Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Results of GMER scan... What now?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Verploeg

Verploeg

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 05 March 2010 - 08:34 AM

I was told to post the complete log of the GMER scan. It is attached.

What's the next step I need to take?

Many thanks in advance.

Attached Files

  • Attached File  ark.txt   1.75KB   9 downloads

Edited by Verploeg, 05 March 2010 - 08:34 AM.


BC AdBot (Login to Remove)

 


#2 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 08 March 2010 - 11:42 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log

PW

#3 Verploeg

Verploeg
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 08 March 2010 - 07:41 PM

Hi,

I've been asked to post my problem again with the log results. They are this:

At first Microsoft Office Outlook kept stalling and freezing my computer whenever Outlook was opened. The next day, I found one of my websites opened to error messages on all pages of the site. In contacting my webhosting company, Host Gator, I was told that malicious code was uploaded to my account and my computer was infected with a virus/malware.

Host Gator directed me to run MalwareBytes which I did. They also told me to run combofix, which I started initially but stopped when I saw that I needed a helper.

I have followed all the scans suggested and am attaching all logs as directed.

Thanks in advance for your help. And please advise how I can avoid this happening again.


Attached Files



#4 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 10 March 2010 - 04:33 AM

Hello Verploeg

I will be handling your log to help you get cleaned up. I apologize for the delay but the forum is very busy.

As you can see the logs we ask for are very extensive and take a lot of time to investigate. In addition, since I am still in training all of my responses have to be reviewed by our excellent expert staff so there may be a delay in response time. The advantage is that your log will be evaluated by two sets of eyes and two brains.

If you haven't already, you can keep the link to this topic in your Favorites. Alternatively, you can click the Options button at the top bar of this topic and Track this Topic, where you can choose email notifications.

Please make sure Word Wrap in notepad is turned off. When copying and pasting logs paste them directly in the reply box only attach logs if asked to. Do not wrap logs in codebox or code tags. It makes it very difficult to read and analyze them. Please paste them directly into the reply box.
Please do not make any changes to your system until we are through. Fixes are based upon information that is current from your system so any changes can affect our strategy. Please refrain from running any tools we may use without specific instructions.

If your operating system is Windows Vista or Windows 7 it may be necessary to right click then choose Run as Administrator any programs we use.

Before we begin please check and follow the instructions on How to Show Hidden Files and Folders in Windows Vista and Windows XP and How to show hidden files in Windows 7

Because the e-mail notification system is not completely reliable, please check your topic once a day for responses.

Again, keep in mind that it may take a couple of days or more before I can reply but once we get started the process should speed up.

Thank you for your patience!!
PW

#5 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 10 March 2010 - 10:59 AM

Hi Verploeg,

What problems are you having? Your logs don't show any indications of major problems or infection.

I see you have run Combofix on your own. You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Step 1.

I notice you do not have an active antivirus program. New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.

Two good free Antivirus solutions are Avira Antivir and Avast
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Step 2.

You have MyWay as the default page that is shown when a new window or tab is opened in Internet Explorer and are using the MyWay Search Bar.
My Way is ususally preinstalled on Dell computers and is generally considered foistware/adware as it is installed without the users consent and sends back information on browsing habits without the users knowledge. See here and here

Go to Start | Control Panel | Add/Remove Programs and remove MyWay Search Assistant if present.

Step 3.

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

c:\windows\Xgakulasejadaza.dat

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

We need to create an OTL Report
  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Click the "Scan All Users" checkbox.
  5. Push the button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In your next reply please include the following:

Any problems or issues? How is your computer running?
Jotti scan results
OTListIt.txt <-- Will be opened
Extra.txt <-- Will be minimized

Please do not attach logs. Copy/paste them directly into the reply box. thumbup2.gif

Thanks!!
PW

#6 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 13 March 2010 - 09:33 AM

Hello Verploeg,

Do you still need help?
PW

#7 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:33 PM

Posted 16 March 2010 - 09:02 AM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,771 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:01:33 PM

Posted 17 March 2010 - 07:04 AM

Hi,

topic has been reopened. Please post the requested logs.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 Verploeg

Verploeg
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 17 March 2010 - 07:36 AM

Computer is still not working properly.

Problems:

1. Microsoft Outlook stalls and sometimes freezes.
2. Firefox and Internet Explorer stall.
3. Other programs, Office Word, etc. are slow to respond
4. Printing has slowed down. Yesterday, it took nearly two hours to print 30 copies of a two-page document.
5. Getting an error message when logging on:

userinit.exe - Bad image
The application or DLL C:\WINDOWS\system32\MRINvr32.dll is not a valid Windows image. Please check this against your installation diskette.

Results:

1. Cannot remove MyWaySearch Assistant. This is the error message:

Error leading C:\PROGR~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll
The specified module could not be found.

2. Results of Jotti Scan look good:

Scanners
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-16 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-17 Found nothing
2010-03-17 Found nothing 2010-03-16 Found nothing
2010-03-17 Found nothing 2010-03-16 Found nothing

3. The QTL log:

OTL logfile created on: 3/17/2010 8:03:14 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Jan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 29.42 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3000
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/03/17 08:02:36 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Desktop\OTL.exe
PRC - [2009/09/16 22:17:24 | 000,972,064 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
PRC - [2009/08/06 00:00:00 | 005,497,856 | ---- | M] () -- C:\xampp\xampp\mysql\bin\mysqld.exe
PRC - [2009/08/06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) -- C:\xampp\xampp\apache\bin\httpd.exe
PRC - [2009/08/05 11:37:58 | 012,313,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/06/22 22:23:38 | 000,196,424 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/07/11 07:12:22 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2006/11/03 18:20:12 | 000,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/01/17 13:03:06 | 000,135,168 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2004/10/14 17:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe


========== Modules (SafeList) ==========

MOD - [2010/03/17 08:02:36 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Desktop\OTL.exe
MOD - [2008/04/13 20:12:08 | 000,162,304 | ---- | M] () -- C:\WINDOWS\ocuwadageqe.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/09/16 19:01:16 | 000,020,480 | ---- | M] (Intuit) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/08/06 00:00:00 | 005,497,856 | ---- | M] () [Auto | Running] -- C:\xampp\xampp\mysql\bin\mysqld.exe -- (MySQL)
SRV - [2009/08/06 00:00:00 | 000,024,640 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\xampp\xampp\apache\bin\httpd.exe -- (Apache2.2)
SRV - [2006/11/09 15:30:14 | 000,065,536 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2006/11/03 18:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2007/03/22 12:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elagopro.sys -- (elagopro)
DRV - [2007/03/22 12:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\elaunidr.sys -- (elaunidr)
DRV - [2004/09/17 12:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/13 04:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 03:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 03:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 03:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 03:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 03:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 03:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 03:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 03:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 03:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 05:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS -- (nv)
DRV - [2004/07/14 13:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 13:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys -- (ssrtln)
DRV - [2004/06/16 00:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/03/06 00:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/06 00:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/06 00:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2004/02/14 07:04:48 | 000,469,696 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\lvcm.sys -- (QCMerced)
DRV - [2001/08/17 16:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 16:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 16:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 16:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 16:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 15:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys -- (MODEMCSA)
DRV - [2001/08/17 15:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 15:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 15:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 15:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 15:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 15:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 15:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 15:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 15:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 15:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "http://www.cnn.com/"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.6
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: browserhighlighter@ebay.com:1.0.13966
FF - prefs.js..extensions.enabledItems: {0CC5C0E0-CBCB-4BC8-94C6-89B4C7020197}:1.9.1
FF - prefs.js..extensions.enabledItems: {E20E3749-D8B8-4923-A6BE-BB195FAF1CF7}:1.9.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\software\mozilla\Firefox\Extensions\\{0CC5C0E0-CBCB-4BC8-94C6-89B4C7020197}: C:\Documents and Settings\Jan\Local Settings\Application Data\{0CC5C0E0-CBCB-4BC8-94C6-89B4C7020197} [2010/03/14 13:49:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{E20E3749-D8B8-4923-A6BE-BB195FAF1CF7}: C:\Documents and Settings\Jerry\Local Settings\Application Data\{E20E3749-D8B8-4923-A6BE-BB195FAF1CF7}\ [2010/03/14 14:15:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/16 22:44:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/16 22:44:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b4\extensions\\Components: C:\Program Files\Mozilla Firefox 3.5 Beta 4\components [2010/01/19 13:38:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5b4\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.5 Beta 4\plugins [2009/06/13 15:16:10 | 000,000,000 | ---D | M]

[2009/02/13 13:20:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Application Data\Mozilla\Extensions
[2010/03/16 22:44:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions
[2009/09/10 16:53:10 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/12/17 22:39:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/03/16 22:44:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2)
[2010/02/10 18:29:08 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2010/02/10 18:29:09 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}-trash
[2010/03/16 13:07:47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/16 22:40:17 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com

O1 HOSTS File: ([2009/02/17 14:17:03 | 000,292,053 | R--- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10057 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [Qmiyapo] C:\WINDOWS\ocuwadageqe.DLL ()
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] c:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnotes.com/download/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader55.cab (Auctiva Image Uploader Control)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.1.cab (DLM Control)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp.com/rdqaio2/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1182278674390 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://www.auctiva.com/hostedimages/active...oad/XUpload.ocx (Persits Software XUpload)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Jan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: cmdlapir - (C:\WINDOWS\system32\MRINvr32.dll) - C:\WINDOWS\SYSTEM32\MRINvr32.dll ()
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/17 08:02:25 | 000,556,032 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jan\Desktop\OTL.exe
[2010/03/14 13:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Local Settings\Application Data\{0CC5C0E0-CBCB-4BC8-94C6-89B4C7020197}
[2010/03/10 16:58:14 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/08 13:56:37 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/05 09:04:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\My Documents\Website traffic info pdfs
[2010/03/04 23:15:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Desktop\gmer
[2010/03/04 22:01:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Desktop\New Folder
[2010/03/04 20:12:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/04 19:57:10 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/04 19:54:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/04 19:54:02 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/04 19:54:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/04 19:54:02 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/04 19:53:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/04 19:53:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/03/04 19:53:06 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/04 11:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Application Data\Malwarebytes
[2010/03/04 11:49:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/03/04 11:49:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/03/04 11:48:59 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/03/04 11:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/03/04 10:34:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Local Settings\Application Data\{1223A358-5691-425B-ACE2-716E4E795E9E}(2)
[2010/03/02 14:42:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Desktop\Facebook photos
[2010/02/26 13:36:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Local Settings\Application Data\Temp
[2010/02/24 14:26:26 | 000,000,000 | ---D | C] -- C:\Program Files\IBP 11
[2010/02/24 14:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jan\Application Data\IBP
[2010/02/19 19:47:50 | 003,604,480 | ---- | C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/01/29 10:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2010/01/29 10:31:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2008/10/29 22:44:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2008/09/29 16:53:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/09/24 10:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/29 09:49:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/03/08 12:28:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2007/11/17 13:36:41 | 103,524,805 | ---- | C] (Jasc Software Inc ) -- C:\Program Files\PSP900enTR.exe
[2007/06/19 17:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2007/06/19 17:09:55 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/06/19 12:07:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jan\My Documents\*.tmp files -> C:\Documents and Settings\Jan\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/03/17 08:05:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\nakloe.sys
[2010/03/17 08:02:36 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jan\Desktop\OTL.exe
[2010/03/17 08:02:02 | 000,224,256 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Error message.doc
[2010/03/17 08:01:49 | 009,437,184 | ---- | M] () -- C:\Documents and Settings\Jan\ntuser.dat
[2010/03/17 07:41:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/03/17 07:33:45 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/03/17 07:31:43 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2010/03/17 07:31:28 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Xgakulasejadaza.dat
[2010/03/17 07:31:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pyovodobu.bin
[2010/03/17 07:30:40 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/03/17 07:30:38 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/17 07:30:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2010/03/17 07:28:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jan\NTUSER.INI
[2010/03/16 22:27:19 | 000,616,435 | ---- | M] () -- C:\Documents and Settings\Jan\.recently-used.xbel
[2010/03/16 14:17:58 | 000,007,686 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\10%.jpg
[2010/03/16 09:41:28 | 000,043,008 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Exhibitor Request Line Info Badges Internet.doc
[2010/03/14 13:45:54 | 000,035,328 | -H-- | M] () -- C:\WINDOWS\System32\MRINvr32.dll
[2010/03/14 13:45:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/03/14 13:32:56 | 000,528,020 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/14 13:32:56 | 000,445,370 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2010/03/14 13:32:56 | 000,072,576 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2010/03/11 00:14:38 | 000,000,805 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2010/03/10 23:44:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/03/10 19:27:03 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\Jan\.gtk-bookmarks
[2010/03/10 18:33:40 | 000,154,647 | ---- | M] () -- C:\Documents and Settings\Jan\My Documents\Eden_business_card_name_replarg.pdf
[2010/03/04 23:14:37 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\gmer.zip
[2010/03/04 22:00:05 | 000,524,288 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\dds.scr
[2010/03/04 21:57:30 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jan\defogger_reenable
[2010/03/04 21:57:20 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Defogger.exe
[2010/03/04 20:09:19 | 000,000,285 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/04 19:57:20 | 000,000,281 | RHS- | M] () -- C:\BOOT.INI
[2010/03/04 11:49:26 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/28 19:51:35 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/02/28 12:02:56 | 000,000,310 | ---- | M] () -- C:\WINDOWS\tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
[2010/02/26 14:03:26 | 000,089,680 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Jan\MSSSerif120.fon
[2010/02/26 09:18:41 | 000,136,104 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\GLN 2010 Media Kit.pdf
[2010/02/26 09:10:38 | 001,808,509 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Copy of Chicago2010_cindy.pdf
[2010/02/26 09:10:35 | 000,323,770 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Exhibitor Registration Contract 2010 Chicago FINAL.pdf
[2010/02/25 12:59:56 | 000,153,600 | ---- | M] () -- C:\Documents and Settings\Jan\My Documents\Designing emails.doc
[2010/02/25 12:44:58 | 001,332,873 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\free_guide.pdf
[2010/02/24 22:37:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/24 15:35:28 | 000,016,030 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\grid.jpg
[2010/02/24 14:26:29 | 000,001,487 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\Launch IBP.lnk
[2010/02/24 10:16:06 | 000,181,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2010/02/22 23:48:22 | 001,885,696 | ---- | M] () -- C:\Documents and Settings\Jan\My Documents\Heaton Goalie Sticks.doc
[2010/02/19 19:47:50 | 003,604,480 | ---- | M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr
[2010/02/15 11:01:25 | 000,932,530 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\2010 Prep Hockey.JPG
[2010/02/15 10:43:09 | 000,465,137 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\2010_0208(001).JPG
[2010/02/15 10:36:54 | 000,488,202 | ---- | M] () -- C:\Documents and Settings\Jan\Desktop\2010_0208(009).JPG
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Jan\My Documents\*.tmp files -> C:\Documents and Settings\Jan\My Documents\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/17 07:32:35 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Error message.doc
[2010/03/16 22:27:19 | 000,616,435 | ---- | C] () -- C:\Documents and Settings\Jan\.recently-used.xbel
[2010/03/16 14:05:40 | 000,007,686 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\10%.jpg
[2010/03/16 09:41:28 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Exhibitor Request Line Info Badges Internet.doc
[2010/03/14 13:46:00 | 000,802,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\nakloe.sys
[2010/03/14 13:45:54 | 000,035,328 | -H-- | C] () -- C:\WINDOWS\System32\MRINvr32.dll
[2010/03/14 13:45:54 | 000,000,116 | ---- | C] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
[2010/03/14 13:45:52 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
[2010/03/10 19:27:03 | 000,000,539 | ---- | C] () -- C:\Documents and Settings\Jan\.gtk-bookmarks
[2010/03/10 18:33:40 | 000,154,647 | ---- | C] () -- C:\Documents and Settings\Jan\My Documents\Eden_business_card_name_replarg.pdf
[2010/03/04 23:14:35 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\gmer.zip
[2010/03/04 21:59:39 | 000,524,288 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\dds.scr
[2010/03/04 21:57:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jan\defogger_reenable
[2010/03/04 21:57:07 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Defogger.exe
[2010/03/04 19:57:19 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/04 19:57:15 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/04 19:54:02 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/04 19:54:02 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/04 19:54:02 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/04 19:54:02 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/04 19:54:02 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/04 11:49:26 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/03/03 12:34:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Xgakulasejadaza.dat
[2010/03/03 12:34:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Pyovodobu.bin
[2010/03/03 12:30:51 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\rbuwzv.dat
[2010/02/26 09:18:41 | 000,136,104 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\GLN 2010 Media Kit.pdf
[2010/02/26 09:10:38 | 001,808,509 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Copy of Chicago2010_cindy.pdf
[2010/02/26 09:10:35 | 000,323,770 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Exhibitor Registration Contract 2010 Chicago FINAL.pdf
[2010/02/25 12:59:56 | 000,153,600 | ---- | C] () -- C:\Documents and Settings\Jan\My Documents\Designing emails.doc
[2010/02/25 12:44:54 | 001,332,873 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\free_guide.pdf
[2010/02/24 15:35:25 | 000,016,030 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\grid.jpg
[2010/02/24 14:26:29 | 000,001,487 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\Launch IBP.lnk
[2010/02/15 10:43:09 | 000,465,137 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\2010_0208(001).JPG
[2010/02/15 10:42:46 | 000,932,530 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\2010 Prep Hockey.JPG
[2010/02/15 10:36:54 | 000,488,202 | ---- | C] () -- C:\Documents and Settings\Jan\Desktop\2010_0208(009).JPG
[2009/03/19 09:58:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/11/10 16:52:33 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2008/04/09 08:25:26 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2008/04/09 08:25:26 | 000,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2008/03/24 13:42:05 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Jan\Local Settings\Application Data\fusioncache.dat
[2007/12/13 21:18:33 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2007/12/13 20:44:26 | 000,007,251 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/18 12:21:44 | 000,000,104 | RHS- | C] () -- C:\WINDOWS\System32\66CE022C4C.sys
[2007/10/18 12:15:28 | 000,004,184 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/07/19 12:10:19 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Jan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/21 12:59:40 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Jan\Application Data\PFP120JPR.{PB
[2007/06/21 12:59:40 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Jan\Application Data\PFP120JCM.{PB
[2007/06/20 06:40:07 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/06/19 20:10:28 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVUSBSta.sys
[2007/06/19 20:10:28 | 000,005,993 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/06/19 20:10:26 | 000,469,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys
[2007/06/19 18:10:56 | 000,000,401 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/06/19 17:15:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/19 16:18:58 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/06/19 16:15:46 | 000,001,356 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2005/01/25 01:24:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/25 01:16:06 | 000,000,136 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/01/25 00:54:28 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/16 00:03:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 15:13:12 | 000,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/04 07:00:00 | 000,162,304 | ---- | C] () -- C:\WINDOWS\ocuwadageqe.dll
[2004/08/04 07:00:00 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/07/07 04:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[1980/01/01 02:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
< End of report >

4. The Extras Log:

OTL Extras logfile created on: 3/17/2010 8:03:14 AM - Run 1
OTL by OldTimer - Version 3.1.37.2 Folder = C:\Documents and Settings\Jan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 65.00% Memory free
3.00 Gb Paging File | 2.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.70 Gb Total Space | 29.42 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DELL3000
Current User Name: Jan
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2075:TCP" = 2075:TCP:*:Enabled:HostMonster
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2007\QBDBMgrN.exe:*:Enabled:QuickBooks 2007 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Documents and Settings\Jan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Jan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{318AB667-3230-41B5-A617-CB3BF748D371}" = iTunes
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39051135-10B7-4FA5-AD35-724EBC59343A}" = BPDSoftware_Ini
"{3BCA7D1F-0349-4E7D-BD87-EFB539E95E6E}" = TaxCut Michigan 2008
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{466B21EE-2858-4845-B2B3-056FC544DAA3}" = Logitech QuickCam
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5912068C-847F-43B4-9D83-65A96EA855CF}" = 5300_5400_Help
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{61100673-2546-42E1-BF92-467B5CB2AC6D}" = DeductionPro 2008
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70AF2F0B-9319-48A2-A1E1-CB99623E8AE9}" = 5300_5400_Readme
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7E545666-F422-45FD-B3DF-C0B99A1A579F}" = QuickBooks Pro 2007
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{80D8662E-1EAD-4036-844B-0374F39E4C81}" = TaxCut Michigan 2007
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{866D2442-3482-447f-AF97-36C09E5DE384}" = K5400
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}" = Bonjour
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A5EBB62-ADE7-41E2-8884-1517DE3505D1}" = DeductionPro 2007
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8F9D71EC-A86E-4001-A108-D2055591451A}" = MPM
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6C6C1DE-0D11-413c-862C-3EF8634602E7}" = BPDSoftware
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA39370F-323C-47a6-9D3E-F6B4363B7C17}" = ProductContext
"{AAF42A99-B684-49B1-AEBC-AE5B287CB98D}" = HP Officejet Pro K5300/5400 Series
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{BD7D5903-CACF-4974-979F-B2523B75E544}" = n-Track Studio 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}" = TaxCut Premium + State + Efile 2007
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D49EE5B7-1AEB-49C9-B77D-4AEE7249F505}" = BPD_HPSU
"{D980CCF7-9428-4AA6-B21F-E8E40538BF2B}" = Mastering Accounting Basics for QuickBooks 2008 DVD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"3D Windows XP" = 3D Windows XP Screen Saver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AmericanFlag" = American Flag Screen Saver
"Aspell English Dictionary_is1" = Aspell English Dictionary-0.50-2
"AVS Update Manager_is1" = AVS Update Manager 1.0
"DAZzle" = DAZzle
"DellSupport" = Dell Support 5.0.0 (630)
"DVD Decrypter" = DVD Decrypter (Remove Only)
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"EPSON Printer and Utilities" = EPSON Printer Software
"FileZilla Client" = FileZilla Client 3.3.1
"Financial Tools" = Financial Tools
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.6 rev a (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"IBP11_is1" = IBP 11.7.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mastering Accounting Basics for QuickBooks 2008 DVD" = Mastering Accounting Basics for QuickBooks 2008 DVD
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"Mozilla Firefox (3.5b4)" = Mozilla Firefox (3.5b4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyWaySearchAssistantDE" = My Way Search Assistant
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Magazine's TapeCalc_is1" = TapeCalc 2.1
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"Print Artist 4.0 Gold" = Sierra Print Artist Gold
"PROSet" = Intel® PRO Network Adapters and Drivers
"PSP Max Media Manager_is1" = PSP Max Media Manager
"QcDrv" = Logitech® Camera Driver
"Sierra Utilities" = Sierra Utilities
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.4.7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3285187421-1072561552-1655237967-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GCalc 3" = GCalc 3
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Media Player" = Move Media Player
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/15/2010 11:16:56 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2010 11:17:27 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2010 11:18:50 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2010 11:18:54 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1001
Description = Fault bucket 1669655770.

Error - 3/15/2010 11:19:07 PM | Computer Name = DELL3000 | Source = Microsoft Office 11 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Outlook.

Error - 3/15/2010 11:21:24 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/15/2010 11:22:49 PM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/16/2010 9:23:36 AM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/16/2010 9:59:04 AM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 3/17/2010 7:48:11 AM | Computer Name = DELL3000 | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 7.0.6000.16981, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 3/11/2010 9:40:42 PM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 3/12/2010 10:27:22 AM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 3/12/2010 8:46:06 PM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 3/13/2010 3:29:24 PM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 3/14/2010 1:46:08 PM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7000
Description = The RAS Asynchronous Media Driver service failed to start due to the
following error: %%31

Error - 3/14/2010 2:13:53 PM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7024
Description = The Apache2.2 service terminated with service-specific error 1 (0x1).

Error - 3/15/2010 8:31:12 AM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/16/2010 9:21:34 AM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde

Error - 3/16/2010 10:47:58 PM | Computer Name = DELL3000 | Source = WinDefend | ID = 2004
Description = %%827 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures. Signatures Attempted: %%824

Error
Code: 0x8050a001 Error description: The program can't find definition files that
help detect unwanted software. Check for updates to the definition files, and then
try again. For information on installing updates, see Help and Support. Signatures
loading: %%825 Loading signature version: 1.77.834.0 Loading engine version: 1.1.5502.0

Error - 3/17/2010 7:31:23 AM | Computer Name = DELL3000 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >


5. I downloaded AVAST-Antivirus and it is installed but:

a. I received the same error message as with login:

avira_antivi_personal_en.exe - Bad image
The application or DLL C:\WINDOWS\system32\MRINvr32.dll is not a valid Windows image. Please check this against your installation diskette.

b. Windows alert tells me this antivirus software if out of date even though I just downloaded it.



Thanks for all your help.



#10 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 20 March 2010 - 08:23 AM

Hi Verploeg,

There is a lot in this post so please read it carefully.

You have Autorun for removable or external media enabled. There are some infections that cloak themselves and deliver their payload using autrun.inf in the autorun function. To prevent this it is advisable to have autorun disabled so that if there is an infection present it is unable to be executed. Let me know if you wish to keep Autorun enabled.
Also, there are restrictions present where you or an administrator has set a policy which restricts access to the 'Internet options' from within the IE or in the control panel for users. Let me know if you wish to keep this policy or change it to remove the restriction.

Note that one of the infections on your computer is a possible password stealing worm that can compromise computer security and information theft.
Please read here for more information.
I suggest you go to a secure computer and change all of your passwords.

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Do you know what this .jpg on your desktop is?
C:\Documents and Settings\Jan\Desktop\10%.jpg

MyWebSearch

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    CODE
    :folderfind
    *MyWebSearch*
    :regfind
    MyWebSearch

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt Note: The scan may take some time. Please let it complete.

We need to check some files.
Make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\WINDOWS\SYSTEM32\MRINvr32.dll

Then do the same for these:

C:\WINDOWS\System32\drivers\nakloe.sys
C:\Documents and Settings\Jan\MSSSerif120.fon
C:\WINDOWS\System32\66CE022C4C.sys

Please post back the results of the scans in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
We need to run an OTL Fix
  1. Please reopen on your desktop.
  2. Copy and Paste the following code into the textbox. Do not include the word "Code"

    CODE
    :OTL
    MOD - [2008/04/13 20:12:08 | 000,162,304 | ---- | M] () -- C:\WINDOWS\ocuwadageqe.dll
    O4 - HKLM..\Run: [Qmiyapo] C:\WINDOWS\ocuwadageqe.DLL ()
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O32 - HKLM CDRom: AutoRun - 1
    [2010/03/17 07:31:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Pyovodobu.bin
    [2010/03/14 13:45:54 | 000,035,328 | -H-- | M] () -- C:\WINDOWS\System32\MRINvr32.dll
    [2010/03/14 13:45:54 | 000,000,116 | ---- | M] () -- C:\WINDOWS\System32\fjhdyfhsn.bat
    [2010/03/14 13:45:52 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL -- File not found

    :commands
    [EmptyTemp]
    [RESETHOSTS]

  3. Push
  4. OTL may ask to reboot the machine. Please do so if asked.
  5. Click .
  6. A report will open. Copy and Paste that report in your next reply.
Note: Any custom hosts file,(in your case Spybot S&D), will need to be re-enabled

In your next reply please include the following:

Let me know about Autorun and the policy restrictions and the desktop .jpg
SystemLook.txt
Jotti scan results
OTL report


Thanks!!
PW

#11 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 23 March 2010 - 08:35 AM

Hi Verploeg,

Do you still need help?
PW

#12 Verploeg

Verploeg
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 24 March 2010 - 10:57 AM

Yes, I do. I've been away on a business trip for the past seven days. I'll look this over and get back with you.

Thanks.

#13 Verploeg

Verploeg
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 24 March 2010 - 06:23 PM

Hi,

1- Let me know if you wish to keep Autorun enabled.
No, you may disable it.


2- Let me know if you wish to keep this policy or change it to remove the restriction.
You may remove the restriction.

3- I suggest you go to a secure computer and change all of your passwords.
I plan to do this in a few hours.


4- GooredText

GooredFix by jpshortstuff (08.01.10.1)
Log created at 17:13 on 24/03/2010 (Jan)
Firefox version 3.6.2 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
browserhighlighter@ebay.com [20:19 22/04/2009]
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:11 19/06/2007]
{B13721C7-F507-4982-B2E5-502A71474FED} [20:18 22/04/2009]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [19:14 19/06/2007]

C:\Documents and Settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [20:53 10/09/2009]
{3112ca9c-de6d-4884-a869-9855de68056c} [02:39 18/12/2009]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [00:19 18/03/2010]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}(2) [17:07 16/03/2010]
{e3f6c2cc-d8db-498c-af6c-499fb211db97} [22:29 10/02/2010]
{e3f6c2cc-d8db-498c-af6c-499fb211db97}-trash [22:29 10/02/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [14:20 14/08/2009]

---------- Old Logs ----------
GooredFix[20.47.18_24-03-2010].txt

-=E.O.F=-

5- Do you know what this .jpg on your desktop is?
C:\Documents and Settings\Jan\Desktop\10%.jpg
This is a graphic I created of a 10% off sales tag.

6- SystemLook text

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 16:48 on 24/03/2010 by Jan (Administrator - Elevation successful)

No Context: folderfind

No Context: *MyWebSearch*

========== regfind ==========

Searching for "MyWebSearch"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mywebsearch.net]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\mywebsearch.net]

-=End Of File=-

7- Took care of all hidden files.

8- Jotti

a. C:\WINDOWS\SYSTEM32\MRINvr32.dll

-- can't find this file when pathing; did a search also but was unsuccesful


b. C:\WINDOWS\System32\drivers\nakloe.sys

-- file is empty


c. C:\Documents and Settings\Jan\MSSSerif120.fon


2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-24 Found nothing

2009-10-24 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-24 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-22 Found nothing

2009-10-23 Found nothing

2009-10-24 Found nothing

2009-10-24 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing

2009-10-23 Found nothing


d. C:\WINDOWS\System32\66CE022C4C.sys


2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing

2010-03-24 Found nothing


9- GooredFix.txt is what is included in #4

10- OTL Report

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Qmiyapo deleted successfully.
C:\WINDOWS\ocuwadageqe.dll moved successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3285187421-1072561552-1655237967-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\WINDOWS\Pyovodobu.bin moved successfully.
File C:\WINDOWS\System32\MRINvr32.dll not found.
C:\WINDOWS\SYSTEM32\fjhdyfhsn.bat moved successfully.
C:\Documents and Settings\LocalService\Application Data\rbuwzv.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 41620 bytes

User: Jake
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 157915 bytes
->FireFox cache emptied: 28288806 bytes
->Flash cache emptied: 4825 bytes

User: Jan
->Temp folder emptied: 1820433 bytes
->Temporary Internet Files folder emptied: 11856494 bytes
->Java cache emptied: 8729999 bytes
->FireFox cache emptied: 177960222 bytes
->Flash cache emptied: 42530 bytes

User: Jerry
->Temp folder emptied: 32936 bytes
->Temporary Internet Files folder emptied: 8156732 bytes
->Java cache emptied: 287864 bytes
->FireFox cache emptied: 21294111 bytes
->Flash cache emptied: 831 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: NetworkService
->Temp folder emptied: 100798 bytes
->Temporary Internet Files folder emptied: 32969 bytes

%systemdrive% .tmp files removed: 6597 bytes
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2280869 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 418 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 249.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.1.37.2 log created on 03242010_171618

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Thanks!

#14 pwgib

pwgib

  • Malware Response Team
  • 2,956 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:God's Country
  • Local time:06:33 AM

Posted 25 March 2010 - 03:35 PM

Hi Verploeg,

Step 1.

I need you to run another MBAM scan.
    Open MBAM
  • Click on the UpdateTab before performing a scan. Click on the Check for Updates button. If an update is found, the program will automatically update itself. After the update press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Step 2.

Please right click and delete the copy of Combofix from your desktop.

Download Combofix from any of the links below, and save it to your desktop. For information regarding this download, please visit this webpage: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

How to temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs. http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" in your next reply
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall


In your next reply please include the following:

MBAM log
ComboFix.txt


How is your computer running? Are you still having problems?

Thanks!!
PW

#15 Verploeg

Verploeg
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 25 March 2010 - 08:00 PM

Hi,

I do so appreciate your help. My computer is running very slow. Programs are slow in opening and closing. The slowness has become even worse since installing Avira AntiVir.

Both of my business websites were attacked, one twice. My webhosting programmers were able to fix the one site. The other still needs repairing.

It's difficult to know what other damage has occurred, but the way my computer operates is definitely poor compared to a few months ago.

Here are the logs you asked for.

MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3914
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

3/25/2010 7:21:17 PM
mbam-log-2010-03-25 (19-21-17).txt

Scan type: Quick Scan
Objects scanned: 147602
Time elapsed: 9 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary (Adware.MyWaySearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywaysearchassistantde.auxiliary.1 (Adware.MyWaySearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\SYSTEM32\DRIVERS\nakloe.sys (Rootkit.Agent) -> Delete on reboot.

ComboFix:

ComboFix 10-03-25.04 - Jan 03/25/2010 19:39:13.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1419 [GMT -4:00]
Running from: c:\documents and settings\Jan\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\nakloe.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_nakloe
-------\Service_nakloe


((((((((((((((((((((((((( Files Created from 2010-02-26 to 2010-03-26 )))))))))))))))))))))))))))))))
.

2010-03-24 21:16 . 2010-03-24 21:16 -------- d-----w- C:\_OTL
2010-03-18 02:55 . 2010-03-18 02:55 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-18 02:54 . 2010-03-18 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-17 12:30 . 2009-11-25 15:19 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-03-17 12:30 . 2009-03-30 13:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-03-17 12:30 . 2009-02-13 15:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-03-17 12:30 . 2009-02-13 15:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-03-17 12:30 . 2010-03-17 12:30 -------- d-----w- c:\program files\Avira
2010-03-17 12:30 . 2010-03-17 12:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-03-17 02:44 . 2010-03-17 02:44 -------- d-----w- c:\windows\system32\wbem\Repository
2010-03-16 03:23 . 2010-03-16 03:23 -------- d-----w- c:\documents and settings\Jerry\Application Data\Malwarebytes
2010-03-10 20:58 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-03-05 22:45 . 2010-03-05 22:45 -------- d-----w- c:\documents and settings\Jerry\Application Data\Skype
2010-03-04 15:49 . 2010-03-04 15:49 -------- d-----w- c:\documents and settings\Jan\Application Data\Malwarebytes
2010-03-04 15:49 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-04 15:49 . 2010-03-04 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-04 15:48 . 2010-03-25 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-04 15:48 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-04 14:34 . 2010-03-04 14:39 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\{1223A358-5691-425B-ACE2-716E4E795E9E}(2)
2010-03-03 16:34 . 2010-03-24 20:46 120 ----a-w- c:\windows\Xgakulasejadaza.dat
2010-02-26 17:36 . 2010-03-18 10:41 -------- d-----w- c:\documents and settings\Jan\Local Settings\Application Data\Temp
2010-02-24 18:26 . 2010-03-07 21:49 -------- d-----w- c:\documents and settings\Jan\Application Data\IBP
2010-02-24 18:26 . 2010-02-24 18:26 -------- d-----w- c:\program files\IBP 11

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-25 14:57 . 2008-04-09 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-03-24 16:28 . 2008-09-28 16:50 -------- d-----w- c:\documents and settings\Jan\Application Data\gtk-2.0
2010-03-18 03:00 . 2007-06-19 19:02 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-16 01:50 . 2010-03-16 01:50 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\zeovbl.dat
2010-03-04 14:30 . 2010-03-04 14:30 24 ----a-w- c:\windows\system32\config\systemprofile\Application Data\rbuwzv.dat
2010-03-03 16:30 . 2010-03-03 16:30 24 ----a-w- c:\documents and settings\NetworkService\Application Data\rbuwzv.dat
2010-03-02 04:20 . 2009-04-22 20:20 -------- d-----w- c:\documents and settings\Jan\Application Data\Skype
2010-03-02 01:13 . 2009-04-22 20:22 -------- d-----w- c:\documents and settings\Jan\Application Data\skypePM
2010-02-24 14:16 . 2009-10-03 19:45 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-02 18:06 . 2009-07-22 20:31 -------- d-----w- c:\documents and settings\Jan\Application Data\FileZilla
2010-01-31 22:43 . 2010-01-21 16:14 -------- d-----w- c:\program files\AVS4YOU
2010-01-29 14:31 . 2007-06-19 21:06 -------- d-----w- c:\program files\Google
2010-01-26 00:11 . 2007-06-20 10:48 152120 ----a-w- c:\documents and settings\Jake\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 19:53 . 2007-06-20 10:45 152120 ----a-w- c:\documents and settings\Jerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 16:15 . 2007-06-19 20:53 152120 ----a-w- c:\documents and settings\Jan\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 10:00 . 2004-08-04 11:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 11:00 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 11:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2007-11-17 17:36 . 2007-11-17 17:36 103524805 ----a-w- c:\program files\PSP900enTR.exe
2008-11-12 17:10 . 2007-10-18 16:21 104 --sh--r- c:\windows\SYSTEM32\66CE022C4C.sys
2008-11-12 17:10 . 2007-10-18 16:15 4184 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-17 135168]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-23 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2009-9-16 972064]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 07:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2004-10-12 22:54 57344 ----a-w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 22:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 20:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelMeM]
2003-09-04 02:12 221184 ----a-w- c:\program files\Intel\Modem Event Monitor\IntelMEM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
2004-02-25 21:15 454656 ----a-w- c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
2004-02-25 21:06 212992 ----a-w- c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
2004-02-25 20:15 221184 ----a-w- c:\windows\SYSTEM32\LVCOMSX.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2006-01-17 17:03 135168 ----a-w- c:\program files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsgCenterExe]
2007-06-19 20:28 69632 ----a-w- c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 15:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-11 11:12 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2004-01-07 07:01 110592 ----a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mnmsrvc"=3 (0x3)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
cmdlapir REG_SZ c:\windows\system32\MRINvr32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\SYSTEM32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2075:TCP"= 2075:TCP:HostMonster

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/17/2010 8:30 AM 108289]
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [10/4/2009 3:11 PM 24640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/29/2010 10:31 AM 135664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:30]

2010-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 14:30]

2010-03-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 22:20]

2010-02-28 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2009-02-17 20:31]

2010-02-28 c:\windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SDUpdate.exe [2009-02-17 20:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/
FF - component: c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\Jan\Application Data\Mozilla\Firefox\Profiles\08d6rp1u.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}\platform\WINNT_x86-msvc\components\pagespeed.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\Jan\Application Data\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Octoshape add-in for Adobe Flash Player - c:\documents and settings\Jan\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-25 20:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4000)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\xampp\xampp\mysql\bin\mysqld.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-03-25 20:25:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-26 00:25

Pre-Run: 31,407,517,696 bytes free
Post-Run: 31,178,010,624 bytes free

- - End Of File - - 83BC08461EFF5CAD9020BA2029A765DF





Many thanks!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users