Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer is possibly beyond repair? No malware programs used can find anything.


  • Please log in to reply
88 replies to this topic

#1 Rocktagon

Rocktagon

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 05 February 2011 - 06:08 PM

Hello. I am back on bleepingcomputer. I had an account that I created a few years ago, but I can't figure out any of my login info. You guys helped me remove a virus using Combofix a few years ago. My computer has been having a ton of problems. I have been having issues for years. I thought everything was fine after I worked through the issues a few years ago, but I continued to have problems. I noticed that my computer (and two others in the house) are currently redirecting links on firefox. When I click on a link that comes up in Google search, it goes to a fake advertising or survey website. Sometimes it will go to the correct site and then redirect in a couple of seconds. I am also having some issues with basic functionality and startup. I am currently getting this message "The instruction at "0x001a624b" referenced memory at "0x00000000". The memory could not be "written". (svchost.exe-Application Error). It keeps popping up. I am familiar with HiJack This and several other programs and can provide any needed information. I have run Mbam, Ad-Aware, Spybot, and SAS, as well as AVG, and nothing is finding anything. I also downloaded tdsskiller and ran it, but it didn't find anything. The current HiJack this log is attached.
THANK YOU SO MUCH! You guys ROCK! :thumbup2:

Attached Files


Edited by Rocktagon, 06 February 2011 - 02:34 AM.
Moved to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:08:38 AM

Posted 09 February 2011 - 03:34 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

We need to create a New FULL OTL Report
  • Please download OTL from here if you have not done so already:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.


Why we request you disable CD Emulation when receiving Malware Removal Advice

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Best Regards,
oneof4.


#3 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 12 February 2011 - 07:30 PM

Hi, sorry I didn't get back right away. I was starting to think that no one would reply. I had no choice but to try to get my computer running, so I did a couple of things while I was waiting for help. I uninstalled AVG and cleared the virus vault. I ran combofix. I reinstalled AVG and downloaded Zone Alarm Firewall. I restored the defaults to my router and set it up again. The redirect problem is gone, but I am still having issues with just this computer. Thank you so much for helping! Here are all of the things you asked for:

OTL logfile created on: 2/12/2011 3:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 31.12 Gb Free Space | 21.76% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.39 Gb Free Space | 6.50% Space Free | Partition Type: FAT32

Computer Name: COMPUTERAADAHAM | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/12 15:54:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/12/20 01:30:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/11/16 17:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/11 13:56:02 | 000,017,920 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2006/05/16 10:58:18 | 000,213,936 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2004/01/21 08:45:48 | 000,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/01/21 08:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe


========== Modules (SafeList) ==========

MOD - [2011/02/12 15:54:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/13 18:11:51 | 000,279,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ddraw.dll
MOD - [2008/04/13 18:11:51 | 000,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dciman32.dll
MOD - [2006/08/11 13:56:02 | 000,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2003/07/28 14:19:00 | 000,852,038 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nview.dll
MOD - [2002/02/01 09:11:00 | 000,106,547 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\SunnComm Shared\msscript.OCX


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/04/14 00:26:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/11/13 23:05:34 | 000,061,440 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2006/11/13 20:59:52 | 000,122,880 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Disabled | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2004/01/21 08:44:28 | 000,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2002/09/13 00:23:06 | 000,046,080 | ---- | M] (C-Dilla Ltd) [Disabled | Stopped] -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE -- (C-DillaSrv)


========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/12/02 02:35:57 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/03/18 19:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 19:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 19:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 19:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2008/04/13 11:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/06/18 14:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2007/04/10 02:00:00 | 000,389,432 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2006/11/13 20:38:28 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2006/11/13 20:38:24 | 000,016,384 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\DigiFilt.sys -- (DigiFilter)
DRV - [2006/11/13 20:37:58 | 000,015,232 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2006/11/13 20:36:36 | 000,109,056 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2006/11/13 07:37:40 | 000,015,488 | R--- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2006/10/05 16:07:28 | 000,072,608 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2006/09/06 22:34:58 | 000,347,776 | R--- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rt73.sys -- (RT73)
DRV - [2006/08/11 13:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/11 13:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/11 13:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2006/08/11 13:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2006/08/11 13:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2006/08/11 13:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/11 13:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/11 13:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/11 13:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2006/07/01 22:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/12/12 17:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2005/11/10 16:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/10/14 14:33:26 | 000,024,576 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_avs.sys -- (ps_avs)
DRV - [2004/10/14 14:33:22 | 000,097,152 | ---- | M] (BridgeCo AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ps_1394.sys -- (ps_1394)
DRV - [2004/08/03 21:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/02 12:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/07/28 14:19:00 | 001,341,339 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/07/11 09:28:56 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2003/03/26 12:17:38 | 000,012,096 | ---- | M] (Roxio) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\MRFilter.sys -- (MrFilter)
DRV - [2002/09/13 00:24:56 | 000,058,160 | ---- | M] (Macrovision) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CDANT.SYS -- (C-Dilla)
DRV - [2001/10/04 17:52:05 | 000,038,176 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/17 12:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop&parm1=seconduser
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/

IE - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wiu.edu/
IE - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "http://www.wiu.edu/"
FF - prefs.js..extensions.enabledItems: {3d7eb24f-2740-49df-8937-200b1cc08f8a}:1.5.14.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: check4change-owner@mozdev.org:1.8.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/29 18:19:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/08 02:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/14 23:29:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/14 23:29:30 | 000,000,000 | ---D | M]

[2008/09/11 17:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Extensions
[2011/02/12 03:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions
[2008/02/09 14:12:56 | 000,000,000 | ---D | M] (Metal Lion - Brushed iCe) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{1BF7AC8B-3EE4-46be-AD8B-7F1FA1F3E15D}
[2010/11/11 01:14:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/11/11 01:14:38 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2007/10/22 13:40:27 | 000,000,000 | ---D | M] ("macfoxIIgraphite") -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{a883dc70-3e3e-11db-a98b-0800200c9a66}
[2011/01/15 01:56:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2006/10/16 15:03:05 | 000,000,000 | ---D | M] (MoveNetworks Quantum Media Player) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\{fa5fc832-506e-4e98-b01c-2862ce15b7f6}
[2006/11/05 18:23:24 | 000,000,000 | ---D | M] ("BlueShift") -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\blueshift@shift.themes
[2011/01/16 18:26:59 | 000,000,000 | ---D | M] (Check4Change) -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\check4change-owner@mozdev.org
[2006/09/25 19:49:23 | 000,000,000 | ---D | M] ("GreenShift") -- C:\Documents and Settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\extensions\greenshift@shift.themes
[2011/02/12 03:58:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/25 16:44:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011/02/08 02:58:58 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX
[2009/05/06 20:24:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2006/10/12 00:00:05 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll

O1 HOSTS File: ([2011/02/08 01:44:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HPBootOp] C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe (Macrovision Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\Run: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-21-2320136394-33482175-3832342146-1009..\Run: [NVIEW] C:\WINDOWS\System32\nview.dll (NVIDIA Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [SetDefaultMIDI] C:\WINDOWS\MIDIDEF.EXE (Creative Technology Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2320136394-33482175-3832342146-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} http://www.sis.com/ocis/OSInfo.cab (OSInfo Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} http://www.sis.com/ocis/SiSAutodetectNT.cab (SiS_OCX Control)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///F:/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///F:/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/26 15:53:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/12 15:54:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/02/12 04:57:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Compaq_Owner\Recent
[2011/02/11 23:00:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\Cornelius - Sensuous
[2011/02/11 22:53:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Desktop\The Second Stage Turbine Blade
[2011/02/08 18:04:06 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/02/08 18:02:19 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/02/08 17:33:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ZoneAlarm
[2011/02/08 17:33:36 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2011/02/08 17:33:30 | 000,104,448 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2011/02/08 17:33:30 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2011/02/08 17:33:21 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2011/02/08 17:33:19 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2011/02/08 17:33:19 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2011/02/08 17:33:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2011/02/08 17:33:18 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2011/02/08 17:33:18 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2011/02/08 17:33:16 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2011/02/08 17:33:15 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2011/02/08 17:32:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2011/02/08 17:32:32 | 000,715,264 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2011/02/08 17:32:32 | 000,228,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2011/02/08 17:32:32 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2011/02/08 17:30:01 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/08 03:00:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/08 02:58:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/08 01:50:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/02/08 00:05:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/08 00:05:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/08 00:05:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/08 00:05:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/08 00:04:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/07 23:37:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/26 16:52:52 | 000,000,000 | ---D | C] -- C:\18c90c7c97fbd9deb8
[2011/01/24 01:17:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Compaq_Owner\Application Data\Jobulator
[2011/01/24 01:17:06 | 000,000,000 | ---D | C] -- C:\Program Files\Jobulator
[2011/01/21 08:44:37 | 000,439,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/16 16:51:51 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/01/14 23:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/01/14 23:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/01/14 23:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/01/14 23:29:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/01/14 23:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2008/06/20 14:10:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.sys
[2006/08/11 13:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/12 15:56:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\j1t459kz.exe
[2011/02/12 15:55:48 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2011/02/12 15:54:29 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Compaq_Owner\Desktop\OTL.exe
[2011/02/12 15:38:29 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/02/12 15:34:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/12 15:34:08 | 1073,270,784 | -HS- | M] () -- C:\hiberfil.sys
[2011/02/12 04:58:14 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2011/02/12 04:58:14 | 000,030,888 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2011/02/12 04:58:14 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2011/02/12 04:58:14 | 000,029,952 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2011/02/12 04:58:14 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2011/02/12 04:58:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/02/12 04:58:14 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/02/12 04:57:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-20051102}.CDF
[2011/02/12 04:57:24 | 004,958,588 | ---- | M] () -- C:\WINDOWS\{00000000-00000000-00000009-00001102-00000004-20051102}.BAK
[2011/02/12 00:02:22 | 317,073,756 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Hilarious.avi
[2011/02/11 22:49:36 | 082,646,318 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Cornelius - Sensuous.zip
[2011/02/10 19:24:32 | 001,502,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/02/09 18:28:28 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/08 17:34:11 | 000,420,800 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/08 17:33:41 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/02/08 17:33:38 | 000,000,739 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ZoneAlarm Security.lnk
[2011/02/08 09:58:15 | 105,700,181 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 03:00:58 | 000,000,698 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/08 01:44:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/08 00:04:54 | 004,264,891 | R--- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/02/07 23:36:24 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
[2011/02/07 23:36:24 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
[2011/02/07 16:16:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/25 22:39:22 | 000,044,032 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/25 20:42:11 | 599,868,942 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\i love you, man.avi
[2011/01/24 01:17:13 | 000,000,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Jobulator.lnk
[2011/01/23 22:33:55 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/01/21 08:44:37 | 008,462,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2011/01/21 08:44:37 | 000,439,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shimgvw.dll
[2011/01/16 02:20:47 | 349,764,980 | ---- | M] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SRV-Pride and Joy.avi
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/12 15:56:58 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\j1t459kz.exe
[2011/02/12 15:55:46 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Defogger.exe
[2011/02/11 22:42:17 | 082,646,318 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Cornelius - Sensuous.zip
[2011/02/11 22:32:04 | 317,073,756 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\Hilarious.avi
[2011/02/08 17:33:41 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2011/02/08 17:33:38 | 000,000,739 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ZoneAlarm Security.lnk
[2011/02/08 17:33:16 | 000,420,800 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/02/08 09:58:15 | 105,700,181 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/08 03:00:58 | 000,000,698 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/08 00:05:34 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/08 00:05:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/08 00:05:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/08 00:05:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/08 00:05:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/07 23:36:10 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/02/05 16:50:39 | 004,264,891 | R--- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\ComboFix.exe
[2011/01/29 23:13:22 | 1073,270,784 | -HS- | C] () -- C:\hiberfil.sys
[2011/01/25 22:20:50 | 599,868,942 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\i love you, man.avi
[2011/01/24 01:17:13 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Jobulator.lnk
[2011/01/24 01:17:12 | 000,000,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Jobulator.lnk
[2011/01/16 01:01:22 | 349,764,980 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Desktop\SRV-Pride and Joy.avi
[2010/05/21 23:15:10 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/08/23 22:54:10 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/06/20 14:10:45 | 000,000,033 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.log
[2008/06/20 14:10:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.cat
[2008/06/20 14:10:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\pcouffin.inf
[2008/05/16 13:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2008/05/09 14:33:07 | 000,000,056 | ---- | C] () -- C:\WINDOWS\RKACCUBURN.INI
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/10/19 00:28:37 | 000,003,429 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\evpro32.prf
[2007/10/19 00:24:34 | 000,000,074 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\evplay.prf
[2007/10/19 00:24:05 | 000,001,020 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\evmanage.prf
[2007/09/26 00:58:40 | 000,001,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/08/21 20:46:49 | 000,039,899 | R--- | C] () -- C:\WINDOWS\System32\rtsicis.ini
[2007/08/19 20:37:51 | 000,000,016 | ---- | C] () -- C:\WINDOWS\System32\msvcsv60.dll
[2007/08/19 15:16:13 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/08/19 15:15:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2007/04/12 12:44:13 | 000,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/03/31 01:55:49 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2007/03/01 22:13:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/01 22:13:03 | 000,399,360 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2006/11/05 18:58:41 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\fusioncache.dat
[2006/11/05 17:58:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2006/11/05 12:01:06 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/11/05 12:01:06 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/09/05 01:04:18 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A4W.INI
[2006/08/31 10:46:13 | 000,000,310 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2006/08/23 02:03:27 | 000,000,677 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2006/08/11 14:14:08 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/11 14:14:08 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/08/11 13:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2006/06/07 12:23:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv7.dll
[2006/05/23 11:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2006/03/07 10:59:04 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv6.dll
[2006/02/24 22:03:37 | 000,000,162 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/01/10 16:11:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\lxczcnv5.dll
[2005/10/24 18:41:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2005/10/05 21:02:02 | 000,000,023 | ---- | C] () -- C:\WINDOWS\MixBUda.INI
[2005/09/26 10:23:55 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/09/26 10:23:55 | 000,036,864 | R--- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/09/20 15:20:46 | 000,044,032 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/17 02:09:34 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Compaq_Owner\Application Data\wklnhst.dat
[2005/07/17 00:03:49 | 000,000,063 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/07/05 17:07:13 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/07/05 17:05:07 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/07/05 17:05:07 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/07/05 17:05:06 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/07/05 17:05:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/07/05 17:05:06 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/07/05 17:05:06 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/07/05 17:04:00 | 000,000,075 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2005/07/05 17:03:59 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2005/07/05 16:36:23 | 000,013,974 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2005/07/05 16:36:19 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2005/07/05 16:36:00 | 000,002,150 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/07/05 16:33:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/05 16:22:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/07/05 16:19:43 | 000,053,312 | ---- | C] () -- C:\WINDOWS\System32\upddrv9x.dll
[2005/07/05 16:17:38 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/07/05 16:17:38 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/07/05 16:09:22 | 000,000,882 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005/07/05 16:08:02 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\ctmmactl.dll
[2005/02/18 04:56:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/01/26 15:53:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/19 16:45:40 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/01/19 16:45:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/06/29 13:47:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\WinIo.sys
[2004/06/15 15:38:00 | 000,000,592 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2003/04/10 16:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/04 17:52:05 | 000,038,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 1065 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:wVOBuWQenLOduxKMr7FeaaF9ki3H8
@Alternate Data Stream - 1043 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:QaMAGPsVgTsOEEg8YpnJ9KQ

< End of report >

OTL Extras logfile created on: 2/12/2011 3:58:21 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Compaq_Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 424.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 143.04 Gb Total Space | 31.12 Gb Free Space | 21.76% Space Free | Partition Type: NTFS
Drive D: | 5.99 Gb Total Space | 0.39 Gb Free Space | 6.50% Space Free | Partition Type: FAT32

Computer Name: COMPUTERAADAHAM | User Name: Compaq_Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"23241:TCP" = 23241:TCP:*:Enabled:BitComet 23241 TCP
"23241:UDP" = 23241:UDP:*:Enabled:BitComet 23241 UDP

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe" = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe:*:Enabled:BackWeb for Presario -- (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic RecordNow Data
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3912A629-0020-0005-3757-2FBA74D4DF0A}" = InterVideo WinDVD Player
"{39F9E26D-887F-7B63-3157-E32558F29EC3}" = Jobulator
"{3BA95526-6AE0-4B87-A62D-17187EF565FC}" = HP Boot Optimizer
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5AA41AD3-A60F-4E44-A13D-4EF09197D515}" = AmpliTube 1.1 LE
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{82D48AB1-8E7F-4AA5-A5FA-47FA58A48110}" = Free Bomb Factory Plug-Ins 7.3
"{83073C45-3003-4671-9A86-243AAADD915A}" = Microsoft Calculator Plus
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{885744A4-1A01-44B0-858A-0AE6738CBCF7}" = PrimoPDF Redistribution Package
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD Player
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{993A352A-2957-4661-A1EF-2D8F6F3C9234}" = Belkin Wireless G Plus MIMO USB Network Adapter
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D623E1A-30E1-4E55-BD80-5C1359DB120B}" = Melodyne 3.1
"{A15B3CF2-7FB7-4102-BBC9-9680B7F0825F}" = InterLok Driver Kit
"{A1F143D1-1F0D-44FB-A44B-71D4367D16DE}" = Melodyne 3.1
"{A276502A-8979-44FB-8090-90CF72F22ABC}" = AVG 2011
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support 4.0
"{A9FC3677-D5CD-4169-B78A-297D541EEB36}" = Sound Blaster Audigy 2 ZS
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic RecordNow Audio
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AFE354A5-640F-4A23-94C8-0B441E8967CA}" = Digidesign Shared Plug-Ins 7.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic RecordNow Copy
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C325F588-D6B1-4A7F-B6A2-914C75DDA348}" = Morrowind
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DB3C800B-081B-4146-B4E3-EFB5B77AA913}" = TES Construction Set
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E52BFE61-E0FF-11D6-9D69-00065BABCB42}" = Reason
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF2F3EF2-A1CC-4ACD-BCAE-92CAC8D5613A}" = Digidesign Pro Tools LE 7.3.1
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F4C68898-EBA5-46A9-82B3-2D30426086BF}" = AVG 2011
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF5D0751-E692-11D4-99D0-0060B0A11DC1}" = 3ds max 4
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"AudioConSole" = Creative Audio Console
"AVG" = AVG 2011
"BackWeb-6750491 Uninstaller" = Compaq Connections
"CCleaner" = CCleaner
"DriverAgent.exe" = DriverAgent by eSupport.com
"DVD Shrink_is1" = DVD Shrink 3.2
"GIF Animator" = Microsoft GIF Animator
"Help and Support Additions" = Help and Support Additions
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
"InstallShield_{993A352A-2957-4661-A1EF-2D8F6F3C9234}" = Belkin Wireless G Plus MIMO USB Network Adapter
"Jobulator" = Jobulator
"LMS" = C-Dilla Licence Management System
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MP3 CD Converter_is1" = MP3 CD Converter 4.10
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"NVIDIA Drivers" = NVIDIA Drivers
"PC Wizard 2007_is1" = PC Wizard 2007.1.73
"PrimoPDF3.0" = PrimoPDF
"PS2" = PS2
"RealPlayer 12.0" = RealPlayer
"Roxio MRFilter" = Roxio EasyWrite Reader
"Steinberg Cubase LE" = Steinberg Cubase LE
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.0
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"ZoneAlarm" = ZoneAlarm

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2011 6:36:14 AM | Computer Name = COMPUTERAADAHAM | Source = Bonjour Service | ID = 100
Description = 288: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/17/2011 5:55:57 AM | Computer Name = COMPUTERAADAHAM | Source = Bonjour Service | ID = 100
Description = 288: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/19/2011 4:35:01 AM | Computer Name = COMPUTERAADAHAM | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 1/24/2011 6:11:17 AM | Computer Name = COMPUTERAADAHAM | Source = Bonjour Service | ID = 100
Description = 292: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 1/26/2011 5:34:24 AM | Computer Name = COMPUTERAADAHAM | Source = Bonjour Service | ID = 100
Description = 292: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/8/2011 1:41:16 AM | Computer Name = COMPUTERAADAHAM | Source = MsiInstaller | ID = 11921
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 2/8/2011 1:43:08 AM | Computer Name = COMPUTERAADAHAM | Source = MsiInstaller | ID = 11921
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 2/8/2011 1:51:36 AM | Computer Name = COMPUTERAADAHAM | Source = MsiInstaller | ID = 11921
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2011 -- Error
1921. SA_Error1921: StandardAction(0xC0070781): Service 'AVG WatchDog' (avgwd)
could not be stopped. Verify that you have sufficient privileges to stop system
services.

Error - 2/8/2011 5:02:00 AM | Computer Name = COMPUTERAADAHAM | Source = ESENT | ID = 490
Description = svchost (988) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 2/12/2011 5:58:01 AM | Computer Name = COMPUTERAADAHAM | Source = Application Error | ID = 1000
Description = Faulting application plugin-container.exe, version 1.9.2.3989, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x0000100b.

[ System Events ]
Error - 2/11/2011 1:37:25 AM | Computer Name = COMPUTERAADAHAM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 2/11/2011 8:16:41 PM | Computer Name = COMPUTERAADAHAM | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 2/12/2011 12:17:27 AM | Computer Name = COMPUTERAADAHAM | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.3
with the system having network hardware address 00:23:32:70:1A:18. Network operations
on this system may be disrupted as a result.

Error - 2/12/2011 12:17:27 AM | Computer Name = COMPUTERAADAHAM | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.2.3
with the system having network hardware address 00:23:32:70:1A:18. Network operations
on this system may be disrupted as a result.

Error - 2/12/2011 12:27:29 AM | Computer Name = COMPUTERAADAHAM | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.3 for the Network Card with network
address 001CDF24F834 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 2/12/2011 12:28:22 AM | Computer Name = COMPUTERAADAHAM | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 2/12/2011 12:35:55 AM | Computer Name = COMPUTERAADAHAM | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort2, did not respond within the timeout
period.

Error - 2/12/2011 5:36:18 PM | Computer Name = COMPUTERAADAHAM | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 2/12/2011 5:57:22 PM | Computer Name = COMPUTERAADAHAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}

Error - 2/12/2011 5:57:46 PM | Computer Name = COMPUTERAADAHAM | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service MDM with arguments
"" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}


< End of report >


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-02-12 18:24:51
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5 SAMSUNG_SP1614C rev.SW100-30
Running: j1t459kz.exe; Driver: C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\kwxdqkob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAA328534]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAA322782]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAA3416DC]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAA328CC0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAA328DF6]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAA323398]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAA342FE4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAA34293C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAA34393C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA343B44]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAA322FAA]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA977D6C0]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAA3448D2]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAA344208]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAA3280F4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAA3452A4]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAA32375C]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0xAA344E12]
SSDT \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAA3420C4]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA977D770]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA977D810]
SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA977D8B0]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF712D340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [AA32D672] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [AA32BC2A] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [AA32DCBA] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [AA32D4C8] \SystemRoot\System32\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat DigiFilt.sys (Digidesign Filter Driver/Digidesign, A Division of Avid Technology, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )

Device \FileSystem\Cdfs \Cdfs A86CF400

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc@imagepath \systemroot\system32\drivers\geyekridojdwgy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main@aid 10096
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules@geyekrrk.sys \systemroot\system32\drivers\geyekridojdwgy.sys
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules@geyekrcmd.dll \systemroot\system32\geyekrumuobtbt.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules@geyekrlog.dat \systemroot\system32\geyekrctaicirf.dat
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules@geyekrwsp.dll \systemroot\system32\geyekrxrhslauf.dll
Reg HKLM\SYSTEM\ControlSet001\Services\geyekrmyafrtcc\modules@geyekr.dat \systemroot\system32\geyekrrpqqypdp.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc@imagepath \systemroot\system32\drivers\geyekridojdwgy.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main@aid 10096
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main\injector@* geyekrwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules@geyekrrk.sys \systemroot\system32\drivers\geyekridojdwgy.sys
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules@geyekrcmd.dll \systemroot\system32\geyekrumuobtbt.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules@geyekrlog.dat \systemroot\system32\geyekrctaicirf.dat
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules@geyekrwsp.dll \systemroot\system32\geyekrxrhslauf.dll
Reg HKLM\SYSTEM\ControlSet003\Services\geyekrmyafrtcc\modules@geyekr.dat \systemroot\system32\geyekrrpqqypdp.dat

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\3d18bee9297f9938\9d258b40-4af4-4d3d-9180-2d4dc4d32342 3911588 bytes
File C:\Documents and Settings\All Users\Application Data\AVG10\Chjw\3d18bee9297f9938\b866f33b-5e14-4e6b-a15e-6d10001a3343 9067674 bytes

---- EOF - GMER 1.0.15 ----

#4 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 13 February 2011 - 07:38 AM

Hello Rocktagon (and thanks oneof4),

The Gmer log shows some likely remnants of a rootkit still there. Let's get a few specialty looks at things, then decide on what repairs are needed. These repairs may require the use of ComboFix again, and since AVG has chosen to target some of it's functions, it may need to be uninstalled again. Once we remove the malware, you can reinstall it, so it can return to protecting your system (yes, there probably is a point being made in that). Your choice to just run ComboFix was not the best choice though. It is an excellent, and aggressive, malware removal program, but when run in the wrong way, wrong situation or wrong setup, the first request the person posts here is too often from a different computer, asking for help with the bootup problems on the infected one.

But let's take a look. Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Click here and download Kaspersky's TDSSKiller to your desktop, then unzip that and place a copy of the TDSSKiller.exe file on your desktop. Then click that to open the scanner.

In the display that opens click Start scan. Once that completes, it will show a list of any malware it locates. For now, we don't want to take any action, until additional info is known, so use the drop down (upper right), and change it to "Skip" for each item found.

When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

-------------

Post that log, along with the C:\ComboFix.txt log created from the earlier ComboFix run (don't run a new scan with it though).

Edited by Jintan, 13 February 2011 - 07:39 AM.
Typo

Ad eundum quo no duck ante iit

#5 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 13 February 2011 - 04:59 PM

Hi. Once again, I'm sorry that I already ran Combofix. I created a system restore point before I did it, but I needed to get my computer to a functional state. I ran TDSS Killer, but it didn't find any malware.

2011/02/13 15:51:27.0703 3052 TDSS rootkit removing tool 2.4.17.0 Feb 10 2011 11:07:20
2011/02/13 15:51:28.0375 3052 ================================================================================
2011/02/13 15:51:28.0375 3052 SystemInfo:
2011/02/13 15:51:28.0375 3052
2011/02/13 15:51:28.0375 3052 OS Version: 5.1.2600 ServicePack: 3.0
2011/02/13 15:51:28.0375 3052 Product type: Workstation
2011/02/13 15:51:28.0375 3052 ComputerName: COMPUTERAADAHAM
2011/02/13 15:51:28.0390 3052 UserName: Compaq_Owner
2011/02/13 15:51:28.0390 3052 Windows directory: C:\WINDOWS
2011/02/13 15:51:28.0390 3052 System windows directory: C:\WINDOWS
2011/02/13 15:51:28.0390 3052 Processor architecture: Intel x86
2011/02/13 15:51:28.0390 3052 Number of processors: 1
2011/02/13 15:51:28.0390 3052 Page size: 0x1000
2011/02/13 15:51:28.0390 3052 Boot type: Normal boot
2011/02/13 15:51:28.0390 3052 ================================================================================
2011/02/13 15:51:28.0781 3052 Initialize success
2011/02/13 15:51:40.0359 1612 ================================================================================
2011/02/13 15:51:40.0359 1612 Scan started
2011/02/13 15:51:40.0359 1612 Mode: Manual;
2011/02/13 15:51:40.0359 1612 ================================================================================
2011/02/13 15:51:42.0296 1612 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/02/13 15:51:42.0703 1612 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/02/13 15:51:43.0437 1612 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/02/13 15:51:43.0843 1612 AegisP (91f3df93f40a74d222cd166fe95db633) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/02/13 15:51:44.0265 1612 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/02/13 15:51:46.0343 1612 AmdK8 (efbb0956baed786e137351b5ca272aef) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/02/13 15:51:47.0046 1612 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/02/13 15:51:48.0437 1612 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/02/13 15:51:48.0828 1612 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/02/13 15:51:49.0765 1612 ati2mtag (8759322ffc1a50569c1e5528ee8026b7) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/02/13 15:51:50.0375 1612 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/02/13 15:51:50.0750 1612 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/02/13 15:51:51.0500 1612 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/02/13 15:51:51.0859 1612 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/02/13 15:51:52.0218 1612 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/02/13 15:51:52.0750 1612 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/02/13 15:51:53.0203 1612 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/02/13 15:51:53.0687 1612 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/02/13 15:51:54.0062 1612 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/02/13 15:51:54.0515 1612 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/02/13 15:51:54.0984 1612 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/02/13 15:51:55.0375 1612 C-Dilla (8970813a3d73e390047d0b17e4af852c) C:\WINDOWS\system32\drivers\CDANT.SYS
2011/02/13 15:51:55.0781 1612 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/02/13 15:51:56.0453 1612 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/02/13 15:51:56.0828 1612 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/02/13 15:51:57.0218 1612 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/02/13 15:51:58.0296 1612 COMMONFX (ef44c32b1aef62380426b260bf2c66f1) C:\WINDOWS\system32\drivers\COMMONFX.SYS
2011/02/13 15:51:58.0687 1612 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/02/13 15:51:59.0562 1612 ctac32k (fb06bb39860340c6fa84867f0288d1dd) C:\WINDOWS\system32\drivers\ctac32k.sys
2011/02/13 15:52:00.0265 1612 ctaud2k (b810fa12cf726b200e057834eaebb1ac) C:\WINDOWS\system32\drivers\ctaud2k.sys
2011/02/13 15:52:00.0953 1612 CTAUDFX (7fc78aa6521ef3d9f16e51efab0bf13b) C:\WINDOWS\system32\drivers\CTAUDFX.SYS
2011/02/13 15:52:01.0625 1612 ctdvda2k (c4333325d325efa668888d0d3177c6ff) C:\WINDOWS\system32\drivers\ctdvda2k.sys
2011/02/13 15:52:02.0140 1612 CTERFXFX (16f448354067914e7deaea709011bd60) C:\WINDOWS\system32\drivers\CTERFXFX.SYS
2011/02/13 15:52:02.0546 1612 ctprxy2k (1fa95c8cf34b9911e352a07ea7a200fc) C:\WINDOWS\system32\drivers\ctprxy2k.sys
2011/02/13 15:52:03.0078 1612 CTSBLFX (64c83684661be137023f5186a612cf34) C:\WINDOWS\system32\drivers\CTSBLFX.SYS
2011/02/13 15:52:03.0687 1612 ctsfm2k (400cb754b91f73bee2655686a57269d2) C:\WINDOWS\system32\drivers\ctsfm2k.sys
2011/02/13 15:52:04.0781 1612 dalwdmservice (2f32abe51836f197429a32c14ff6abd7) C:\WINDOWS\system32\drivers\dalwdm.sys
2011/02/13 15:52:05.0187 1612 DigiFilter (ba912376605b72b1039da461c1fa19c6) C:\WINDOWS\system32\drivers\DigiFilt.sys
2011/02/13 15:52:05.0562 1612 DigiNet (224e5710c0ba4e23222db1383062e0d2) C:\WINDOWS\system32\DRIVERS\diginet.sys
2011/02/13 15:52:05.0937 1612 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/02/13 15:52:06.0578 1612 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/02/13 15:52:07.0234 1612 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/02/13 15:52:07.0656 1612 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/02/13 15:52:08.0046 1612 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/02/13 15:52:08.0750 1612 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/02/13 15:52:09.0125 1612 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
2011/02/13 15:52:09.0375 1612 eeCtrl (2d401f82d4e81aaf89daaa45f04782a2) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/02/13 15:52:09.0906 1612 emupia (7bb488ec082d40645936d9e583f560dc) C:\WINDOWS\system32\drivers\emupia2k.sys
2011/02/13 15:52:10.0312 1612 Entech (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.SYS
2011/02/13 15:52:10.0750 1612 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/02/13 15:52:11.0171 1612 fasttx2k (1e580770bdece924494b368ac980749e) C:\WINDOWS\system32\DRIVERS\fasttx2k.sys
2011/02/13 15:52:11.0578 1612 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/02/13 15:52:11.0953 1612 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/02/13 15:52:12.0312 1612 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/02/13 15:52:12.0734 1612 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/02/13 15:52:13.0109 1612 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/02/13 15:52:13.0484 1612 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/02/13 15:52:13.0906 1612 gagp30kx (3a74c423cf6bcca6982715878f450a3b) C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
2011/02/13 15:52:14.0281 1612 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/02/13 15:52:14.0656 1612 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/02/13 15:52:15.0281 1612 ha10kx2k (9bb84b1dff8bce7fdddea746f6819fcf) C:\WINDOWS\system32\drivers\ha10kx2k.sys
2011/02/13 15:52:15.0953 1612 hap16v2k (1418833169b29780fbdab127623b8767) C:\WINDOWS\system32\drivers\hap16v2k.sys
2011/02/13 15:52:16.0421 1612 hap17v2k (8b3148391dc121d96d513785d588e75b) C:\WINDOWS\system32\drivers\hap17v2k.sys
2011/02/13 15:52:16.0875 1612 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/02/13 15:52:17.0281 1612 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/02/13 15:52:18.0093 1612 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/02/13 15:52:19.0250 1612 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/02/13 15:52:19.0640 1612 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/02/13 15:52:20.0375 1612 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/02/13 15:52:20.0750 1612 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/02/13 15:52:21.0109 1612 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/02/13 15:52:21.0484 1612 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/02/13 15:52:21.0859 1612 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/02/13 15:52:22.0265 1612 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/02/13 15:52:22.0687 1612 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/02/13 15:52:23.0093 1612 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/02/13 15:52:23.0468 1612 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/02/13 15:52:23.0843 1612 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/02/13 15:52:24.0218 1612 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/02/13 15:52:24.0593 1612 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/02/13 15:52:25.0000 1612 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/02/13 15:52:25.0453 1612 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/02/13 15:52:26.0531 1612 MBX2DFU (201a22110f1c67c6c491a951fabe8941) C:\WINDOWS\system32\DRIVERS\MBX2DFU.sys
2011/02/13 15:52:26.0890 1612 MBX2MIDK (750d2c6acbc6312866b67d8407d070ca) C:\WINDOWS\system32\drivers\mbx2midk.sys
2011/02/13 15:52:27.0265 1612 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/02/13 15:52:27.0640 1612 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/02/13 15:52:28.0000 1612 motmodem (fe80c18ba448ddd76b7bead9eb203d37) C:\WINDOWS\system32\DRIVERS\motmodem.sys
2011/02/13 15:52:28.0375 1612 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/02/13 15:52:28.0734 1612 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/02/13 15:52:29.0093 1612 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/02/13 15:52:29.0796 1612 MrFilter (c5e4cf1ac1078b2d0da1f9b017984ec8) C:\WINDOWS\system32\drivers\MrFilter.sys
2011/02/13 15:52:30.0203 1612 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/02/13 15:52:30.0703 1612 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/02/13 15:52:31.0062 1612 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/02/13 15:52:31.0421 1612 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/02/13 15:52:31.0765 1612 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/02/13 15:52:32.0140 1612 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/02/13 15:52:32.0531 1612 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/02/13 15:52:33.0218 1612 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/02/13 15:52:33.0625 1612 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/02/13 15:52:33.0984 1612 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/02/13 15:52:34.0375 1612 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/02/13 15:52:34.0765 1612 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/02/13 15:52:35.0140 1612 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/02/13 15:52:35.0546 1612 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/02/13 15:52:36.0000 1612 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/02/13 15:52:36.0375 1612 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/02/13 15:52:36.0937 1612 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/02/13 15:52:37.0500 1612 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/02/13 15:52:38.0328 1612 nv (1685a86ce8dc5a70d307dca625fb50e7) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/02/13 15:52:39.0140 1612 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/02/13 15:52:39.0500 1612 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/02/13 15:52:39.0875 1612 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/02/13 15:52:40.0312 1612 ossrv (01e1ab8249f9dde5978c6b4af18eda7c) C:\WINDOWS\system32\drivers\ctoss2k.sys
2011/02/13 15:52:40.0718 1612 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/02/13 15:52:41.0093 1612 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/02/13 15:52:41.0437 1612 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/02/13 15:52:41.0812 1612 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/02/13 15:52:42.0515 1612 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/02/13 15:52:42.0906 1612 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/02/13 15:52:43.0359 1612 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/02/13 15:52:45.0734 1612 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/02/13 15:52:46.0109 1612 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/02/13 15:52:46.0468 1612 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
2011/02/13 15:52:46.0859 1612 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/02/13 15:52:47.0265 1612 ps_1394 (7c83ca0fd06da7878e01b547cd33cfeb) C:\WINDOWS\system32\Drivers\ps_1394.sys
2011/02/13 15:52:47.0640 1612 ps_avs (6fc7292ae311fe1b2fff09b7f6ae5220) C:\WINDOWS\system32\Drivers\ps_avs.sys
2011/02/13 15:52:48.0000 1612 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/02/13 15:52:48.0375 1612 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/02/13 15:52:50.0390 1612 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/02/13 15:52:50.0765 1612 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/02/13 15:52:51.0140 1612 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/02/13 15:52:51.0515 1612 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/02/13 15:52:51.0875 1612 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/02/13 15:52:52.0281 1612 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/02/13 15:52:52.0687 1612 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/02/13 15:52:53.0109 1612 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/02/13 15:52:53.0515 1612 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/02/13 15:52:54.0031 1612 RT73 (7b8994bd539c3d9bbd7b2a3b204c29e8) C:\WINDOWS\system32\DRIVERS\rt73.sys
2011/02/13 15:52:54.0515 1612 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/02/13 15:52:54.0890 1612 SbcpHid (aaf28ab6effd8990bfe20398e92f101e) C:\WINDOWS\system32\Drivers\SbcpHid.sys
2011/02/13 15:52:55.0296 1612 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/02/13 15:52:55.0656 1612 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/02/13 15:52:56.0031 1612 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/02/13 15:52:56.0421 1612 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/02/13 15:52:57.0234 1612 SiS315 (d500827b25af28364ce58795276b5529) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/02/13 15:52:57.0703 1612 SiSkp (910af3e0b5c5c154c6e93478c5048d1c) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/02/13 15:52:58.0078 1612 SISNIC (5529b51aacff16fbdde4b34ff0af2b76) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/02/13 15:52:58.0765 1612 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/02/13 15:52:59.0140 1612 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/02/13 15:52:59.0656 1612 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/02/13 15:53:00.0000 1612 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/02/13 15:53:00.0359 1612 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/02/13 15:53:02.0078 1612 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/02/13 15:53:02.0593 1612 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/02/13 15:53:03.0078 1612 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/02/13 15:53:03.0437 1612 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/02/13 15:53:03.0796 1612 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/02/13 15:53:04.0546 1612 TPkd (15fb67eb022a74b30e278d19b03da3b4) C:\WINDOWS\system32\drivers\TPkd.sys
2011/02/13 15:53:04.0953 1612 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/02/13 15:53:05.0796 1612 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/02/13 15:53:06.0328 1612 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/02/13 15:53:06.0703 1612 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/02/13 15:53:07.0078 1612 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/02/13 15:53:07.0453 1612 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/02/13 15:53:07.0828 1612 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/02/13 15:53:08.0203 1612 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/02/13 15:53:08.0562 1612 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/02/13 15:53:08.0906 1612 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/02/13 15:53:09.0265 1612 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/02/13 15:53:09.0625 1612 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/02/13 15:53:09.0984 1612 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/02/13 15:53:10.0343 1612 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/02/13 15:53:10.0703 1612 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/02/13 15:53:11.0281 1612 vsdatant (050c38ebb22512122e54b47dc278bccd) C:\WINDOWS\system32\vsdatant.sys
2011/02/13 15:53:11.0890 1612 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/02/13 15:53:12.0406 1612 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/02/13 15:53:13.0250 1612 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/02/13 15:53:13.0703 1612 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/02/13 15:53:14.0109 1612 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/02/13 15:53:14.0500 1612 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/02/13 15:53:15.0000 1612 ================================================================================
2011/02/13 15:53:15.0000 1612 Scan finished
2011/02/13 15:53:15.0000 1612 ================================================================================


ComboFix 11-02-07.01 - Compaq_Owner 02/08/2011 0:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.746 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Compaq_Owner\Application Data\inst.exe
C:\index.htm
c:\program files\Java
c:\program files\Java\jre6\lib\ext\QTJava.zip
c:\windows\AutoRun.ini
c:\windows\system32\components
c:\windows\system32\dfhkj.bak2
c:\windows\system32\dfhkj.tmp
c:\windows\system32\geyekrctaicirf.dat
c:\windows\system32\geyekrrpqqypdp.dat
c:\windows\system32\twunk_32.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_geyekrmyafrtcc
-------\Legacy_MSUPDATE
-------\Service_geyekrmyafrtcc


((((((((((((((((((((((((( Files Created from 2011-01-08 to 2011-02-08 )))))))))))))))))))))))))))))))
.

2011-01-26 22:54 . 2011-01-31 06:39 -------- d-----w- c:\windows\system32\MpEngineStore
2011-01-26 22:52 . 2011-01-26 22:52 -------- d-----w- C:\18c90c7c97fbd9deb8
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Jobulator
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\program files\Jobulator
2011-01-20 05:55 . 2011-01-20 05:55 -------- d-----w- c:\documents and settings\Administrator.COMPUTERAADAHAM.000
2011-01-16 22:51 . 2011-01-16 22:51 -------- d-----w- C:\spoolerlogs
2011-01-15 05:33 . 2011-01-15 05:34 -------- d-----w- c:\program files\iPod
2011-01-15 05:33 . 2011-01-15 05:35 -------- d-----w- c:\program files\iTunes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-08 05:55 . 2010-09-13 21:27 0 ----a-w- c:\windows\system32\drivers\AVGIDSEH.sys
2010-12-21 00:09 . 2008-12-22 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-12-22 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-02 08:35 . 2010-12-02 08:35 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-11-30 00:18 . 2003-02-20 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-30 00:18 . 2003-03-18 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-10 23:08 . 2010-11-10 23:08 0 ----atw- c:\windows\005667_.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-17 113664]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-8-6 209016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI3"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk
backup=c:\windows\pss\Belkin Wireless Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThaCC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 19:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
2006-11-14 05:05 61440 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 13:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 20:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 20:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-30 00:18 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"wuauserv"=2 (0x2)
"Schedule"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"digiSPTIService"=3 (0x3)
"DigiRefresh"=2 (0x2)
"lxcz_device"=2 (0x2)
"C-DillaSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"Pxgcleprtn"=3 (0x3)
"MDM"=2 (0x2)
"ERSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23241:TCP"= 23241:TCP:BitComet 23241 TCP
"23241:UDP"= 23241:UDP:BitComet 23241 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/19/2007 3:18 PM 16384]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [7/27/2005 12:19 AM 12096]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/19/2007 3:16 PM 11776]
S0 yqjvfbl;yqjvfbl;c:\windows\system32\drivers\jlpxoojg.sys --> c:\windows\system32\drivers\jlpxoojg.sys [?]
S3 Avg139eanus;Avg139eanus; [x]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/19/2007 3:16 PM 109056]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/2/2010 2:35 AM 23456]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/19/2007 2:27 PM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/19/2007 2:28 PM 15232]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [9/4/2007 1:01 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [9/4/2007 1:01 PM 24576]
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2011-02-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

2011-02-08 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wiu.edu/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wiu.edu/
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)
MSConfigStartUp-AGRSMMSG - AGRSMMSG.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
AddRemove-PreSonus 1394 Audio Driver v1.21 (FireBox) Setup - c:\program files\PreSonus\1394AudioDriver_FireBox\uninst.exe Software\PreSonus\1394AudioDriver_FireBox\Setup
AddRemove-PowerTeacher Gradebook - c:\windows\system32\javaws.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-08 01:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3720)
c:\windows\system32\WININET.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSvcCDA.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\rundll32.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-02-08 01:50:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-08 07:50

Pre-Run: 35,538,149,376 bytes free
Post-Run: 35,561,246,720 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - B4BF0BD54CB5BD23515AFE03A5BCFD8D

#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 13 February 2011 - 11:34 PM

Good TDSSKiller did not picking up anything. ComboFix did take out the malware service tied to the info in the Gmer log earlier, so the service settings in that are remnants. The log also shows an undocumented "Avg139eanus" driver, and a random-named "yqjvfbl" driver, which in a way seems like Gmer related. Truly a good choice would be to again uninstall AVG, and have ComboFix show what it might find now, and use ComboFix to address that. The you have the assurance we made things right. Good chance, in all the malware changes and uninstalling AVG in the midst of infection, the current install has some overlap with parts of the previous install, or it's damaged settings.

Given no active malware showing, what specific problems are you having there we need to address?

Go ahead and uninstall AVG. Reboot, then go here and download and run the AVG uninstaller. Reboot again.

Delete any existing copies of ComboFix, then download ComboFix.exe from here to your desktop, then click that to run that scan.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.


Before I forget, and when you have time, delete the following zero byte file, just to leave nothing behind:

c:\windows\005667_.tmp
Ad eundum quo no duck ante iit

#7 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 14 February 2011 - 04:54 PM

Hi. I was able to fix the redirect problem after I ran Combofix the first time and reset my router settings. My computer is still having basic issues. It runs incredibly slowly a lot of the time. It will even lock up when there are no programs running. Most of the time when I play video, the sound skips. The light that indicates that the hard drive is being accessed is lit almost constantly. About half of the time I start my computer, it is locked up. I also have eight svchost.exe running in the processes window, which just seems suspicious to me. Here is the combofix log. THANKS!

ComboFix 11-02-13.03 - Compaq_Owner 02/14/2011 4:46.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.726 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Thumbs.db

.
((((((((((((((((((((((((( Files Created from 2011-01-14 to 2011-02-14 )))))))))))))))))))))))))))))))
.

2011-02-14 09:51 . 2011-02-14 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 00:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-09 00:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-08 23:33 . 2010-11-16 23:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-08 23:33 . 2010-11-16 23:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-08 23:33 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\program files\Zone Labs
2011-02-08 23:32 . 2011-02-14 10:54 -------- d-----w- c:\windows\Internet Logs
2011-01-26 22:52 . 2011-01-26 22:52 -------- d-----w- C:\18c90c7c97fbd9deb8
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Jobulator
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\program files\Jobulator
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 05:55 . 2011-01-20 05:55 -------- d-----w- c:\documents and settings\Administrator.COMPUTERAADAHAM.000
2011-01-16 22:51 . 2011-01-16 22:51 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2008-12-22 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-12-22 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:08 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-08-04 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 04:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 08:35 . 2010-12-02 08:35 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-11-30 00:18 . 2003-02-20 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-30 00:18 . 2003-03-18 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-17 113664]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-8-6 209016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI3"=diomidi.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Belkin Wireless Client Utility.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Belkin Wireless Client Utility.lnk
backup=c:\windows\pss\Belkin Wireless Client Utility.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
2003-06-18 07:00 45056 ----a-w- c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2006-08-11 19:56 18944 ----a-w- c:\windows\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
2006-11-14 05:05 61440 ----a-w- c:\program files\Digidesign\Drivers\MMERefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-13 23:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 13:54 253952 ----a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2003-07-28 20:19 49152 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2003-07-28 20:19 323584 ----a-w- c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-11-30 00:18 274608 ----a-w- c:\program files\Real\realplayer\Update\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"wuauserv"=2 (0x2)
"Schedule"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"digiSPTIService"=3 (0x3)
"DigiRefresh"=2 (0x2)
"lxcz_device"=2 (0x2)
"C-DillaSrv"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=3 (0x3)
"Pxgcleprtn"=3 (0x3)
"MDM"=2 (0x2)
"ERSvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"IDriverT"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23241:TCP"= 23241:TCP:BitComet 23241 TCP
"23241:UDP"= 23241:UDP:BitComet 23241 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/19/2007 3:18 PM 16384]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [7/27/2005 12:19 AM 12096]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/19/2007 3:16 PM 11776]
S0 yqjvfbl;yqjvfbl;c:\windows\system32\drivers\jlpxoojg.sys --> c:\windows\system32\drivers\jlpxoojg.sys [?]
S3 Avg139eanus;Avg139eanus; [x]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/19/2007 3:16 PM 109056]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/2/2010 2:35 AM 23456]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/19/2007 2:27 PM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/19/2007 2:28 PM 15232]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [9/4/2007 1:01 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [9/4/2007 1:01 PM 24576]
.
Contents of the 'Scheduled Tasks' folder

2008-12-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2011-02-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

2011-02-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wiu.edu/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wiu.edu/
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-14 04:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2011-02-14 04:58:05
ComboFix-quarantined-files.txt 2011-02-14 10:57
ComboFix2.txt 2011-02-08 07:50

Pre-Run: 33,421,279,232 bytes free
Post-Run: 33,359,269,888 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - F8D6271E4D23936B4EFF52B35A5DCD80

#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 14 February 2011 - 10:50 PM

Those unknown drivers remain, and enough info in the log to suggest either remnants, or unwanted, and so need to go anyway. The logs also show a long list of services, disabled through msconfig. Most legit services, some obviously left behind when they were disabled, but the software was uninstalled. And also another random-named unknown one. Though disabling services in msconfig can help in locating problem sources, it really is not to be used as a method of "turning off" unwanted program services. In order to get a true idea of problem sources there, these all will need to be re-enabled. Then we can remove true remnants, and walk though any other unwanted changes, but clear the deck of unknowns.


Go to Start - Run, type msconfig (and Enter).

Under the General tab, click Normal Startup, then Apply/OK to close msconfig. Allow the reboot at this time. You can expect to receive alerts/error messages at reboot after this, but we will be addressing all this during the repairs. This open thread and the scan logs are a handy way to make needed corrections, which may also correct some other problems you are having there. If you run into too many reboot errors from enabling all the services, for now, you should go ahead and msconfig disable the same ones again (the ComboFix log "[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]" providing a list of those).

After the reboot, run and post a new ComboFix log, and let's make the corrections from what that shows.

Edited by Jintan, 14 February 2011 - 10:51 PM.
Left out an "s"

Ad eundum quo no duck ante iit

#9 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 15 February 2011 - 01:44 AM

Hi, I did everything that you requested. I had disabled services that I didn't need to start like MSN Messenger, Open Office quickstarter, and Belkin wireless utility since I use the Windows wireless utility, but I put it back to Normal Startup. I'm not sure what drivers you were talking about, but I do have Digidesign ProTools and Presonus Firebox audio tools on my computer, so any of those are safe (just in case you didn't know what those were). The system started up fine after I chose Normal Startup, and I had no problems running Combofix again. My computer still runs very slowly and locks up for a few seconds at a time. The CPU basically jumps from 2-5% up to 100% even when no programs are running. I have had a lot of programs installed and uninstalled on here, and I think there may be remnants left. I have used CCleaner to remove everything I could find. Here is the latest Combofix log.

ComboFix 11-02-14.01 - Compaq_Owner 02/14/2011 22:46:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.663 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-14 09:51 . 2011-02-14 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 00:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-09 00:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-08 23:33 . 2010-11-16 23:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-08 23:33 . 2010-11-16 23:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-08 23:33 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\program files\Zone Labs
2011-02-08 23:32 . 2011-02-15 06:26 -------- d-----w- c:\windows\Internet Logs
2011-01-26 22:52 . 2011-01-26 22:52 -------- d-----w- C:\18c90c7c97fbd9deb8
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Jobulator
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\program files\Jobulator
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 05:55 . 2011-01-20 05:55 -------- d-----w- c:\documents and settings\Administrator.COMPUTERAADAHAM.000
2011-01-16 22:51 . 2011-01-16 22:51 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2008-12-22 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-12-22 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:08 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-08-04 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 04:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 08:35 . 2010-12-02 08:35 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-11-30 00:18 . 2003-02-20 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-30 00:18 . 2003-03-18 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-30 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-8-6 209016]
Belkin Wireless Client Utility.lnk - c:\program files\Belkin\F5D9050\Belkinwcui.exe [2006-12-1 1585152]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-7-5 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"lxcz_device"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Pxgcleprtn"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AVGIDSAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23241:TCP"= 23241:TCP:BitComet 23241 TCP
"23241:UDP"= 23241:UDP:BitComet 23241 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/19/2007 3:18 PM 16384]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [7/27/2005 12:19 AM 12096]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/19/2007 3:16 PM 11776]
S0 yqjvfbl;yqjvfbl;c:\windows\system32\drivers\jlpxoojg.sys --> c:\windows\system32\drivers\jlpxoojg.sys [?]
S3 Avg139eanus;Avg139eanus; [x]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/19/2007 3:16 PM 109056]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/2/2010 2:35 AM 23456]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/19/2007 2:27 PM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/19/2007 2:28 PM 15232]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [9/4/2007 1:01 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [9/4/2007 1:01 PM 24576]
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2011-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

2011-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wiu.edu/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wiu.edu/
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(108)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 00:34:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 06:34
ComboFix2.txt 2011-02-14 10:58
ComboFix3.txt 2011-02-08 07:50

Pre-Run: 34,479,124,480 bytes free
Post-Run: 34,841,083,904 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 7C40247BCF2001259EF5BAFB571FBA23

#10 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 15 February 2011 - 09:54 PM

ComboFix took out some files that do have net access functions, but they are part of a HP/Compaq BackWeb software. Monitors system activities, HP and others who use it claim it does this to enhance this or that, and users often are not aware of it's functions. But outdated now anyway - when you can, go here and download and run the uninstaller for it (Compaq Connections on your system).

The drivers remain, and some disabled services that are likely Registry orphan entries (such as iPod, which seems to have just replaced it). Let's act on all that, and follow up with some checking scans.

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Open notepad (go to Start, Run, type notepad and press Enter) and copy/paste the text in the codebox below into it:

KillAll::
Driver::
yqjvfbl
Avg139eanus
File::
c:\windows\system32\drivers\jlpxoojg.sys
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=-
"LiveUpdate"=-
"iPodService"=-
"lxcz_device"=-
"AVGEMS"=-
"Avg7Alrt"=-
"Pxgcleprtn"=-
"JavaQuickStarterService"=-
"AVGIDSAgent"=-
Save this to your desktop as CFScript.txt


You should now have both ComboFix and that CFScript.txt on the desktop. Just left click/hold on the CFScript.txt file, and drag it into ComboFix to start the scan.

ComboFix will now run as it did before. Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.

--------------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and go here and run an online scan using ESET Online Scanner (you will need to use Internet Explorer for this scan, or download the installer to run it in a different browser). If you accept the Terms of Use, check the box and click Start. After the ActiveX Control has loaded, it will take a couple minutes for the scanner to get ready. Next, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Click Start. This scan may take a while, so please be patient. A log may open when the scan is complete (if not, go to C:\Program Files\EsetOnlineScanner\ and open the file log.txt). Click Edit - Select All then copy/paste that log back here please.


If you have any problems getting Eset started, one work-around is to have an open Internet connection, and then click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file, and follow the same previous steps to run the scan.


Post that log, the C:\ComboFix.txt log and the Malwarebytes log please.
Ad eundum quo no duck ante iit

#11 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 16 February 2011 - 07:13 PM

Hi, I ran Combofix using that script, and I updated Malwarebytes and re-ran it. Combofix didn't seem to have any issues running. Malwarebytes still didn't find any traces of malware. I tried running the ESET online scanner, but I kept getting "unexpected error 101." All of my protection is uninstalled. I tried downloading the installer and also running in safe mode with networking, but I keep getting the error, so I was unable to ever run it. My computer seems to be locking up more since I selected Normal startup on msconfig. Here are the logs for the other two. Thank you for continuing to work with me; it's appreciated.

ComboFix 11-02-14.01 - Compaq_Owner 02/14/2011 22:46:08.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.663 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Compaq_Owner\Local Settings\temp\IadHide5.dll

.
((((((((((((((((((((((((( Files Created from 2011-01-15 to 2011-02-15 )))))))))))))))))))))))))))))))
.

2011-02-14 09:51 . 2011-02-14 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 00:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-09 00:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-08 23:33 . 2010-11-16 23:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-08 23:33 . 2010-11-16 23:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-08 23:33 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\program files\Zone Labs
2011-02-08 23:32 . 2011-02-15 06:26 -------- d-----w- c:\windows\Internet Logs
2011-01-26 22:52 . 2011-01-26 22:52 -------- d-----w- C:\18c90c7c97fbd9deb8
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Jobulator
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\program files\Jobulator
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 05:55 . 2011-01-20 05:55 -------- d-----w- c:\documents and settings\Administrator.COMPUTERAADAHAM.000
2011-01-16 22:51 . 2011-01-16 22:51 -------- d-----w- C:\spoolerlogs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2008-12-22 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-12-22 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:08 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-08-04 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 04:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 08:35 . 2010-12-02 08:35 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-11-30 00:18 . 2003-02-20 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-30 00:18 . 2003-03-18 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2004-08-04 04:00 81920 ----a-w- c:\windows\system32\isign32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-30 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-8-6 209016]
Belkin Wireless Client Utility.lnk - c:\program files\Belkin\F5D9050\Belkinwcui.exe [2006-12-1 1585152]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-7-5 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Automatic LiveUpdate Scheduler"=2 (0x2)
"LiveUpdate"=3 (0x3)
"iPodService"=3 (0x3)
"lxcz_device"=2 (0x2)
"AVGEMS"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"Pxgcleprtn"=3 (0x3)
"JavaQuickStarterService"=2 (0x2)
"AVGIDSAgent"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23241:TCP"= 23241:TCP:BitComet 23241 TCP
"23241:UDP"= 23241:UDP:BitComet 23241 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/19/2007 3:18 PM 16384]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [7/27/2005 12:19 AM 12096]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/19/2007 3:16 PM 11776]
S0 yqjvfbl;yqjvfbl;c:\windows\system32\drivers\jlpxoojg.sys --> c:\windows\system32\drivers\jlpxoojg.sys [?]
S3 Avg139eanus;Avg139eanus; [x]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/19/2007 3:16 PM 109056]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/2/2010 2:35 AM 23456]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/19/2007 2:27 PM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/19/2007 2:28 PM 15232]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [9/4/2007 1:01 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [9/4/2007 1:01 PM 24576]
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2011-02-15 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

2011-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wiu.edu/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wiu.edu/
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-15 00:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(108)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\taskmgr.exe
c:\hp\KBD\KBD.EXE
.
**************************************************************************
.
Completion time: 2011-02-15 00:34:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-15 06:34
ComboFix2.txt 2011-02-14 10:58
ComboFix3.txt 2011-02-08 07:50

Pre-Run: 34,479,124,480 bytes free
Post-Run: 34,841,083,904 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 7C40247BCF2001259EF5BAFB571FBA23


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5776

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

2/16/2011 2:09:02 PM
mbam-log-2011-02-16 (14-09-02).txt

Scan type: Quick scan
Objects scanned: 173247
Time elapsed: 11 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 16 February 2011 - 10:42 PM

That ComboFix log appears to be from a few days ago - could you check again in the C drive folder please?

For Eset, I haven't quite been able to reproduce the effect, but for now, when the Computer scan settings display shows, click the Advanced option.

In the new options that shows, take note if the following is checked, or unchecked:

Enable Anti-Stealth technology

Make no changes, the click Start to run the scan. If you get that error again, close Eset, then run it again. This time, depending on what you noted the first time, either check, or uncheck that Enable Anti-Stealth technology option (do the opposite of the previous scan's setting).

Then click Start again.
Ad eundum quo no duck ante iit

#13 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 16 February 2011 - 10:44 PM

If you do get Eset to run successfully after making the "Enable Anti-Stealth technology", let me know in your next reply what the first setting was, and what setting allowed the scan to work please.
Ad eundum quo no duck ante iit

#14 Rocktagon

Rocktagon
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 17 February 2011 - 03:07 PM

Hi, Sorry about the combofix log. I don't know what happened. I got Eset to run. I enabled "Anti-Stealth." I didn't want to try it that way until I got back to you. ESET found 6 infected files, but it just had a finish button, so I don't really know what it did with them. I wasn't sure whether to choose delete quarantined files or not. Here is the latest Combofix log and the ESET log. Thanks.

ComboFix 11-02-15.04 - Compaq_Owner 02/16/2011 5:38.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.699 [GMT -6:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Owner\Desktop\CFScript.txt
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\windows\system32\drivers\jlpxoojg.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Avg139eanus
-------\Service_yqjvfbl


((((((((((((((((((((((((( Files Created from 2011-01-16 to 2011-02-16 )))))))))))))))))))))))))))))))
.

2011-02-14 09:51 . 2011-02-14 09:51 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-09 00:04 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-09 00:02 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
2011-02-08 23:33 . 2010-11-16 23:45 69120 ----a-w- c:\windows\system32\zlcomm.dll
2011-02-08 23:33 . 2010-11-16 23:45 104448 ----a-w- c:\windows\system32\zlcommdb.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\windows\system32\ZoneLabs
2011-02-08 23:33 . 2010-11-16 23:45 1238528 ----a-w- c:\windows\system32\zpeng25.dll
2011-02-08 23:33 . 2011-02-08 23:33 -------- d-----w- c:\program files\Zone Labs
2011-02-08 23:32 . 2011-02-16 19:40 -------- d-----w- c:\windows\Internet Logs
2011-01-26 22:52 . 2011-01-26 22:52 -------- d-----w- C:\18c90c7c97fbd9deb8
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Jobulator
2011-01-24 07:17 . 2011-01-24 07:17 -------- d-----w- c:\program files\Jobulator
2011-01-21 14:44 . 2011-01-21 14:44 439296 ------w- c:\windows\system32\dllcache\shimgvw.dll
2011-01-20 05:55 . 2011-01-20 05:55 -------- d-----w- c:\documents and settings\Administrator.COMPUTERAADAHAM.000

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 04:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-04 04:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-04 04:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-21 00:09 . 2008-12-22 05:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 00:08 . 2008-12-22 05:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 23:08 . 2004-08-04 04:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2004-08-04 04:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2004-08-04 04:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2004-08-04 04:00 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2004-08-04 04:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2004-08-04 04:00 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 11:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2004-08-04 04:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2004-08-04 04:00 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-04 11:00 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-02 08:35 . 2010-12-02 08:35 23456 ----a-w- c:\windows\system32\drivers\DrvAgent32.sys
2010-11-30 00:18 . 2003-02-20 21:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-11-30 00:18 . 2003-03-18 13:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2003-07-28 852038]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-25 245760]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"CTHelper"="CTHELPER.EXE" [2006-08-11 17920]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-11-16 1043968]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"nwiz"="nwiz.exe" [2003-07-28 323584]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2003-07-28 49152]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 61440]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 18944]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2010-11-30 274608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 25600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SetDefaultMIDI"="MIDIDEF.EXE" [2006-08-11 25600]

c:\documents and settings\Compaq_Owner\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-17 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2005-8-6 209016]
Belkin Wireless Client Utility.lnk - c:\program files\Belkin\F5D9050\Belkinwcui.exe [2006-12-1 1585152]
Compaq Connections.lnk - c:\program files\Compaq Connections\6750491\Program\Compaq Connections.exe [2005-7-5 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=Digi32.dll
"MIDI3"=diomidi.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\6750491\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23241:TCP"= 23241:TCP:BitComet 23241 TCP
"23241:UDP"= 23241:UDP:BitComet 23241 UDP

R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [8/19/2007 3:18 PM 16384]
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MRFilter.sys [7/27/2005 12:19 AM 12096]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [8/19/2007 3:16 PM 11776]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 7:39 PM 99416]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 7:39 PM 555096]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 7:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 7:39 PM 566360]
S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [8/19/2007 3:16 PM 109056]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [12/2/2010 2:35 AM 23456]
S3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys --> c:\windows\system32\drivers\kx.sys [?]
S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [8/19/2007 2:27 PM 15488]
S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [8/19/2007 2:28 PM 15232]
S3 ps_1394;ps_1394;c:\windows\system32\drivers\ps_1394.sys [9/4/2007 1:01 PM 97152]
S3 ps_avs;ps_avs;c:\windows\system32\drivers\ps_avs.sys [9/4/2007 1:01 PM 24576]
.
Contents of the 'Scheduled Tasks' folder

2011-02-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 18:34]

2011-02-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]

2011-02-15 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2320136394-33482175-3832342146-1009.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 17:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wiu.edu/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add To Compaq Organize... - c:\progra~1\HEWLET~1\COMPAQ~1\bin/module.main/favorites\ie_add_to.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Owner\Application Data\Mozilla\Firefox\Profiles\b1m1qu7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.wiu.edu/
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Check4Change: check4change-owner@mozdev.org - %profile%\extensions\check4change-owner@mozdev.org
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-02-16 13:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2320136394-33482175-3832342146-1009\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3592)
c:\windows\system32\WININET.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\system32\nView.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\ctagent.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\CDANTSRV.EXE
c:\windows\system32\CTSvcCDA.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\CTHELPER.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2011-02-16 13:48:15 - machine was rebooted
ComboFix-quarantined-files.txt 2011-02-16 19:48
ComboFix2.txt 2011-02-15 06:34
ComboFix3.txt 2011-02-14 10:58
ComboFix4.txt 2011-02-08 07:50

Pre-Run: 35,690,573,824 bytes free
Post-Run: 35,739,848,704 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=,1,2,3,4
- - End Of File - - 5AF940DCB47DADAD2169D5D071C8CF20


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
can not get scanner. e_gle=1001
DLL:pipe not connected. attempts=120
can not get scanner. e_gle=1001
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
can not get scanner. e_gle=1001
DLL:pipe not connected. attempts=120
can not get scanner. e_gle=1001
DLL:pipe not connected. attempts=120
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=bf005714da95e041ab441f9113093942
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-02-17 12:57:12
# local_time=2011-02-17 06:57:12 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 67099224 67099224 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=149516
# found=6
# cleaned=6
# scan_time=7809
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\InternetSpeedMonitor.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dfhkj.bak2.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\dfhkj.tmp.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP285\A0111192.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
D:\I386\Apps\APP31036\src\SpyInstall_HPPre.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C
D:\System Volume Information\_restore{2466A83D-1B81-456E-9766-38C2B7E48210}\RP295\A0114196.exe probably a variant of Win32/Agent.HVEUCPZ trojan (deleted - quarantined) 00000000000000000000000000000000 C

#15 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:08:38 AM

Posted 17 February 2011 - 11:23 PM

Good, that was the ticket for the Eset problem. Looks good as well. ComboFix made the necessary changes, and the scans confirmed no active malware remains. Are you still having the problems you mentioned earlier? If so, see if you can provide specific details about what specific action leads to what event(s) (had to end the sentence before I used "specific" again).
Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users