Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

antivir solutionpro/gasf/malwarebytes/m I hijacked???


  • This topic is locked This topic is locked
18 replies to this topic

#1 freeaccount

freeaccount

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 02 August 2010 - 10:22 PM

This computer is used mainly as a kids computer. It downloaded one of the sister antivirus scam programs a few months ago. I thought I had it all cleaned up, but some parts may remain. Recently my cousin accidently reformatted his XP computer. I told him since he had the product key sticker on the computer we could download it as a torrent and use his cd key to make it work. When I tried to do this porn sites started popping up and of course the antivir solutions extortion began. I followed the posting about how to get rid of the program using malwarebytes. Afterwards I was able to run .exe files but neither IE, Firefox, nor google chrome would load. They would sometimes show in the taskmanager under processes, but wouldn't load. I reinstalled firefox and am now working on it. I reinstalled IE and it still won't load. In this program I can only look at cached sites unless I type the site directly into the address bar. If I click on a search link I get redirected to affiliate sites that never have the same name.

DDS.txt file contents:


DDS (Ver_10-03-17.01) - NTFSx86
Run by jenkins at 20:23:19.89 on Mon 08/02/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1113 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Program Files\Fingerprint Sensor\AtService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
c:\drivers\audio\r201108\stacsv.exe
svchost.exe
C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Maxtor\ManagerApp\msssort.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\jenkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mssSort] "c:\program files\maxtor\managerapp\msssort.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jenkins\applic~1\mozilla\firefox\profiles\gvzaxg2j.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jenkins\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-24 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-24 19024]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2008-7-1 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-11 451872]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-8-5 181600]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-1-30 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-30 110080]
R3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2007-5-1 132232]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2007-5-1 28416]

=============== Created Last 30 ================

2010-08-03 00:17:22 0 ----a-w- c:\documents and settings\jenkins\defogger_reenable
2010-08-02 23:32:32 576 ----a-w- c:\windows\system32\drivers\kgpfr2.cfg
2010-08-02 23:14:18 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-01 11:22:01 0 d-----w- c:\program files\STOPzilla!
2010-08-01 11:22:01 0 d-----w- c:\program files\common files\iS3
2010-08-01 11:22:01 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-31 23:25:39 0 dc-h--w- c:\windows\ie8
2010-07-31 22:50:11 0 d-----w- c:\windows\system32\NtmsData
2010-07-31 22:46:07 0 d-s---w- C:\ComboFix
2010-07-31 22:45:52 0 d-----w- c:\program files\GameSpy Arcade
2010-07-31 22:04:44 0 d-----w- c:\docume~1\jenkins\applic~1\MSNInstaller
2010-07-31 01:50:30 98816 ----a-w- c:\windows\sed.exe
2010-07-31 01:50:30 77312 ----a-w- c:\windows\MBR.exe
2010-07-31 01:50:30 256512 ----a-w- c:\windows\PEV.exe
2010-07-31 01:50:30 161792 ----a-w- c:\windows\SWREG.exe
2010-07-31 01:01:08 0 d-----w- C:\registrybackup
2010-07-30 22:33:04 47616 ----a-w- c:\windows\system32\blasetup.dll
2010-07-30 21:31:40 0 d-----w- c:\docume~1\jenkins\applic~1\Malwarebytes
2010-07-30 21:31:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:31:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-30 21:31:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 21:31:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 01:19:22 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-07-29 01:19:22 447952 ----a-r- c:\windows\system32\SZBase5.dll
2010-07-29 01:19:22 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-07-29 01:19:22 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-07-29 01:19:20 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-07-29 01:19:20 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-07-29 01:19:20 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-07-29 01:19:20 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-07-29 01:19:20 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-07-29 01:19:18 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-07-29 01:19:18 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-07-29 01:19:18 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-07-15 21:09:40 1501585 ----a-w- c:\windows\setupapi.log.10.old
2010-07-14 14:07:48 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-07 21:17:46 0 d-----w- c:\program files\Download Manager
2010-07-04 01:36:02 0 d-----w- c:\program files\EA Games

==================== Find3M ====================

2010-06-22 23:47:36 106496 ----a-w- c:\windows\DUMP9162.tmp
2010-05-28 00:51:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 00:51:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 20:24:53.37 ===============


THANK YOU!!!

Attached Files



BC AdBot (Login to Remove)

 


#2 Shannon2012

Shannon2012

  • Security Colleague
  • 3,657 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina, USA
  • Local time:07:25 AM

Posted 11 August 2010 - 08:59 AM


Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Shannon

#3 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 12 August 2010 - 09:57 PM

Thank you for the response!!!

This computer is now running in SafeMode with networking because it has started to refuse to run *.exe programs again.

This initially started when I tried to torrent XP for my cousin who overwrote his copy with a linux program (he has a valid COA.) The antivir solutions and porn downloaded. I attempted to cleanit following instruction here and afterwards I couldn't load Internet explorer, Firefox, or Google Chrome...although the would show as running in processes. Again thanks for the help.

I have tried to run the GMER twice and each time when it finishes the computer automatically restarts before I get a chance to save or post it.

DDS RESULTS USING DDS.SCR

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by jenkins at 20:26:27.43 on Thu 08/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1644 [GMT -4:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\jenkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
uSearch Bar = hxxp://www.google.com/ie
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:5643
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk-rel/en/side.html?channel=us
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - c:\program files\stopzilla!\SZIEBHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [SandboxieControl] "c:\program files\sandboxie\SbieCtrl.exe"
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [SecureUpgrade] c:\program files\wave systems corp\SecureUpgrade.exe
mRun: [EmbassySecurityCheck] "c:\program files\wave systems corp\embassy security setup\EMBASSYSecurityCheck.exe"
mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"
mRun: [DCPstrApp] c:\program files\dell\dell controlpoint\security manager\SecurityDeviceInfoSetRegistryString.exe
mRun: [DellConnectionManager] "c:\program files\dell\dell controlpoint\connection manager\Dell.UCM.exe"
mRun: [<NO NAME>]
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mssSort] "c:\program files\maxtor\managerapp\msssort.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [LXBSCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXBStime.dll,_RunDLLEntry@16
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [kpgfpgiw] c:\documents and settings\networkservice\local settings\application data\oupqawyqw\qvsetbgtssd.exe
dRun: [kpgfpgiw] c:\documents and settings\networkservice\local settings\application data\oupqawyqw\qvsetbgtssd.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab
DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jenkins\applic~1\mozilla\firefox\profiles\gvzaxg2j.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jenkins\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\download manager\npfpdlm.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

============= SERVICES / DRIVERS ===============

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2009-12-7 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2010-5-12 59280]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2009-12-7 61328]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-24 164048]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-24 19024]
S2 ATService;AuthenTec Fingerprint Service;c:\program files\fingerprint sensor\AtService.exe [2008-6-27 1664248]
S2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
S2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\broadcom\mgmtagent\BrcmMgmtAgent.exe [2008-7-1 110592]
S2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2008-9-4 406808]
S2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2008-11-11 451872]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-10-29 133104]
S2 Maxtor Sync Services;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-8-5 181600]
S2 SMManager;Smith Micro Connection Manager Service;c:\program files\dell\dell controlpoint\connection manager\SMManager.exe [2008-10-1 90112]
S3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-1-30 112128]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-24 40384]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-30 110080]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [2007-5-1 132232]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [2007-5-1 28416]
S3 SbieDrv;SbieDrv;c:\program files\sandboxie\SbieDrv.sys [2010-4-17 115944]

=============== Created Last 30 ================

2010-08-03 00:17:22 0 ----a-w- c:\documents and settings\jenkins\defogger_reenable
2010-08-01 11:22:01 0 d-----w- c:\program files\STOPzilla!
2010-08-01 11:22:01 0 d-----w- c:\program files\common files\iS3
2010-08-01 11:22:01 0 d-----w- c:\docume~1\alluse~1\applic~1\STOPzilla!
2010-07-31 23:25:39 0 dc-h--w- c:\windows\ie8
2010-07-31 22:50:11 0 d-----w- c:\windows\system32\NtmsData
2010-07-31 22:46:07 0 d-s---w- C:\ComboFix
2010-07-31 22:45:52 0 d-----w- c:\program files\GameSpy Arcade
2010-07-31 22:04:44 0 d-----w- c:\docume~1\jenkins\applic~1\MSNInstaller
2010-07-31 01:50:30 98816 ----a-w- c:\windows\sed.exe
2010-07-31 01:50:30 77312 ----a-w- c:\windows\MBR.exe
2010-07-31 01:50:30 256512 ----a-w- c:\windows\PEV.exe
2010-07-31 01:50:30 161792 ----a-w- c:\windows\SWREG.exe
2010-07-31 01:01:08 0 d-----w- C:\registrybackup
2010-07-30 22:33:04 47616 ----a-w- c:\windows\system32\blasetup.dll
2010-07-30 21:31:40 0 d-----w- c:\docume~1\jenkins\applic~1\Malwarebytes
2010-07-30 21:31:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:31:22 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-30 21:31:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 21:31:21 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-29 01:19:22 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-07-29 01:19:22 447952 ----a-r- c:\windows\system32\SZBase5.dll
2010-07-29 01:19:22 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-07-29 01:19:22 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-07-29 01:19:20 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-07-29 01:19:20 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-07-29 01:19:20 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-07-29 01:19:20 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-07-29 01:19:20 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-07-29 01:19:18 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-07-29 01:19:18 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-07-29 01:19:18 230864 ----a-r- c:\windows\system32\IS3Win325.dll
2010-07-15 21:09:40 1501585 ----a-w- c:\windows\setupapi.log.10.old
2010-07-14 14:07:48 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe

==================== Find3M ====================

2010-06-22 23:47:36 106496 ----a-w- c:\windows\DUMP9162.tmp
2010-05-28 00:51:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 00:51:42 348160 ----a-w- c:\windows\system32\msvcr71.dll

============= FINISH: 20:28:42.85 ===============

Attached Files



#4 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 13 August 2010 - 09:39 AM

5th time I finally got GMER to work (attached.) Thanks

Attached Files



#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:25 AM

Posted 17 August 2010 - 06:29 AM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the "Custom Scans/Fixes" section paste in the below in bold

    netsvc
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
  • Push the button.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and paste them into the body of your next reply.

~Blade


In your next reply, please include the following:
OTL.txt
Extras.txt

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#6 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 17 August 2010 - 08:30 PM

Hi Blade thanks for the response. Here goes OTL.txt first followed by extras.txt Thank you again

OTL logfile created on: 8/17/2010 9:10:52 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\jenkins\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 10.02 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHKK04J1
Current User Name: jenkins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/08/17 21:08:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jenkins\My Documents\Downloads\OTL.exe
PRC - [2010/08/14 21:21:00 | 000,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/07/28 21:19:32 | 000,177,616 | R--- | M] (iS3, Inc.) -- C:\Program Files\STOPzilla!\STOPzilla.exe
PRC - [2010/07/28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2010/05/27 20:51:41 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/05/23 19:11:10 | 000,322,352 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2010/05/06 16:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/17 06:56:08 | 000,394,984 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieCtrl.exe
PRC - [2010/04/17 06:56:06 | 000,073,960 | ---- | M] (tzuk) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2009/01/30 05:52:58 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/11/11 17:00:26 | 000,451,872 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe
PRC - [2008/11/11 16:58:28 | 000,950,048 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe
PRC - [2008/10/27 21:39:28 | 000,237,657 | ---- | M] (IDT, Inc.) -- c:\drivers\audio\R201108\stacsv.exe
PRC - [2008/10/27 21:17:00 | 000,049,250 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\hidfind.exe
PRC - [2008/10/27 21:16:42 | 000,200,704 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\Apoint.exe
PRC - [2008/10/27 21:16:40 | 000,050,472 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApMsgFwd.exe
PRC - [2008/10/27 21:16:40 | 000,049,152 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\DellTPad\ApntEx.exe
PRC - [2008/10/01 06:29:12 | 001,454,080 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe
PRC - [2008/10/01 06:28:50 | 000,090,112 | ---- | M] (Smith Micro Software, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe
PRC - [2008/09/04 19:28:42 | 000,406,808 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe
PRC - [2008/08/18 13:12:42 | 000,598,016 | ---- | M] (Dell, Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2008/08/05 08:54:42 | 000,181,600 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2008/08/05 08:54:30 | 001,647,960 | ---- | M] (Seagate) -- C:\Program Files\Maxtor\ManagerApp\msssort.exe
PRC - [2008/08/05 08:54:22 | 000,169,312 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Maxtor\OneTouch Status\MaxMenuMgr.exe
PRC - [2008/07/01 20:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
PRC - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/06/24 09:16:50 | 000,243,000 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
PRC - [2008/06/15 08:12:20 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/15 08:12:18 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/12 10:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2008/06/10 06:27:04 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
PRC - [2008/05/23 16:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/05/14 19:42:16 | 000,105,472 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/02/20 15:04:24 | 000,421,888 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\lxbscoms.exe


========== Modules (SafeList) ==========

MOD - [2010/08/17 21:08:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jenkins\My Documents\Downloads\OTL.exe
MOD - [2010/07/30 18:33:04 | 000,047,616 | ---- | M] () -- C:\WINDOWS\system32\blasetup.dll
MOD - [2008/04/14 08:00:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/07/28 21:19:28 | 000,062,928 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 16:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/17 06:56:06 | 000,073,960 | ---- | M] (tzuk) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2008/11/11 17:00:26 | 000,451,872 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV - [2008/10/27 21:39:28 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- c:\drivers\audio\R201108\stacsv.exe -- (STacSV)
SRV - [2008/10/01 06:28:50 | 000,090,112 | ---- | M] (Smith Micro Software, Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe -- (SMManager)
SRV - [2008/09/04 19:28:42 | 000,406,808 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe -- (buttonsvc32)
SRV - [2008/08/05 08:54:42 | 000,181,600 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Services)
SRV - [2008/07/01 20:57:10 | 000,110,592 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV - [2008/06/27 15:47:22 | 001,664,248 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- C:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/06/15 08:12:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2008/06/12 10:59:58 | 000,786,432 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2008/04/25 17:45:40 | 000,638,976 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/04/24 13:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/03/10 17:48:48 | 001,249,280 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/03/03 22:03:10 | 000,069,632 | ---- | M] (HP) [Unknown | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/20 15:04:24 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Running] -- C:\WINDOWS\System32\lxbscoms.exe -- (lxbs_device)


========== Driver Services (SafeList) ==========

DRV - [2010/05/12 18:01:06 | 000,059,280 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\szkgfs.sys -- (szkgfs)
DRV - [2010/05/06 16:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 16:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 16:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 16:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 16:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 16:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/17 06:56:02 | 000,115,944 | ---- | M] (tzuk) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2010/02/12 22:11:59 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2010/01/24 13:57:30 | 000,137,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\szkg.sys -- (szkg5)
DRV - [2009/12/07 17:59:32 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\is3srv.sys -- (is3srv)
DRV - [2008/10/28 18:08:54 | 001,287,552 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2008/10/28 18:08:12 | 000,033,664 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\BCMWLNPF.SYS -- (BCMWLNPF)
DRV - [2008/10/27 21:39:30 | 001,391,418 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2008/10/27 21:39:18 | 000,112,128 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2008/10/27 21:16:38 | 000,170,032 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2008/09/17 00:03:02 | 000,110,080 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel®
DRV - [2008/09/17 00:02:42 | 006,045,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2008/09/10 18:18:18 | 000,176,640 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2008/07/12 15:58:08 | 000,010,480 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BASFND.sys -- (BASFND)
DRV - [2008/07/02 17:51:20 | 000,318,488 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2008/07/01 18:42:28 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/24 09:16:52 | 000,172,344 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2008/06/06 11:15:40 | 000,098,816 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\baspxp32.sys -- (Blfp)
DRV - [2008/06/04 15:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/04/14 08:06:40 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/14 08:06:40 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/14 08:00:00 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/07/23 17:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 17:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 17:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 17:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 17:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 17:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 17:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 17:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 16:55:44 | 000,099,808 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (DRVMCDB)
DRV - [2007/07/23 16:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 16:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/07/23 16:43:42 | 000,052,000 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (DRVNDDM)
DRV - [2007/05/01 15:45:22 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH0109.sys -- (SaiH0109)
DRV - [2007/05/01 15:45:22 | 000,028,416 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiU0109.sys -- (SaiU0109)
DRV - [2006/11/28 23:46:22 | 000,027,072 | R--- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2001/08/17 22:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 22:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 22:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 22:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 22:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 21:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 21:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 21:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 21:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 21:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 21:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 21:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 21:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 21:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 21:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/hws/sb/dell-usuk-rel...html?channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522



IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5090130
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009/08/28 23:55:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/14 21:21:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/14 21:21:14 | 000,000,000 | ---D | M]

[2009/08/18 20:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Mozilla\Extensions
[2010/08/17 15:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions
[2010/08/15 09:54:10 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/09/02 15:52:02 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\searchplugins\askcom.xml
[2010/06/18 08:23:51 | 000,002,059 | ---- | M] () -- C:\Documents and Settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\searchplugins\daemon-search.xml
[2009/08/18 20:23:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/07/30 21:00:15 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (STOPzilla Browser Helper Object) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (iS3, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DCPstrApp] C:\Program Files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe (Broadcom Corporation)
O4 - HKLM..\Run: [DellConnectionManager] C:\Program Files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe (Smith Micro Software, Inc.)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell, Inc.)
O4 - HKLM..\Run: [EmbassySecurityCheck] C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [kpgfpgiw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\oupqawyqw\qvsetbgtssd.exe ()
O4 - HKLM..\Run: [LXBSCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.DLL (Lexmark International, Inc.)
O4 - HKLM..\Run: [mssSort] C:\Program Files\Maxtor\ManagerApp\msssort.exe (Seagate)
O4 - HKLM..\Run: [mxomssmenu] C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe (Wave Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - HKU\.DEFAULT..\Run: [kpgfpgiw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\oupqawyqw\qvsetbgtssd.exe ()
O4 - HKU\S-1-5-18..\Run: [kpgfpgiw] C:\Documents and Settings\NetworkService\Local Settings\Application Data\oupqawyqw\qvsetbgtssd.exe ()
O4 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe (Dell Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.co...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (msgina.dll) - C:\WINDOWS\System32\msgina.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\TPSvc: DllName - TPSvc.dll - File not found
O24 - Desktop WallPaper: C:\WINDOWS\dell.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\dell.bmp
O30 - LSA: Authentication Packages - (wvauth) - C:\WINDOWS\System32\wvauth.dll (Wave Systems Corp.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/09/08 18:59:29 | 006,199,523 | R--- | M] () - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/21 09:44:31 | 000,005,430 | R--- | M] () - D:\AutoRun.ico -- [ CDFS ]
O32 - AutoRun File - [2005/08/21 09:44:31 | 000,000,047 | R--- | M] () - D:\AutoRun.inf -- [ CDFS ]
O33 - MountPoints2\{0ab9aeb5-547c-11de-a99c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0ab9aeb5-547c-11de-a99c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0ab9aeb5-547c-11de-a99c-806d6172696f}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2005/09/08 18:59:29 | 006,199,523 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dpnsyi64 - (C:\WINDOWS\system32\blasetup.dll) - C:\WINDOWS\system32\blasetup.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-3645843144-2729602610-2040523510-1005\...exe [@ = exefile] -- Reg Error: Key error. File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65597280324943872)

========== Files/Folders - Created Within 30 Days ==========

[2010/08/10 20:28:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Google
[2010/08/10 20:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\oupqawyqw
[2010/08/10 20:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/08/02 19:44:50 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wamregps.dll
[2010/08/02 19:44:49 | 000,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe
[2010/08/02 19:44:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll
[2010/08/02 19:44:49 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\staxmem.dll
[2010/08/02 19:44:48 | 002,134,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsnap.dll
[2010/08/02 19:44:48 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpadm.dll
[2010/08/02 19:44:48 | 000,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll
[2010/08/02 19:44:48 | 000,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe
[2010/08/02 19:44:44 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\s3legacy.dll
[2010/08/02 19:44:37 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\logui.ocx
[2010/08/02 19:44:36 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isatq.dll
[2010/08/02 19:44:35 | 000,829,440 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.dll
[2010/08/02 19:44:35 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisui.dll
[2010/08/02 19:44:35 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrtl.dll
[2010/08/02 19:44:35 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetsloc.dll
[2010/08/02 19:44:35 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\infoadmn.dll
[2010/08/02 19:44:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetmgr.exe
[2010/08/02 19:44:34 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisext51.dll
[2010/08/02 19:44:34 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iismap.dll
[2010/08/02 19:44:34 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstas.exe
[2010/08/02 19:44:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisreset.exe
[2010/08/02 19:44:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftpsapi2.dll
[2010/08/02 19:44:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iisrstap.dll
[2010/08/02 19:44:33 | 000,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll
[2010/08/02 19:44:33 | 000,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll
[2010/08/02 19:44:33 | 000,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll
[2010/08/02 19:44:33 | 000,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe
[2010/08/02 19:44:33 | 000,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe
[2010/08/02 19:44:33 | 000,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll
[2010/08/02 19:44:33 | 000,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe
[2010/08/02 19:44:33 | 000,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe
[2010/08/02 19:44:32 | 000,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll
[2010/08/02 19:44:32 | 000,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll
[2010/08/02 19:44:32 | 000,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll
[2010/08/02 19:44:32 | 000,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll
[2010/08/02 19:44:32 | 000,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll
[2010/08/02 19:44:32 | 000,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll
[2010/08/02 19:44:32 | 000,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll
[2010/08/02 19:44:32 | 000,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll
[2010/08/02 19:44:30 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certwiz.ocx
[2010/08/02 19:44:30 | 000,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe
[2010/08/02 19:44:30 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\certmap.ocx
[2010/08/02 19:44:30 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cnfgprts.ocx
[2010/08/02 19:44:30 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\coadmin.dll
[2010/08/02 19:44:30 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe
[2010/08/02 19:44:29 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll
[2010/08/02 19:44:28 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\adsiis51.dll
[2010/08/02 19:44:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admwprox.dll
[2010/08/02 19:44:28 | 000,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll
[2010/08/02 19:44:28 | 000,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe
[2010/08/01 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2010/08/01 07:22:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/08/01 07:22:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2010/07/31 19:25:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2010/07/31 18:53:55 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010/07/31 18:50:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/07/31 18:46:07 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/31 18:45:52 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2010/07/31 18:04:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\Application Data\MSNInstaller
[2010/07/31 17:18:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\Desktop\MBWMP1127
[2010/07/30 21:50:30 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/07/30 21:50:30 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/07/30 21:50:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/07/30 21:50:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/07/30 21:49:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/30 21:24:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/07/30 21:01:08 | 000,000,000 | ---D | C] -- C:\registrybackup
[2010/07/30 18:32:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/30 18:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/30 18:23:44 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\jenkins\Desktop\mbam-setup.exe
[2010/07/30 17:31:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\Application Data\Malwarebytes
[2010/07/30 17:31:22 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/30 17:31:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/30 17:31:21 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/30 17:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 16:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 16:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 16:12:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\Local Settings\Application Data\yxgvxpyjv
[2010/07/28 21:19:22 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/07/28 21:19:22 | 000,447,952 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/07/28 21:19:22 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/07/28 21:19:22 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/07/28 21:19:20 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/07/28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/07/28 21:19:20 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/07/28 21:19:20 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/07/28 21:19:20 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/07/28 21:19:18 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/07/28 21:19:18 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/07/28 21:19:18 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/07/23 14:36:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\My Documents\Harry Potter and the Prisoner of Azkaban
[2010/07/23 14:31:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jenkins\My Documents\Harry Potter and the Prisoner of Azkaban™
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/08/17 15:45:00 | 000,000,888 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/16 18:15:56 | 000,001,539 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\Aquaria Config.lnk
[2010/08/16 18:15:56 | 000,001,530 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\Aquaria.lnk
[2010/08/16 16:45:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/15 19:06:17 | 000,569,458 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/15 19:06:17 | 000,474,434 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/15 19:06:17 | 000,085,304 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/15 19:02:42 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jenkins\Local Settings\Application Data\WavXMapDrive.bat
[2010/08/15 19:01:55 | 000,000,282 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
[2010/08/15 19:01:55 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/08/15 19:01:31 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/15 19:01:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/15 19:01:22 | 2100,469,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/15 11:33:40 | 000,097,320 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\34593_welcomeexpiresaug152010.pdf
[2010/08/15 09:20:10 | 006,029,312 | ---- | M] () -- C:\Documents and Settings\jenkins\ntuser.dat
[2010/08/15 09:19:48 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\jenkins\ntuser.ini
[2010/08/14 22:19:45 | 000,001,100 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/08/14 21:18:26 | 000,001,426 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2010/08/14 21:10:30 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/13 11:53:07 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 10:41:42 | 000,008,374 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\gmer.rtf
[2010/08/12 22:16:05 | 000,013,887 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\virus2.rtf
[2010/08/10 20:02:44 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/08/08 15:39:45 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
[2010/08/02 20:55:58 | 000,016,857 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\virus.rtf
[2010/08/02 20:31:25 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\gmer.zip
[2010/08/02 20:18:09 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\dds.scr
[2010/08/02 20:17:22 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\jenkins\defogger_reenable
[2010/08/02 14:45:47 | 000,001,160 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\JAWS.rtf
[2010/08/01 20:34:12 | 000,001,884 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Play the Spider-Man 2 Demo.zip
[2010/07/31 19:28:09 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\jenkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/31 19:26:23 | 003,716,098 | -H-- | M] () -- C:\Documents and Settings\jenkins\Local Settings\Application Data\IconCache.db
[2010/07/31 19:09:58 | 000,001,622 | ---- | M] () -- C:\Documents and Settings\jenkins\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/07/31 19:09:58 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/07/31 18:45:54 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\GameSpy Arcade.lnk
[2010/07/31 18:04:23 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/07/31 17:17:24 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\Mount&Blade Warband.lnk
[2010/07/31 17:13:01 | 586,211,445 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\mb_warband_setup_1127.exe
[2010/07/31 16:38:15 | 010,296,350 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\MBWMP1127.rar
[2010/07/30 21:12:39 | 003,747,414 | R--- | M] () -- C:\Documents and Settings\jenkins\Desktop\ComboFix.exe
[2010/07/30 21:00:15 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/30 18:33:04 | 000,047,616 | ---- | M] () -- C:\WINDOWS\System32\blasetup.dll
[2010/07/30 18:24:14 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 18:23:44 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\jenkins\Desktop\mbam-setup.exe
[2010/07/30 17:25:25 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\rkill.com
[2010/07/28 21:19:22 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZComp5.dll
[2010/07/28 21:19:22 | 000,447,952 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZBase5.dll
[2010/07/28 21:19:22 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3HTUI5.dll
[2010/07/28 21:19:22 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\SZIO5.dll
[2010/07/28 21:19:20 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3DBA5.dll
[2010/07/28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Svc5.dll
[2010/07/28 21:19:20 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Inet5.dll
[2010/07/28 21:19:20 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Hks5.dll
[2010/07/28 21:19:20 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3XDat5.dll
[2010/07/28 21:19:18 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Base5.dll
[2010/07/28 21:19:18 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3UI5.dll
[2010/07/28 21:19:18 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\WINDOWS\System32\IS3Win325.dll
[2010/07/23 15:17:14 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\click me to play (2).lnk
[2010/07/23 14:16:50 | 000,015,015 | ---- | M] () -- C:\Documents and Settings\jenkins\Desktop\harry_potter_and_the_prisoner_of_azkaban_pc_game_rip.5308727.TPB.torrent
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/08/16 18:15:56 | 000,001,539 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\Aquaria Config.lnk
[2010/08/16 18:15:56 | 000,001,530 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\Aquaria.lnk
[2010/08/15 11:35:07 | 2100,469,760 | -HS- | C] () -- C:\hiberfil.sys
[2010/08/15 11:33:40 | 000,097,320 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\34593_welcomeexpiresaug152010.pdf
[2010/08/13 10:41:42 | 000,008,374 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\gmer.rtf
[2010/08/12 22:16:05 | 000,013,887 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\virus2.rtf
[2010/08/10 20:02:44 | 000,000,288 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-18.job
[2010/08/10 20:02:44 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-18.job
[2010/08/02 20:55:58 | 000,016,857 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\virus.rtf
[2010/08/02 20:33:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\gmer.exe
[2010/08/02 20:31:25 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\gmer.zip
[2010/08/02 20:18:09 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\dds.scr
[2010/08/02 20:17:22 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jenkins\defogger_reenable
[2010/08/02 14:45:47 | 000,001,160 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\JAWS.rtf
[2010/07/31 18:45:54 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\GameSpy Arcade.lnk
[2010/07/31 18:04:23 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2010/07/31 17:13:01 | 586,211,445 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\mb_warband_setup_1127.exe
[2010/07/31 16:38:15 | 010,296,350 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\MBWMP1127.rar
[2010/07/30 21:50:30 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/07/30 21:50:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/07/30 21:50:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/07/30 21:50:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/07/30 21:50:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/07/30 21:22:13 | 003,747,414 | R--- | C] () -- C:\Documents and Settings\jenkins\Desktop\ComboFix.exe
[2010/07/30 18:33:04 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\blasetup.dll
[2010/07/30 17:31:25 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/30 17:25:24 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\rkill.com
[2010/07/23 15:17:14 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\click me to play (2).lnk
[2010/07/23 14:16:46 | 000,015,015 | ---- | C] () -- C:\Documents and Settings\jenkins\Desktop\harry_potter_and_the_prisoner_of_azkaban_pc_game_rip.5308727.TPB.torrent
[2010/05/24 20:39:33 | 000,001,426 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2010/04/17 22:54:07 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/02/15 12:17:08 | 000,001,456 | R--- | C] () -- C:\WINDOWS\System32\lxbsprod.ini
[2010/02/15 12:16:55 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbsvs.dll
[2010/01/24 20:39:37 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2010/01/16 08:17:41 | 000,139,152 | ---- | C] () -- C:\Documents and Settings\jenkins\Application Data\PnkBstrK.sys
[2010/01/16 08:17:41 | 000,137,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/12 19:45:03 | 000,000,582 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/12/12 19:44:55 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2009/08/01 20:07:14 | 000,000,000 | ---- | C] () -- C:\WINDOWS\BBCAuto.INI
[2009/06/26 08:23:24 | 000,000,443 | ---- | C] () -- C:\WINDOWS\Disney.ini
[2009/06/10 14:42:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2009/06/08 21:13:56 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\jenkins\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/08 18:35:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\jenkins\Local Settings\Application Data\WavXMapDrive.bat
[2009/01/30 07:11:22 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4980.dll
[2009/01/30 07:09:05 | 000,001,156 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/30 05:56:32 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/01/30 05:51:47 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/01/30 05:50:30 | 000,753,664 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/01/30 05:35:42 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2008/07/28 20:03:06 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2008/06/13 13:18:56 | 000,512,000 | ---- | C] () -- C:\WINDOWS\System32\AmRes_sv.dll
[2008/06/13 13:18:56 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_no.dll
[2008/06/13 13:18:54 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_nl.dll
[2008/06/13 13:18:54 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_da.dll
[2008/06/13 13:18:52 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\AmRes_de.dll
[2008/06/13 13:18:52 | 000,536,576 | ---- | C] () -- C:\WINDOWS\System32\AmRes_fr.dll
[2008/06/13 13:18:52 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\AmRes_en.dll
[2008/06/13 13:18:50 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_it.dll
[2008/06/13 13:18:50 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ja.dll
[2008/06/13 13:18:48 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pt-BR.dll
[2008/06/13 13:18:48 | 000,503,808 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ko.dll
[2008/06/13 13:18:46 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\AmRes_ru.dll
[2008/06/13 13:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHT.dll
[2008/06/13 13:18:44 | 000,475,136 | ---- | C] () -- C:\WINDOWS\System32\AmRes_zh-CHS.dll
[2008/06/13 13:18:42 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\AmRes_es.dll
[2008/06/13 13:16:16 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\AmRes_pl.dll
[2008/05/30 11:38:24 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2008/05/30 11:38:14 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2008/05/30 11:37:52 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2008/05/30 11:37:24 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2008/05/30 11:37:22 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2008/05/30 11:37:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2008/05/30 11:37:18 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2008/05/30 11:37:16 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2008/05/30 11:37:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2008/05/30 11:37:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2008/05/30 11:37:12 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2008/05/30 11:37:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2008/05/30 11:37:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2008/05/30 11:37:06 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2008/05/30 11:37:04 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2008/05/14 19:40:30 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/03/18 15:02:52 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2008/02/25 14:04:48 | 000,835,584 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2007/05/01 15:45:22 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_11.dll
[2007/05/01 15:45:20 | 002,502,656 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109.Dll
[2007/05/01 15:45:20 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_0C.dll
[2007/05/01 15:45:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_10.dll
[2007/05/01 15:45:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_0A.dll
[2007/05/01 15:45:20 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_07.dll
[2007/05/01 15:45:20 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_09.dll
[2007/05/01 15:45:20 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC0109_0402.dll
[2006/08/14 13:02:10 | 000,072,192 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2006/06/30 14:58:44 | 000,176,128 | R--- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 14:58:44 | 000,126,976 | R--- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2006/06/12 10:01:16 | 000,348,160 | ---- | C] () -- C:\WINDOWS\tsp.dll
[2004/09/10 14:34:00 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2004/09/10 14:34:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ADsSecurity.dll

========== LOP Check ==========

[2010/05/23 18:00:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Wave Systems Corp
[2010/05/05 19:05:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/06/27 19:05:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2009/01/30 05:49:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2010/02/12 22:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/02/14 21:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2010/01/14 20:01:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2009/01/30 05:41:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
[2010/06/15 08:08:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PIXELA
[2010/08/17 21:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/08/06 16:09:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/06/28 15:21:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/01/30 05:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wave Systems Corp
[2009/12/28 09:37:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/01/30 05:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Wave Systems Corp
[2009/07/14 06:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\BACS.exe
[2010/02/12 23:07:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\DAEMON Tools Lite
[2009/09/11 18:43:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\GetRightToGo
[2009/06/08 19:29:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Laplink
[2010/02/14 21:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Maxtor Quick Start
[2010/02/12 21:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Mount&Blade
[2010/06/09 16:47:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Mount&Blade Warband
[2010/07/31 18:04:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\MSNInstaller
[2009/12/26 20:50:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\runic games
[2010/02/10 18:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\The Creative Assembly
[2010/06/12 22:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Uniblue
[2010/08/17 21:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\uTorrent
[2009/01/30 05:42:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jenkins\Application Data\Wave Systems Corp

========== Purity Check ==========



========== Custom Scans ==========


< netsvc >

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 09:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe


< MD5 for: AGP440.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:AGP440.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/14 08:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\I386\sp3.cab:atapi.sys
[2008/04/14 08:00:00 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/14 08:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:00:00 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: IASTOR.SYS >
[2008/06/15 08:12:08 | 000,395,800 | ---- | M] (Intel Corporation) MD5=0B6C9C8F2E00E8B61C8379E62A9F921B -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008/07/02 17:51:20 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\drivers\storage\R190228\IaStor.sys
[2008/06/15 08:11:58 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008/07/02 17:51:20 | 000,318,488 | ---- | M] (Intel Corporation) MD5=692830B048AACD7E0D6EDEDF098ACC01 -- C:\WINDOWS\system32\drivers\iaStor.sys

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

< MD5 for: SCECLI.DLL >
[2008/04/14 08:00:00 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/04/25 05:21:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/04/25 05:21:09 | 001,089,536 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/04/25 05:21:09 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >

Edited by freeaccount, 17 August 2010 - 08:46 PM.


#7 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 17 August 2010 - 08:32 PM

EXTRAS.TXT ..... it would not let me put both in one post, thanks again



OTL Extras logfile created on: 8/17/2010 9:10:52 PM - Run 1
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\jenkins\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 73.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 10.02 Gb Free Space | 13.46% Space Free | Partition Type: NTFS
Drive D: | 2.53 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DHKK04J1
Current User Name: jenkins
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-3645843144-2729602610-2040523510-1005\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Laplink\PCsync\SFTHost.exe" = C:\Program Files\Laplink\PCsync\SFTHost.exe:*:Enabled:PCsync Host Module -- (Laplink Software, Inc.)
"C:\Program Files\Steam\steamapps\common\company of heroes\help.htm" = C:\Program Files\Steam\steamapps\common\company of heroes\help.htm:*:Enabled:Company of Heroes -- ()
"C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe" = C:\Program Files\Steam\steamapps\common\company of heroes\RelicCOH.exe:*:Enabled:Company of Heroes: Tales of Valor -- (THQ Canada Inc.)
"C:\Program Files\Steam\steamapps\common\doom 3 demo\Doom3.exe" = C:\Program Files\Steam\steamapps\common\doom 3 demo\Doom3.exe:*:Enabled:Doom 3 Demo -- (id Software)
"C:\Program Files\Steam\steamapps\common\sam and max episode 4\SamMax104.exe" = C:\Program Files\Steam\steamapps\common\sam and max episode 4\SamMax104.exe:*:Enabled:Sam and Max 104: Abe Lincoln Must Die! -- ()
"C:\Program Files\Steam\steamapps\common\kings bounty armored princess - demo\kb.exe" = C:\Program Files\Steam\steamapps\common\kings bounty armored princess - demo\kb.exe:*:Enabled:King's Bounty: Armored Princess - Demo -- File not found
"C:\Program Files\Steam\steamapps\common\men of war - demo\mow_demo.exe" = C:\Program Files\Steam\steamapps\common\men of war - demo\mow_demo.exe:*:Enabled:Men of War - Demo -- File not found
"C:\Program Files\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe" = C:\Program Files\Steam\steamapps\common\freedom force vs. the 3rd reich\ffvt3r.exe:*:Enabled:Freedom Force vs. the 3rd Reich -- (Irrational Games)
"C:\Program Files\Steam\steamapps\common\freedom force\fforce.exe" = C:\Program Files\Steam\steamapps\common\freedom force\fforce.exe:*:Enabled:Freedom Force -- (Irrational Games)
"C:\Program Files\Steam\steamapps\common\empire total war demo\Empire.exe" = C:\Program Files\Steam\steamapps\common\empire total war demo\Empire.exe:*:Enabled:Empire: Total War Demo -- File not found
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\steamapps\common\mount and blade\runme.exe" = C:\Program Files\Steam\steamapps\common\mount and blade\runme.exe:*:Enabled:Mount and Blade -- ()
"C:\Program Files\Steam\steamapps\common\baboinvasion\BaboInvasion.exe" = C:\Program Files\Steam\steamapps\common\baboinvasion\BaboInvasion.exe:*:Enabled:Madballs in... Babo:Invasion -- File not found
"C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe" = C:\Program Files\Electronic Arts\Medal of Honor MP Beta\MoHMPUpdater.exe:*:Enabled:Medal of Honor™ MP Beta -- File not found
"C:\Program Files\Mount&Blade Warband\mb_warband.exe" = C:\Program Files\Mount&Blade Warband\mb_warband.exe:*:Enabled:Mount&Blade: Warband -- ( Taleworlds Entertainment)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2220CF3A-EBD6-4070-94D0-0C7337B537A7}" = All Day Battery Life Configuration
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24A494F3-5B5F-4183-9F7D-9CE82812C1FC}" = tsp patch
"{2C0BC353-B261-44D5-83F1-C8BDCF8FD9F9}" = STOPzilla
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{3393CDDB-27F0-4869-BED4-BE478598F0FF}" = Dell Control Point
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35748B06-FCFC-4700-8285-DAD41689E4FE}" = Broadcom TPM Driver Installer
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{49A8B3D9-71D7-4A8B-937C-ECB7DCE53A32}" = Bob the Builder - Bob Builds a Park Demo
"{4D523D94-C637-4C49-89FD-5B8FFB071D76}" = Dell ControlPoint Connection Manager
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{558B86E5-CFAC-447C-99EE-5BB1C068706D}" = NTRU TCG Software Stack
"{560EFF7F-252D-4841-89CD-4EEB76D5FC1F}" = Maxtor Central Axis Manager
"{56F81937-C3B5-4C98-A260-E47B631709D7}" = Lexmark Precision Photo
"{5BDAA2F7-8E48-4AFF-AA92-B559D0CDF1AD}" = Serious Sam: The Second Encounter
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6C1804BC-094F-431A-BEA5-37A837958029}" = Rome - Total War - Alexander
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F1EC187-3C90-4CC5-A567-ADC4DC31CD61}" = The Spider-Man 2 Demo
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7BB045C3-D5E4-4620-B536-DC11AACD5942}" = Broadcom Management Programs
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7EA69B5E-EE96-44A1-BDD6-F9C193CDDAF9}" = Wave Infrastructure Installer
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: The First Encounter
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8B1F8092-9D84-459B-88EA-0BE882AC915E}" = UPEK TouchChip Fingerprint Reader
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9593C6E5-205E-45C3-B785-05CF146CA76A}" = biolsp patch
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A093D83F-429A-4AB2-A0CD-1F7E9C7B764A}" = Trusted Drive Manager
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5D65411-8E73-4C85-AD80-9FE8B7391CF9}" = Rome Total War - patch 1.3
"{A642BB6B-CA1D-4142-8DD4-318C3F3DC834}" = Rome - Total War™
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = PCsync
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{EF05BA0F-AC15-4D12-AC5C-276225F5E751}" = Gemalto
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F74B95DF-A68C-4A99-98AA-E98698341F21}" = Dell ControlPoint System Manager
"{FD69C8CB-6964-432C-98AB-A5A09ED50EEA}" = Barbarian Invasion
"{FECEF9D2-9D3D-449B-9EA4-CFA775C99460}" = AuthenTec Fingerprint System
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"66E7D038E1F9BEA2EBDF90804718442328FF88DA" = Windows Driver Package - AuthenTec Inc. (ATSwpWDF) Biometric (06/12/2008 8.1.0.51)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Aquaria" = Aquaria
"avast5" = avast! Free Antivirus
"Batman Toxic Chill" = Batman Toxic Chill
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card Utility
"Download Manager" = Download Manager 2.3.10
"ExtractNow_is1" = ExtractNow
"GameSpy Arcade" = GameSpy Arcade
"HDMI" = Intel® Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{560EFF7F-252D-4841-89CD-4EEB76D5FC1F}" = Maxtor Central Axis Manager
"InstallShield_{56F81937-C3B5-4C98-A260-E47B631709D7}" = Lexmark Precision Photo
"InstallShield_{6F1EC187-3C90-4CC5-A567-ADC4DC31CD61}" = The Spider-Man 2 Demo
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"Just Grandma and Me" = Just Grandma and Me
"Lexmark 810 Series" = Lexmark 810 Series
"Magic 3D Coloring Book Amazing Animals" = Magic 3D Coloring Book Amazing Animals
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.5.2)" = Mozilla Firefox (3.5.2)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"PunkBusterSvc" = PunkBuster Services
"QuickTime" = QuickTime
"RealPlayer 12.0" = RealPlayer
"Sandboxie" = Sandboxie 3.442
"SearchAssist" = SearchAssist
"SeriousSam2" = Serious Sam 2
"SONICADVDX" = SONIC ADVENTURE DX-Director's Cut
"Steam App 15930" = Luxor 3
"Steam App 20540" = Company of Heroes: Tales of Valor
"Steam App 22100" = Mount and Blade
"Steam App 36000" = Foreign Legion: Buckets of Blood
"Steam App 4560" = Company of Heroes
"Steam App 8230" = Sam and Max 104: Abe Lincoln Must Die!
"Steam App 8880" = Freedom Force
"Steam App 8890" = Freedom Force vs. the 3rd Reich
"uTorrent" = µTorrent
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WETCable" = Windows Easy Transfer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Winnie the Pooh Toddler" = Disney's Winnie the Pooh Toddler
"WinRAR archiver" = WinRAR archiver
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Zoboomafoo Creature Quest™" = Zoboomafoo Creature Quest™

[color=#E56717]========== HKEY

Edited by freeaccount, 17 August 2010 - 08:50 PM.


#8 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 17 August 2010 - 09:02 PM

It refuses to allow me to post the error part of the files. I have tried many times and it cuts off the end section (with the error messages list.) I tried ot separate it to post everything separate and then separated the error message part out to post it separate to the rest of the extras.txt file and it still refuses...it says that I have lost connection. I am now saving and attaching them to this reply. Thanks again.

Attached Files



#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:25 AM

Posted 18 August 2010 - 06:05 PM

Hello.

Don't worry about the posting problems; that's part of the infection.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 19 August 2010 - 02:13 AM

Hi Blade. Again it took a few times running it for it to work, but I think I finally got it.

The first time the sequence went as follows:

1. The following parasite is trying to attach to combo...please write it down...

c:\windows\system32\blasetup.dll

2. newer version available...update? I updated by choosing yes

3. Combo will now restart...it did

4. disclaimer of warranty

and then everything else followed the steps you described

Renamed.txt as follows:

ComboFix 10-08-17.04 - jenkins 08/19/2010 2:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1401 [GMT -4:00]
Running from: c:\documents and settings\jenkins\Desktop\renamed.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\NetworkService\Local Settings\Application Data\oupqawyqw
c:\documents and settings\NetworkService\Local Settings\Application Data\oupqawyqw\qvsetbgtssd.exe
C:\Install.exe
c:\program files\Shared
c:\windows\system32\st326087.dll

Infected copy of c:\windows\system32\drivers\termdd.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 01:04 . 2010-08-19 04:08 -------- d-----w- C:\renamed5704r
2010-08-19 01:00 . 2010-08-19 01:03 -------- d-----w- C:\renamed
2010-08-15 13:54 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-15 13:54 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-15 13:54 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-15 13:54 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-11 00:29 . 2010-08-11 00:29 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-06 14:19 . 2010-08-06 14:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-01 11:26 . 2010-08-01 11:22 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-01 11:22 . 2010-08-19 06:48 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-08-01 11:22 . 2010-08-01 11:22 -------- d-----w- c:\program files\STOPzilla!
2010-08-01 11:22 . 2010-08-01 11:22 -------- d-----w- c:\program files\Common Files\iS3
2010-07-31 23:25 . 2010-07-31 23:26 -------- dc-h--w- c:\windows\ie8
2010-07-31 22:50 . 2010-07-31 22:52 -------- d-----w- c:\windows\system32\NtmsData
2010-07-31 22:45 . 2010-07-31 23:30 -------- d-----w- c:\program files\GameSpy Arcade
2010-07-31 22:04 . 2010-07-31 22:04 1244648 ----a-w- c:\documents and settings\jenkins\Application Data\MSNInstaller\msnauins.exe
2010-07-31 22:04 . 2010-07-31 22:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\MSNInstaller
2010-07-31 01:01 . 2010-07-31 01:01 -------- d-----w- C:\registrybackup
2010-07-30 22:33 . 2010-07-30 22:33 47616 ----a-w- c:\windows\system32\blasetup.dll
2010-07-30 22:32 . 2010-07-30 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\jenkins\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:31 . 2010-07-30 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 21:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 20:12 . 2010-07-30 23:06 -------- d-----w- c:\documents and settings\jenkins\Local Settings\Application Data\yxgvxpyjv
2010-07-29 01:19 . 2010-07-29 01:19 546256 ----a-r- c:\windows\system32\SZComp5.dll
2010-07-29 01:19 . 2010-07-29 01:19 447952 ----a-r- c:\windows\system32\SZBase5.dll
2010-07-29 01:19 . 2010-07-29 01:19 22992 ----a-r- c:\windows\system32\SZIO5.dll
2010-07-29 01:19 . 2010-07-29 01:19 132560 ----a-r- c:\windows\system32\IS3HTUI5.dll
2010-07-29 01:19 . 2010-07-29 01:19 99792 ----a-r- c:\windows\system32\IS3Svc5.dll
2010-07-29 01:19 . 2010-07-29 01:19 99792 ----a-r- c:\windows\system32\IS3Inet5.dll
2010-07-29 01:19 . 2010-07-29 01:19 67024 ----a-r- c:\windows\system32\IS3Hks5.dll
2010-07-29 01:19 . 2010-07-29 01:19 398800 ----a-r- c:\windows\system32\IS3DBA5.dll
2010-07-29 01:19 . 2010-07-29 01:19 28624 ----a-r- c:\windows\system32\IS3XDat5.dll
2010-07-29 01:19 . 2010-07-29 01:19 738768 ----a-r- c:\windows\system32\IS3Base5.dll
2010-07-29 01:19 . 2010-07-29 01:19 390608 ----a-r- c:\windows\system32\IS3UI5.dll
2010-07-29 01:19 . 2010-07-29 01:19 230864 ----a-r- c:\windows\system32\IS3Win325.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 06:42 . 2010-02-13 02:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\uTorrent
2010-08-19 06:41 . 2010-08-19 06:41 576 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-19 05:00 . 2009-06-08 22:35 0 ----a-w- c:\documents and settings\jenkins\Local Settings\Application Data\WavXMapDrive.bat
2010-08-18 20:25 . 2009-09-05 16:18 -------- d-----w- c:\program files\Steam
2010-08-16 22:15 . 2010-06-18 20:46 -------- d-----w- c:\program files\Aquaria
2010-08-15 15:46 . 2010-02-15 16:20 -------- d-----w- c:\program files\Lx_cats
2010-08-15 02:19 . 2009-11-23 18:34 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-13 15:53 . 2009-10-06 00:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 23:32 . 2010-08-09 00:07 219910 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-31 23:05 . 2010-02-13 02:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-07-31 21:51 . 2009-06-28 17:41 -------- d-----w- c:\program files\THQ
2010-07-31 21:51 . 2009-01-30 09:51 -------- d-----w- c:\program files\Google
2010-07-31 21:14 . 2010-03-22 01:28 -------- d-----w- c:\program files\Mount&Blade Warband
2010-07-12 15:47 . 2010-01-02 15:08 -------- d-----w- c:\program files\MSECache
2010-07-07 21:28 . 2010-07-07 21:17 -------- d-----w- c:\documents and settings\jenkins\Application Data\IGN_DLM
2010-07-07 21:17 . 2010-07-07 21:17 -------- d-----w- c:\program files\Download Manager
2010-07-06 23:10 . 2010-06-15 12:03 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-04 01:36 . 2009-01-30 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 01:36 . 2010-07-04 01:36 -------- d-----w- c:\program files\EA Games
2010-07-03 22:08 . 2009-07-19 18:14 -------- d-----w- c:\program files\Activision
2010-07-03 20:52 . 2010-07-03 20:52 -------- d-----w- c:\program files\Sega
2010-07-03 20:51 . 2010-07-03 20:51 -------- d-----w- c:\program files\Sonic
2010-06-27 23:05 . 2010-05-25 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-22 23:47 . 2009-01-30 11:06 106496 ----a-w- c:\windows\DUMP9162.tmp
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 00:52 . 2010-05-28 00:52 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 00:52 . 2010-05-28 00:52 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 00:52 . 2010-05-28 00:52 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 00:52 . 2010-05-28 00:52 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:52 . 2010-05-28 00:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 00:51 . 2006-08-14 17:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 00:51 . 2006-08-14 17:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-23 23:16 . 2008-04-25 16:16 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-23 322352]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 150040]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-08-05 1647960]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-08-05 169312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3 demo\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\SamMax104.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force vs. the 3rd reich\\ffvt3r.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force\\fforce.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mount and blade\\runme.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband.exe"=

R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [12/7/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [5/12/2010 6:01 PM 59280]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/24/2010 8:37 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2010 8:37 PM 19024]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 3:47 PM 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/1/2008 8:57 PM 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [9/4/2008 7:28 PM 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 5:00 PM 451872]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [8/5/2008 8:54 AM 181600]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [10/1/2008 6:28 AM 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/30/2009 7:09 AM 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/30/2009 7:11 AM 110080]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [12/7/2009 5:59 PM 61328]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/29/2009 9:20 PM 133104]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [5/1/2007 3:45 PM 132232]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [5/1/2007 3:45 PM 28416]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 10:11 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jenkins\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellIconOverlayIdentifiers-{b75ab0c8-03d5-4592-9821-a48d54d66b14} - (no file)
Notify-TPSvc - TPSvc.dll
AddRemove-SearchAssist - c:\dell\SearchAssist\UninstSA.bat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-19 02:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(708)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-19 02:50:23
ComboFix-quarantined-files.txt 2010-08-19 06:50

Pre-Run: 11,141,156,864 bytes free
Post-Run: 11,095,785,472 bytes free

- - End Of File - - B19245F8E0B51251C8A90134D98FE889


Thanks

#11 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:25 AM

Posted 19 August 2010 - 12:59 PM

Hello.

I see that your default search engine in Firefox is currently set to DaemonSearch. Do you desire this, or would you like that removed?

***************************************************

Please uninstall STOPzilla immediately using Add or Remove Programs. The program is dubious at best, and is widely considered to be rogue by the security community for a number of reasons.

After you've uninstalled STOPzilla, reboot the machine, then proceed with the instructions below.

***************************************************

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/336813/antivir-solutionprogasfmalwarebytesm-i-hijacked/

Collect::
c:\windows\system32\blasetup.dll

DDS::
uInternet Settings,ProxyServer =
uInternet Settings,ProxyOverride =


Save this as CFScript.txt, in the same location as ComboFix.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

~Blade


In your next reply, please include the following:
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#12 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 19 August 2010 - 03:29 PM

Blade,

I thought I had deleted Daemon but it keeps popping back up...so no I don't want to us eit as a search engine.

Stopzilla is uninstalled...I've tried before and was refused, good riddance to it.



ComboFix 10-08-18.04 - jenkins 08/19/2010 16:17:46.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1547 [GMT -4:00]
Running from: c:\documents and settings\jenkins\Desktop\renamed.exe
Command switches used :: c:\documents and settings\jenkins\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

file zipped: c:\windows\system32\blasetup.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\blasetup.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-19 to 2010-08-19 )))))))))))))))))))))))))))))))
.

2010-08-19 01:04 . 2010-08-19 04:08 -------- d-----w- C:\renamed5704r
2010-08-19 01:00 . 2010-08-19 01:03 -------- d-----w- C:\renamed
2010-08-15 13:54 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-15 13:54 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-15 13:54 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-15 13:54 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-11 00:29 . 2010-08-11 00:29 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-06 14:19 . 2010-08-06 14:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-01 11:26 . 2010-08-01 11:22 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-01 11:22 . 2010-08-19 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-31 23:25 . 2010-07-31 23:26 -------- dc-h--w- c:\windows\ie8
2010-07-31 22:50 . 2010-07-31 22:52 -------- d-----w- c:\windows\system32\NtmsData
2010-07-31 22:45 . 2010-07-31 23:30 -------- d-----w- c:\program files\GameSpy Arcade
2010-07-31 22:04 . 2010-07-31 22:04 1244648 ----a-w- c:\documents and settings\jenkins\Application Data\MSNInstaller\msnauins.exe
2010-07-31 22:04 . 2010-07-31 22:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\MSNInstaller
2010-07-31 01:01 . 2010-07-31 01:01 -------- d-----w- C:\registrybackup
2010-07-30 22:32 . 2010-07-30 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\jenkins\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:31 . 2010-07-30 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 21:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 20:12 . 2010-07-30 23:06 -------- d-----w- c:\documents and settings\jenkins\Local Settings\Application Data\yxgvxpyjv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 20:16 . 2010-02-13 02:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\uTorrent
2010-08-19 19:59 . 2009-06-08 22:35 0 ----a-w- c:\documents and settings\jenkins\Local Settings\Application Data\WavXMapDrive.bat
2010-08-19 06:41 . 2010-08-19 06:41 576 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-18 20:25 . 2009-09-05 16:18 -------- d-----w- c:\program files\Steam
2010-08-16 22:15 . 2010-06-18 20:46 -------- d-----w- c:\program files\Aquaria
2010-08-15 15:46 . 2010-02-15 16:20 -------- d-----w- c:\program files\Lx_cats
2010-08-15 02:19 . 2009-11-23 18:34 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-13 15:53 . 2009-10-06 00:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 23:32 . 2010-08-09 00:07 219910 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-31 23:05 . 2010-02-13 02:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-07-31 21:51 . 2009-06-28 17:41 -------- d-----w- c:\program files\THQ
2010-07-31 21:51 . 2009-01-30 09:51 -------- d-----w- c:\program files\Google
2010-07-31 21:14 . 2010-03-22 01:28 -------- d-----w- c:\program files\Mount&Blade Warband
2010-07-12 15:47 . 2010-01-02 15:08 -------- d-----w- c:\program files\MSECache
2010-07-07 21:28 . 2010-07-07 21:17 -------- d-----w- c:\documents and settings\jenkins\Application Data\IGN_DLM
2010-07-07 21:17 . 2010-07-07 21:17 -------- d-----w- c:\program files\Download Manager
2010-07-06 23:10 . 2010-06-15 12:03 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-04 01:36 . 2009-01-30 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 01:36 . 2010-07-04 01:36 -------- d-----w- c:\program files\EA Games
2010-07-03 22:08 . 2009-07-19 18:14 -------- d-----w- c:\program files\Activision
2010-07-03 20:52 . 2010-07-03 20:52 -------- d-----w- c:\program files\Sega
2010-07-03 20:51 . 2010-07-03 20:51 -------- d-----w- c:\program files\Sonic
2010-06-27 23:05 . 2010-05-25 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-22 23:47 . 2009-01-30 11:06 106496 ----a-w- c:\windows\DUMP9162.tmp
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 00:52 . 2010-05-28 00:52 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 00:52 . 2010-05-28 00:52 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 00:52 . 2010-05-28 00:52 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 00:52 . 2010-05-28 00:52 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:52 . 2010-05-28 00:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 00:51 . 2006-08-14 17:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 00:51 . 2006-08-14 17:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-23 23:16 . 2008-04-25 16:16 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_06.48.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2010-08-19 20:03 85304 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2010-08-19 05:01 85304 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2010-08-19 20:03 474434 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2010-08-19 05:01 474434 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-23 322352]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 150040]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-08-05 1647960]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-08-05 169312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3 demo\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\SamMax104.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force vs. the 3rd reich\\ffvt3r.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force\\fforce.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mount and blade\\runme.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/24/2010 8:37 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2010 8:37 PM 19024]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 3:47 PM 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/1/2008 8:57 PM 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [9/4/2008 7:28 PM 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 5:00 PM 451872]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [8/5/2008 8:54 AM 181600]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [10/1/2008 6:28 AM 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/30/2009 7:09 AM 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/30/2009 7:11 AM 110080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/29/2009 9:20 PM 133104]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [5/1/2007 3:45 PM 132232]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [5/1/2007 3:45 PM 28416]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 10:11 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jenkins\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-19 16:24:25
ComboFix-quarantined-files.txt 2010-08-19 20:24
ComboFix2.txt 2010-08-19 06:50

Pre-Run: 11,122,876,416 bytes free
Post-Run: 11,105,775,616 bytes free

- - End Of File - - 31A2412A1D963E65043EB2F5E520D6A0
Upload was successful


#13 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:25 AM

Posted 21 August 2010 - 03:57 AM

Hello.

Alright let's get rid of DAEMON Search, and the Toolbar.

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
Folder::
c:\program files\DAEMON Tools Toolbar

FireFox::
FF - ProfilePath - c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\
FF - prefs.js: browser.search.selectedEngine -


Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

~Blade

In your next reply, please include the following:
ComboFix Log
How is the computer running now?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#14 freeaccount

freeaccount
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:25 AM

Posted 21 August 2010 - 08:06 AM

Hi Blade,

Internet Explorer now starts and loads. When I perform an internet search I am not bombarded with redirects any longer. Steam is also loading and connecting. Company of Heroes loads and plays...so I imagine their other games will now also load. Thank you.

Is the lsass.exe noted at the end viral???


Here is the new log

ComboFix 10-08-20.01 - jenkins 08/21/2010 8:23.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2003.1469 [GMT -4:00]
Running from: c:\documents and settings\jenkins\Desktop\renamed.exe
Command switches used :: c:\documents and settings\jenkins\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\DAEMON Tools Toolbar
c:\program files\DAEMON Tools Toolbar\_DTLite.xml

.
((((((((((((((((((((((((( Files Created from 2010-07-21 to 2010-08-21 )))))))))))))))))))))))))))))))
.

2010-08-19 20:15 . 2010-08-19 20:25 -------- d-----w- C:\renamed324r
2010-08-19 01:04 . 2010-08-19 04:08 -------- d-----w- C:\renamed5704r
2010-08-19 01:00 . 2010-08-19 01:03 -------- d-----w- C:\renamed
2010-08-15 13:54 . 2010-07-23 21:22 43008 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-15 13:54 . 2010-07-23 21:22 338944 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-15 13:54 . 2010-07-23 21:22 346112 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-15 13:54 . 2010-07-23 21:22 1496064 ----a-w- c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-11 00:29 . 2010-08-11 00:29 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-08-06 14:19 . 2010-08-06 14:19 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-08-01 11:26 . 2010-08-01 11:22 1129120 ----a-w- c:\documents and settings\All Users\Application Data\STOPzilla!\vdb\vbcorent.dll
2010-08-01 11:22 . 2010-08-19 19:53 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-07-31 23:25 . 2010-07-31 23:26 -------- dc-h--w- c:\windows\ie8
2010-07-31 22:50 . 2010-07-31 22:52 -------- d-----w- c:\windows\system32\NtmsData
2010-07-31 22:45 . 2010-07-31 23:30 -------- d-----w- c:\program files\GameSpy Arcade
2010-07-31 22:04 . 2010-07-31 22:04 1244648 ----a-w- c:\documents and settings\jenkins\Application Data\MSNInstaller\msnauins.exe
2010-07-31 22:04 . 2010-07-31 22:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\MSNInstaller
2010-07-31 01:01 . 2010-07-31 01:01 -------- d-----w- C:\registrybackup
2010-07-30 22:32 . 2010-07-30 22:32 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\jenkins\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-07-30 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-30 21:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-30 21:31 . 2010-07-30 22:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-30 21:31 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-30 20:12 . 2010-07-30 23:06 -------- d-----w- c:\documents and settings\jenkins\Local Settings\Application Data\yxgvxpyjv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-21 12:23 . 2010-02-13 02:04 -------- d-----w- c:\documents and settings\jenkins\Application Data\uTorrent
2010-08-19 21:57 . 2009-09-05 16:18 -------- d-----w- c:\program files\Steam
2010-08-19 19:59 . 2009-06-08 22:35 0 ----a-w- c:\documents and settings\jenkins\Local Settings\Application Data\WavXMapDrive.bat
2010-08-19 06:41 . 2010-08-19 06:41 576 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-08-16 22:15 . 2010-06-18 20:46 -------- d-----w- c:\program files\Aquaria
2010-08-15 15:46 . 2010-02-15 16:20 -------- d-----w- c:\program files\Lx_cats
2010-08-15 02:19 . 2009-11-23 18:34 1100 ----a-w- c:\windows\system32\d3d8caps.dat
2010-08-13 15:53 . 2009-10-06 00:52 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-08-02 23:32 . 2010-08-09 00:07 219910 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1033.dat
2010-07-31 21:51 . 2009-06-28 17:41 -------- d-----w- c:\program files\THQ
2010-07-31 21:51 . 2009-01-30 09:51 -------- d-----w- c:\program files\Google
2010-07-31 21:14 . 2010-03-22 01:28 -------- d-----w- c:\program files\Mount&Blade Warband
2010-07-12 15:47 . 2010-01-02 15:08 -------- d-----w- c:\program files\MSECache
2010-07-07 21:28 . 2010-07-07 21:17 -------- d-----w- c:\documents and settings\jenkins\Application Data\IGN_DLM
2010-07-07 21:17 . 2010-07-07 21:17 -------- d-----w- c:\program files\Download Manager
2010-07-06 23:10 . 2010-06-15 12:03 -------- d-----w- c:\program files\Digital Photo Navigator 1.5
2010-07-04 01:36 . 2009-01-30 09:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-04 01:36 . 2010-07-04 01:36 -------- d-----w- c:\program files\EA Games
2010-07-03 22:08 . 2009-07-19 18:14 -------- d-----w- c:\program files\Activision
2010-07-03 20:52 . 2010-07-03 20:52 -------- d-----w- c:\program files\Sega
2010-07-03 20:51 . 2010-07-03 20:51 -------- d-----w- c:\program files\Sonic
2010-06-27 23:05 . 2010-05-25 00:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-22 23:47 . 2009-01-30 11:06 106496 ----a-w- c:\windows\DUMP9162.tmp
2010-06-14 14:31 . 2008-04-25 21:27 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-05-28 00:52 . 2010-05-28 00:52 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-05-28 00:52 . 2010-05-28 00:52 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-05-28 00:52 . 2010-05-28 00:52 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-05-28 00:52 . 2010-05-28 00:52 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-05-28 00:52 . 2010-05-28 00:52 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-05-28 00:52 . 2010-05-28 00:52 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-05-28 00:51 . 2006-08-14 17:02 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 00:51 . 2006-08-14 17:02 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-23 23:16 . 2008-04-25 16:16 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-08-19_06.48.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-25 16:16 . 2010-08-19 20:03 85304 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2010-08-19 05:01 85304 c:\windows\system32\perfc009.dat
+ 2008-04-25 16:16 . 2010-08-19 20:03 474434 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2010-08-19 05:01 474434 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{022F2F51-CDDA-4873-8A29-72C66C808A3F}"
[HKEY_CLASSES_ROOT\CLSID\{022F2F51-CDDA-4873-8A29-72C66C808A3F}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{661963C1-99A1-44e7-A671-1CF3768AE9D4}"
[HKEY_CLASSES_ROOT\CLSID\{661963C1-99A1-44e7-A671-1CF3768AE9D4}]
2009-11-07 05:07 297808 ----a-w- c:\windows\system32\mscoree.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-30 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-05-23 322352]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2010-04-17 394984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-28 200704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-17 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-17 150040]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-15 178712]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2008-05-14 105472]
"SecureUpgrade"="c:\program files\Wave Systems Corp\SecureUpgrade.exe" [2008-06-24 243000]
"EmbassySecurityCheck"="c:\program files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [2008-06-24 79160]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2008-08-18 598016]
"DCPstrApp"="c:\program files\Dell\Dell ControlPoint\Security Manager\SecurityDeviceInfoSetRegistryString.exe" [2008-08-04 6656]
"DellConnectionManager"="c:\program files\Dell\Dell ControlPoint\Connection Manager\Dell.UCM.exe" [2008-10-01 1454080]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-28 2220032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"mssSort"="c:\program files\Maxtor\ManagerApp\msssort.exe" [2008-08-05 1647960]
"mxomssmenu"="c:\program files\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-08-05 169312]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"LXBSCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 65536]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-28 202256]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2008-11-11 950048]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Laplink\\PCsync\\SFTHost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\help.htm"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\doom 3 demo\\Doom3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\SamMax104.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force vs. the 3rd reich\\ffvt3r.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\freedom force\\fforce.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mount and blade\\runme.exe"=
"c:\\Program Files\\Mount&Blade Warband\\mb_warband.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/24/2010 8:37 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/24/2010 8:37 PM 19024]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/27/2008 3:47 PM 1664248]
R2 BrcmMgmtAgent;Broadcom Management Agent;c:\program files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [7/1/2008 8:57 PM 110592]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [9/4/2008 7:28 PM 406808]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [11/11/2008 5:00 PM 451872]
R2 Maxtor Sync Services;Maxtor Service;c:\program files\Maxtor\Sync\SyncServices.exe [8/5/2008 8:54 AM 181600]
R2 SMManager;Smith Micro Connection Manager Service;c:\program files\Dell\Dell ControlPoint\Connection Manager\SMManager.exe [10/1/2008 6:28 AM 90112]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [1/30/2009 7:09 AM 112128]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [1/30/2009 7:11 AM 110080]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/29/2009 9:20 PM 133104]
S3 SaiH0109;SaiH0109;c:\windows\system32\drivers\SaiH0109.sys [5/1/2007 3:45 PM 132232]
S3 SaiU0109;SaiU0109;c:\windows\system32\drivers\SaiU0109.sys [5/1/2007 3:45 PM 28416]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/12/2010 10:11 PM 691696]
.
Contents of the 'Scheduled Tasks' folder

2010-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-30 01:20]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-19 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-18.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

2010-08-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3645843144-2729602610-2040523510-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\
FF - component: c:\documents and settings\jenkins\Application Data\Mozilla\Firefox\Profiles\gvzaxg2j.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\jenkins\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\program files\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-21 08:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\windows\system32\igfxdev.dll

- - - - - - - > 'lsass.exe'(616)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2010-08-21 08:30:56
ComboFix-quarantined-files.txt 2010-08-21 12:30
ComboFix2.txt 2010-08-19 20:25
ComboFix3.txt 2010-08-19 06:50

Pre-Run: 11,082,731,520 bytes free
Post-Run: 11,065,229,312 bytes free

- - End Of File - - 06092036EC8AEE0D6B9AB79DCF73BC76


#15 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:07:25 AM

Posted 21 August 2010 - 05:58 PM

Hello.

Last couple things to take care of.

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 21.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
-- If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click Ok and reboot your computer.

***************************************************

Your Adobe Reader is out of date. Please uninstall it through Add/Remove Programs and download the latest version from Adobe: Download
Please untick all proposed toolbars unless you really want them.

***************************************************

Now, let's clean up our mess.
  • Click on Start>Run
  • Now type combofix /Uninstall in the runbox and click OK. Notice the space between the "x" and "/".
  • You will then recieve a message letting you know that Combofix was uninstalled Successfully.
This will remove files/folders assoicated with combofix and uninstall it.

***************************************************
  • Please double click on the icon on your desktop.
  • Click the large button marked "Cleanup"
***************************************************

Your machine appears to be clean!

If you disabled emulation drivers earlier, you can re-enable them now if you wish:

To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

***************************************************

I highly recommend that you read through the below set of very helpful suggestions and implement them; they will help protect you from reinfectionI recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • By updating your machine, you have one less headache!
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
  • If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com.
It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

For a nice list of freeware programs in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements.

Another recommendation, is to download HostsMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select at least one of them (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet

Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us!

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users