10E608-A4A3-40AD-B91C-6D963BBD91D5}" = LP6980_Help
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4241BD9F-55F1-43B5-8694-DBC9C596F175}" = Web Easy Professional
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5C3DA2A1-03B2-44BD-B5AA-A44BD6E0C0C1}" = HP Integrated Wireless LAN W400-W500 Driver
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7ADE9F27-A175-447F-A4B4-B05FA82735E1}" = HP Deskjet 6900 series
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2BC4969-2DE3-499A-9A3D-1B7C34ED12C3}" = HP Webcam
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB1F3886-AE9F-46fb-8325-6B0718989285}" = dj_taplugin
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D16AA51D-2BE9-421A-84A7-759578E64A74}" = Web Easy Professional 7
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{EDABA4A8-8B7E-488A-A85C-17406C1C62CA}" = LP6980Trb
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F439D7AF-03F3-4F8E-AEC4-571BFE977C61}" = iTunes
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"126C456AE165F5E8391AB722C9C16C4D76981DEA" = Windows Driver Package - Intel net (03/13/2008 11.5.1.15)
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Ad-Aware" = Ad-Aware
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"AVG9Uninstall" = AVG 9.0
"B6E4AD11B487308A361AACB990AC314D7DEAD995" = Windows Driver Package - usbvm326 (usbvm328) Image (10/12/2006 326.1.061012.25)
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO_HDA" = Conexant HD Audio
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CpuIdle" = CpuIdle (remove only)
"D4DEFCEEE19FBF84C44EE0E5CF3716D67F3A4261" = Windows Driver Package - Intel (NETw4x32) net (03/13/2008 11.5.1.15)
"Easy MPEG AVI DIVX WMV RM to DVD_is1" = Easy MPEG/AVI/DIVX/WMV/RM to DVD 2.0.3
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.2.7.1
"Free RAR Extract Frog" = Free RAR Extract Frog
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 6.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.0
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MouseSuite98" = Mouse Suite
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PCFriendly" = PCFriendly
"Quick Startup_is1" = Quick Startup 2.8.0.718
"RealPlayer 6.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Spyware Doctor_is1" = Spyware Doctor 4.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Trojan Remover_is1" = Trojan Remover 6.8.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! SiteBuilder" = Yahoo! SiteBuilder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"StudioWorks" = StudioWorks

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/19/2010 12:11:51 AM | Computer Name = STEVE-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 2/19/2010 4:40:29 PM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module jokiroyu.dll, version 0.0.0.0, fault address 0x0000d4e0.

Error - 2/19/2010 4:40:53 PM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module jokiroyu.dll, version 0.0.0.0, fault address 0x0000d4e0.

Error - 2/19/2010 4:41:00 PM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1004
Description = Faulting application winlogon.exe, version 0.0.0.0, faulting module
jokiroyu.dll, version 0.0.0.0, fault address 0x0000d4e0.

Error - 2/21/2010 1:25:23 AM | Computer Name = STEVE-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application wlmail.exe, version 14.0.8089.726, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 2/21/2010 11:06:18 PM | Computer Name = STEVE-LAPTOP | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 2/22/2010 1:19:40 AM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application teatimer.exe, version 1.6.6.32, faulting module
teatimer.exe, version 1.6.6.32, fault address 0x0006e66e.

Error - 2/22/2010 9:11:33 PM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
npswf32.dll, version 10.0.22.87, fault address 0x001e7e52.

Error - 2/22/2010 9:11:55 PM | Computer Name = STEVE-LAPTOP | Source = Application Error | ID = 1000
Description = Faulting application acrobat.exe, version 8.1.0.137, faulting module
unknown, version 0.0.0.0, fault address 0x6d75636f.

Error - 2/28/2010 10:16:36 PM | Computer Name = STEVE-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3685, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 10/28/2009 3:38:46 PM | Computer Name = STEVE-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1438
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 10/28/2009 4:23:16 PM | Computer Name = STEVE-LAPTOP | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1284
seconds with 300 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 2/26/2010 10:22:16 PM | Computer Name = STEVE-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service iPod Service
with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error - 2/27/2010 11:45:47 AM | Computer Name = STEVE-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/27/2010 11:46:02 AM | Computer Name = STEVE-LAPTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/27/2010 11:49:20 AM | Computer Name = STEVE-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ohci1394

Error - 2/27/2010 7:21:34 PM | Computer Name = STEVE-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ohci1394

Error - 2/28/2010 3:14:32 PM | Computer Name = STEVE-LAPTOP | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
the kernel-mode translation module. This may indicate misconfiguration, insufficient
resources, or an internal error. The data is the error code.

Error - 2/28/2010 4:12:24 PM | Computer Name = STEVE-LAPTOP | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.6 for the Network Card with network
address 001FE16C7ADE has been denied by the DHCP server 128.175.13.14 (The DHCP
Server sent a DHCPNACK message).

Error - 2/28/2010 6:27:40 PM | Computer Name = STEVE-LAPTOP | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 128.175.170.144
on the Network Card with network address 001FE16C7ADE.

Error - 3/1/2010 7:26:29 PM | Computer Name = STEVE-LAPTOP | Source = Print | ID = 6161
Description = The document Powered By Pitney Bowes owned by Steve failed to print
on printer HP Deskjet 6980 series. Data type: NT EMF 1.008. Size of the spool file
in bytes: 7733248. Number of bytes printed: 0. Total number of pages in the document:
1. Number of pages printed: 0. Client machine: \\STEVE-LAPTOP. Win32 error code
returned by the print processor: 2 (0x2).

Error - 3/1/2010 8:03:14 PM | Computer Name = STEVE-LAPTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ohci1394


< End of report >


Thanks for all the help.

-Steve


#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 02 March 2010 - 03:35 PM

Hi,


How is it running now?


Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.






Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 18.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u18-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u18-windows-i586.exe and select "Run as an Administrator.")





I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:11:48 AM

Posted 07 March 2010 - 03:15 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users