Jump to content

Jay320

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

 Content Type 

Everything posted by Jay320

  1. Jay320
    I tried a few search engine queries and I haven't gotten any redirects. Not sure if the problem is fixed just by examining that. However, here is the new OTL log: OTL logfile created on: 1/23/2010 3:05:01 PM - Run 2 OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.36 Gb Total Space | 16.88 Gb Free Space | 23.66% Space Free | Partition Type: NTFS Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.68% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHNEIDBOT Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TESTOUT\Orbis\OrbisClient.Services.exe () PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (OracleDBConsoleorcl) -- File not found SRV - (navapsvc) -- File not found SRV - (OrbisClient.Services) -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe () SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3629.dll () SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe () SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE () SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation) SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe () SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation) SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO) DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys () DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. ) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.21 FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.3 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 10:03:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/30 23:29:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:26 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 15:26:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 15:26:30 | 00,000,000 | ---D | M] [2008/12/27 12:28:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2008/12/27 12:28:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/23 09:29:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions [2009/09/04 08:15:34 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007/12/08 20:04:27 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f} [2009/11/29 13:27:52 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/12/27 12:29:29 | 00,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f} [2009/11/29 14:00:22 | 00,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} [2009/07/29 16:29:41 | 00,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2009/08/16 00:15:32 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/11/29 14:00:12 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/01/23 09:29:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/10 15:26:30 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/04/01 17:52:23 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/07/30 23:30:31 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010/01/10 15:26:20 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/10 15:26:20 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2009/07/30 23:29:31 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/02/20 21:04:00 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2008/02/20 21:04:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2010/01/10 15:26:24 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2005/09/23 19:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2008/12/31 13:55:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll [2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/08/07 11:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2009/12/28 14:53:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/12/28 14:53:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2007/07/26 11:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml [2009/12/28 14:53:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/12/28 14:53:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/12/28 14:53:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/12/28 14:53:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/12/28 14:53:18 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2010/01/23 02:52:02 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe (Hewlett-Packard) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [spywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe (Reg Error: Key error.) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.24.53 24.247.15.53 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/23 13:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/23 14:36:27 | 02,451,000 | ---- | C] (First 4 Internet Ltd) -- C:\Documents and Settings\Owner\Desktop\XCP2_Uninstaller.exe [2010/01/23 13:39:18 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2010/01/23 10:46:32 | 00,000,000 | ---D | C] -- C:\Program Files\ESET [2010/01/22 08:51:31 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/01/16 09:52:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Elluminate [2010/01/15 12:51:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CST163 [2010/01/13 06:46:59 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/12 17:55:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CST266 [2010/01/11 21:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TestOut [2010/01/08 12:34:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/01/06 23:16:58 | 00,032,768 | ---- | C] (Celexis, Inc.) -- C:\WINDOWS\System32\FatListCtl.ocx [2010/01/06 23:16:57 | 00,802,816 | ---- | C] (dti Publishing, Corp.) -- C:\WINDOWS\System32\CLXCLI27.dll [2010/01/06 23:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\CertBlaster [2009/11/29 11:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/11/29 11:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/11/29 11:31:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/11/29 11:31:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/17 12:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HPAppData [2008/11/16 07:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/08/25 23:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2005/10/24 11:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/23 14:43:10 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/23 14:42:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/23 14:41:57 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/23 14:41:53 | 13,241,42592 | -HS- | M] () -- C:\hiberfil.sys [2010/01/23 14:40:54 | 11,534,336 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2010/01/23 14:40:30 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/01/23 14:36:28 | 02,451,000 | ---- | M] (First 4 Internet Ltd) -- C:\Documents and Settings\Owner\Desktop\XCP2_Uninstaller.exe [2010/01/23 14:17:00 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job [2010/01/23 13:35:35 | 54,560,365 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/01/23 02:52:42 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/01/23 02:52:02 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/01/22 08:51:31 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/01/21 14:24:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/21 14:14:44 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/01/21 13:50:10 | 00,000,941 | ---- | M] () -- C:\WINDOWS\ULead32.ini [2010/01/21 12:01:59 | 00,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LabSim.lnk [2010/01/19 18:49:16 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/14 03:14:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/10 19:13:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$S reference.doc [2010/01/10 15:21:19 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Educational Development Plan.doc [2010/01/10 15:20:58 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ucational Development Plan.doc [2010/01/10 14:47:51 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job search log.doc [2010/01/08 12:29:19 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\25499C5A.CEF [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/06 23:18:29 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\9C132C0A.D50 [2010/01/06 23:18:29 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\688A49FE.5B5 [2010/01/05 17:14:35 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Concerts.doc [2010/01/05 12:15:00 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/28 13:05:59 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$b search log.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/23 02:49:30 | 00,352,928 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/01/23 02:23:46 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/01/21 14:14:44 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/01/11 21:04:47 | 00,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LabSim.lnk [2010/01/10 19:13:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$S reference.doc [2010/01/10 15:20:58 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ucational Development Plan.doc [2010/01/08 12:29:19 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\25499C5A.CEF [2010/01/06 23:18:29 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\9C132C0A.D50 [2010/01/06 23:18:29 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\688A49FE.5B5 [2009/12/28 13:05:59 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$b search log.doc [2009/09/12 10:55:17 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/07/30 23:41:19 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/07/08 22:57:01 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/05/14 15:25:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND [2009/03/29 18:48:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2009/03/25 14:56:45 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2009/03/20 15:56:50 | 00,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll1 [2009/02/22 19:00:39 | 00,000,336 | ---- | C] () -- C:\Program Files\temp995.bat [2009/02/22 18:50:26 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/09/15 14:53:56 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2008/05/19 09:59:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2008/02/20 21:05:44 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/02/20 21:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/02/20 21:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/02/20 21:03:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/02/14 03:03:41 | 00,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/02/04 17:14:30 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2008/02/04 17:14:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/12/08 20:24:26 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Ad Annihilator.aap [2007/11/14 12:42:27 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/11/09 06:01:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll [2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/02/12 21:53:12 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/07/21 01:22:50 | 00,000,988 | ---- | C] () -- C:\WINDOWS\entpack.ini [2006/01/20 00:58:23 | 00,000,332 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat [2005/12/29 10:11:28 | 00,002,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/12/24 12:32:10 | 00,007,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/09/19 19:07:14 | 00,171,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/09/19 17:35:44 | 00,000,365 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/09/16 17:07:56 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005/09/16 16:02:00 | 00,000,941 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2005/09/16 03:59:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/09/16 03:38:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/09/16 03:36:32 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/09/16 02:11:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005/06/07 02:05:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll [2005/03/23 23:07:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/23 11:53:24 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/03/23 11:53:24 | 00,000,481 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [1997/05/11 07:20:50 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D < End of report >
  2. Jay320
    The MBAM scan came up with nothing. Here is the empty log file: Malwarebytes' Anti-Malware 1.44 Database version: 3619 Windows 5.1.2600 Service Pack 2 Internet Explorer 8.0.6001.18702 1/23/2010 10:37:48 AM mbam-log-2010-01-23 (10-37-48).txt Scan type: Quick Scan Objects scanned: 124532 Time elapsed: 9 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ============================================================================== However, the ESET scan detected something... ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK esets_scanner_update returned -1 esets_gle=1 # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=ad7ab44e8e779e46be0c3a3281e9bc3d # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-01-23 05:33:43 # local_time=2010-01-23 12:33:43 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777175 100 0 3831336 3831336 0 0 # compatibility_mode=3073 16777213 80 100 0 26592929 0 0 # compatibility_mode=7937 16777214 100 100 0 25329326 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=136026 # found=2 # cleaned=2 # scan_time=6094 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.SJ virus (deleted - quarantined) 00000000000000000000000000000000 C C:\WINDOWS\system32\$sys$filesystem\ARIES.del Win32/Rootkit.XCP application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  3. Jay320
    OK, ran Combofix. I knew something was wrong as soon as I saw the gaopd...sys stuff come up again. There may have been other problems, too... but anyway, here is the log file from Combofix. ComboFix 10-01-22.01 - Owner 01/23/2010 2:35.3.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1263.612 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\Fonts\update.txt c:\windows\system32\WORK.DAT Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it . ((((((((((((((((((((((((( Files Created from 2009-12-23 to 2010-01-23 ))))))))))))))))))))))))))))))) . 2010-01-23 07:49 . 2010-01-23 07:49 177520 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-01-21 06:49 . 2010-01-21 06:49 -------- d-sh--w- c:\windows\system32\config\systemprofile\UserData 2010-01-16 14:52 . 2010-01-16 16:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Elluminate 2010-01-13 11:46 . 2009-11-21 16:36 470528 -c----w- c:\windows\system32\dllcache\aclayers.dll 2010-01-12 02:04 . 2010-01-21 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TestOut 2010-01-08 17:34 . 2010-01-08 17:34 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-01-07 04:16 . 2010-01-08 17:36 -------- d-----w- c:\program files\CertBlaster 2010-01-07 04:16 . 2005-11-29 14:53 802816 ----a-w- c:\windows\system32\CLXCLI27.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-01-23 07:50 . 2009-04-12 05:14 -------- d-----w- c:\program files\Common Files\Akamai 2010-01-22 20:51 . 2009-03-25 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2010-01-22 13:49 . 2007-12-18 19:39 -------- d-----w- c:\program files\Spyware Terminator 2010-01-22 13:49 . 2009-03-25 19:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator 2010-01-21 19:11 . 2009-09-13 17:14 -------- d-----w- c:\documents and settings\Owner\Application Data\gtk-2.0 2010-01-21 16:44 . 2009-03-20 02:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-21 03:12 . 2007-11-01 02:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-21 03:11 . 2009-07-06 03:33 -------- d-----w- c:\program files\SpywareBlaster 2010-01-20 23:52 . 2009-03-23 17:53 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent 2010-01-12 23:08 . 2009-11-16 22:43 -------- d-----w- c:\program files\Course Technology Certification Preparation 2010-01-12 02:04 . 2009-05-22 21:56 -------- d-----w- c:\program files\TESTOUT 2010-01-07 21:07 . 2009-03-20 02:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-03-20 02:02 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-21 19:14 . 2005-03-23 16:53 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-20 17:48 . 2009-12-20 17:48 249856 ------w- c:\windows\Setup1.exe 2009-12-20 17:47 . 2009-12-20 17:47 73216 ----a-w- c:\windows\ST6UNST.EXE 2009-12-09 22:59 . 2009-02-14 15:22 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo 2009-12-09 11:06 . 2009-03-20 20:56 171552 ----a-w- c:\windows\system32\guard32.dll 2009-12-09 11:06 . 2009-03-20 20:56 87104 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-12-09 11:05 . 2009-03-20 20:56 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-12-09 11:05 . 2009-03-20 20:56 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-11-30 23:42 . 2009-09-08 16:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Ethereal 2009-11-29 22:59 . 2009-11-29 22:59 495616 ----a-w- c:\windows\system32\igfxcfg.exe 2009-11-29 22:59 . 2009-11-29 22:59 110592 ----a-w- c:\windows\system32\igfxext.exe 2009-11-29 16:43 . 2007-06-06 04:48 84176 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-29 16:37 . 2009-03-17 21:24 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-29 16:37 . 2009-03-17 21:23 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-29 16:37 . 2009-03-17 21:23 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-29 16:36 . 2009-03-17 21:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-29 16:36 . 2009-11-29 16:36 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-11-29 16:36 . 2009-03-17 18:52 -------- d-----w- c:\program files\AVG 2009-11-25 08:02 . 2009-11-25 08:02 -------- d-----w- c:\program files\MSXML 4.0 2009-02-23 00:00 . 2009-02-23 00:00 336 ----a-w- c:\program files\temp995.bat 2009-03-18 01:54 . 2009-03-18 01:54 2 --shatr- c:\windows\winstart.bat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2007-11-26 04:29 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 148888] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-10-30 520024] "SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2009-07-09 2173440] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-12-09 1800464] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-31 2033432] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2007-11-25 474808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2005-9-16 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-29 16:36 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] 2004-03-19 21:17 78960 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2004-08-20 22:51 118784 ----a-w- c:\windows\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2009-07-27 02:37 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] 2009-07-09 19:44 2173440 ----a-w- c:\progra~1\SPYWAR~1\SpywareTerminatorShield.Exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/19/2009 1:23 PM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/17/2009 4:23 PM 333192] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/17/2009 4:24 PM 360584] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/20/2009 3:56 PM 133064] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/20/2009 3:56 PM 25160] R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [3/25/2009 2:56 PM 142592] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [3/23/2005 11:52 AM 14336] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/29/2009 11:36 AM 285392] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 2:06 PM 1028432] R2 OrbisClient.Services;LabSim Configuration and Security;c:\program files\TESTOUT\Orbis\OrbisClient.Services.exe [1/18/2010 9:16 AM 14336] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/16/2009 3:00 AM 101936] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064] S3 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] S3 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/17/2009 8:54 PM 29584] S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/31/2009 1:52 PM 91472] S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2007-08-23 22:34 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder 2010-01-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 00:16] 2010-01-23 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = *.local;<local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071502000008.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-23 02:53 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(340) c:\windows\system32\WININET.dll c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Symantec Shared\Security Center\SymWSC.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\system32\wbem\unsecapp.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2010-01-23 03:08:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-23 08:08 ComboFix2.txt 2009-07-03 15:06 ComboFix3.txt 2009-07-02 06:18 Pre-Run: 18,116,694,016 bytes free Post-Run: 18,248,712,192 bytes free - - End Of File - - 922F2FBF74FB6B282A753C4F0C564973
  4. Jay320
    OTL logfile created on: 1/22/2010 9:08:41 AM - Run 1 OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.36 Gb Total Space | 16.99 Gb Free Space | 23.81% Space Free | Partition Type: NTFS Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.68% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHNEIDBOT Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TESTOUT\Orbis\OrbisClient.Services.exe () PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe (Crawler.com) PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) PRC - C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) PRC - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) PRC - C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) PRC - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) PRC - C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation) PRC - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation) PRC - C:\Program Files\Common Files\Symantec Shared\Security Center\symwsc.exe (Symantec Corporation) PRC - C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) PRC - C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\linkinfo.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (OracleDBConsoleorcl) -- File not found SRV - (navapsvc) -- File not found SRV - (OrbisClient.Services) -- C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe () SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3629.dll () SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (getPlusHelper) getPlus® -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems) SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies) SRV - (LightScribeService) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Hewlett-Packard Company) SRV - (NBService) -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (Nero AG) SRV - (NMIndexingService) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG) SRV - (InCDsrv) -- C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe (Nero AG) SRV - (hpqcxs08) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (hpqddsvc) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard) SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE (Symantec Corporation) SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation) SRV - (OracleXEClrAgent) -- C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe () SRV - (OracleXETNSListener) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE () SRV - (OracleMTSRecoveryService) -- C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe (Oracle Corporation) SRV - (OracleJobSchedulerXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe () SRV - (OracleServiceXE) -- c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE (Oracle Corporation) SRV - (SymWSC) -- C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO) DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdguard.sys (COMODO) DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (VBoxNetAdp) -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.) DRV - (SCDEmu) -- C:\WINDOWS\system32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (sp_rsdrv2) -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys () DRV - (RegGuard) -- C:\WINDOWS\system32\drivers\regguard.sys (Greatis Software) DRV - (SymIMMP) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (SymIM) -- C:\WINDOWS\system32\drivers\SymIM.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (PxHelp20) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (GEARAspiWDM) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys () DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies) DRV - (incdrm) -- C:\WINDOWS\system32\drivers\InCDRm.sys (Nero AG) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDPass.sys (Nero AG) DRV - (InCDfs) -- C:\WINDOWS\system32\drivers\InCDfs.sys (Nero AG) DRV - (HPZius12) -- C:\WINDOWS\system32\drivers\HPZius12.sys (HP) DRV - (HPZipr12) -- C:\WINDOWS\system32\drivers\HPZipr12.sys (HP) DRV - (HPZid412) -- C:\WINDOWS\system32\drivers\HPZid412.sys (HP) DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.) DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation) DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.) DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.) DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant) DRV - (E100B) Intel® -- C:\WINDOWS\system32\drivers\e100b325.sys (Intel Corporation) DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.) DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic) DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic) DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic) DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.) DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.) DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation) DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation) DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation) DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation) DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.) DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.) DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.) DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (mxnic) -- C:\WINDOWS\system32\drivers\mxnic.sys (Macronix International Co., Ltd. ) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1 FF - prefs.js..extensions.enabledItems: 6 FF - prefs.js..extensions.enabledItems: 2 FF - prefs.js..extensions.enabledItems: 41 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090920.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}:6.0.14 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1 FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7 FF - prefs.js..extensions.enabledItems: {c4dc572a-3295-40eb-b30f-b54aa4cdc4b7}:0.7.21 FF - prefs.js..extensions.enabledItems: {8ea9957e-2953-402f-80e0-bceb5f169d6f}:0.5.3 FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.7 FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 10:03:45 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/07/30 23:29:32 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:01:26 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/01/10 15:26:30 | 00,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/10 15:26:30 | 00,000,000 | ---D | M] [2008/12/27 12:28:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions [2008/12/27 12:28:24 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2010/01/14 06:07:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions [2009/09/04 08:15:34 | 00,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2007/12/08 20:04:27 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f} [2009/11/29 13:27:52 | 00,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2008/12/27 12:29:29 | 00,000,000 | ---D | M] (XHTML Mobile Profile) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{8ea9957e-2953-402f-80e0-bceb5f169d6f} [2009/11/29 14:00:22 | 00,000,000 | ---D | M] (wmlbrowser) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{c4dc572a-3295-40eb-b30f-b54aa4cdc4b7} [2009/07/29 16:29:41 | 00,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc} [2009/08/16 00:15:32 | 00,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2009/11/29 14:00:12 | 00,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010/01/14 06:07:43 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/01/10 15:26:30 | 00,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2008/04/01 17:52:23 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [2009/07/30 23:30:31 | 00,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2010/01/10 15:26:20 | 00,023,512 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll [2010/01/10 15:26:20 | 00,137,176 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll [2008/09/03 19:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll [2009/07/30 23:29:31 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/02/20 21:04:00 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll [2008/02/20 21:04:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll [2010/01/10 15:26:24 | 00,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll [2005/09/23 19:44:16 | 00,077,824 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2008/12/31 13:55:44 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2008/12/31 13:55:45 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2005/08/09 13:42:53 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll [2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll [2009/08/07 11:44:18 | 00,030,400 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_gp.dll [2009/12/28 14:53:17 | 00,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml [2009/12/28 14:53:17 | 00,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml [2007/07/26 11:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml [2009/12/28 14:53:17 | 00,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml [2009/12/28 14:53:17 | 00,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml [2009/12/28 14:53:17 | 00,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml [2009/12/28 14:53:17 | 00,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml [2009/12/28 14:53:18 | 00,000,792 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml O1 HOSTS File: ([2009/07/29 16:45:17 | 00,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) O2 - BHO: (HP Print Clips) - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll (Hewlett-Packard Co.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP) O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe (Hewlett-Packard) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe (Nero AG) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe (Nero AG) O4 - HKLM..\Run: [spywareTerminator] C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/07/05 22:28:13 | 00,000,000 | ---D | M] O9 - Extra Button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll (Hewlett-Packard Co.) O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe (Reg Error: Key error.) O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebook.com/controls/Facebo...otoUploader.cab (Facebook Photo Uploader Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx (Get_ActiveX Control) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 (QDiagHUpdateObj Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.24.53 24.247.15.53 O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O20 - AppInit_DLLs: (C:\WINDOWS\system32\0019.DLL) - C:\WINDOWS\System32\0019.DLL File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - Reg Error: Key error. File not found O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/03/23 13:13:17 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2003/08/08 17:24:26 | 00,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* CREATERESTOREPOINT Restore point Set: OTL Restore Point (17454841580224512) ========== Files/Folders - Created Within 30 Days ========== [2010/01/22 08:51:31 | 00,547,840 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/01/16 09:52:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Elluminate [2010/01/15 12:51:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CST163 [2010/01/13 06:46:59 | 00,470,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll [2010/01/12 17:55:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\CST266 [2010/01/11 21:04:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TestOut [2010/01/08 12:34:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2010/01/06 23:16:58 | 00,032,768 | ---- | C] (Celexis, Inc.) -- C:\WINDOWS\System32\FatListCtl.ocx [2010/01/06 23:16:57 | 00,802,816 | ---- | C] (dti Publishing, Corp.) -- C:\WINDOWS\System32\CLXCLI27.dll [2010/01/06 23:16:57 | 00,000,000 | ---D | C] -- C:\Program Files\CertBlaster [2009/11/29 11:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2009/11/29 11:31:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2009/11/29 11:31:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2009/11/29 11:31:18 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2009/03/17 12:22:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\HPAppData [2008/11/16 07:59:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple [2007/08/25 23:33:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Symantec [2005/10/24 11:48:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/01/22 08:55:27 | 54,502,517 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2010/01/22 08:51:31 | 00,547,840 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2010/01/22 06:17:01 | 00,000,342 | ---- | M] () -- C:\WINDOWS\tasks\HP Usg Daily.job [2010/01/22 03:24:14 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/01/22 03:22:56 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/01/22 03:22:45 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/01/22 03:22:40 | 13,241,42592 | -HS- | M] () -- C:\hiberfil.sys [2010/01/22 03:21:08 | 11,534,336 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2010/01/22 03:21:00 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2010/01/21 14:24:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/01/21 14:14:44 | 00,000,218 | ---- | M] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/01/21 13:50:10 | 00,000,941 | ---- | M] () -- C:\WINDOWS\ULead32.ini [2010/01/21 12:01:59 | 00,002,315 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LabSim.lnk [2010/01/19 18:49:16 | 00,142,495 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2010/01/14 03:14:00 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/01/10 19:13:20 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$S reference.doc [2010/01/10 15:21:19 | 00,040,960 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Educational Development Plan.doc [2010/01/10 15:20:58 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$ucational Development Plan.doc [2010/01/10 14:47:51 | 00,023,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Job search log.doc [2010/01/08 12:29:19 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\25499C5A.CEF [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/01/06 23:18:29 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\9C132C0A.D50 [2010/01/06 23:18:29 | 00,000,024 | RHS- | M] () -- C:\WINDOWS\688A49FE.5B5 [2010/01/06 15:44:19 | 00,006,435 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT [2010/01/05 17:14:35 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Concerts.doc [2010/01/05 12:15:00 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/28 13:05:59 | 00,000,162 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\~$b search log.doc [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/01/21 14:14:44 | 00,000,218 | ---- | C] () -- C:\Documents and Settings\Owner\.recently-used.xbel [2010/01/21 11:43:29 | 00,558,176 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat [2010/01/11 21:04:47 | 00,002,315 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LabSim.lnk [2010/01/10 19:13:20 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$S reference.doc [2010/01/10 15:20:58 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$ucational Development Plan.doc [2010/01/08 12:29:19 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\25499C5A.CEF [2010/01/06 23:18:29 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\9C132C0A.D50 [2010/01/06 23:18:29 | 00,000,024 | RHS- | C] () -- C:\WINDOWS\688A49FE.5B5 [2010/01/06 15:43:39 | 00,006,435 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT [2009/12/28 13:05:59 | 00,000,162 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\~$b search log.doc [2009/09/12 10:55:17 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys [2009/07/30 23:41:19 | 00,000,398 | ---- | C] () -- C:\WINDOWS\AudioConverter.INI [2009/07/08 22:57:01 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini [2009/05/14 15:25:39 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\PUTTY.RND [2009/03/29 18:48:47 | 00,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll [2009/03/25 14:56:45 | 00,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys [2009/03/20 15:56:50 | 00,168,208 | ---- | C] () -- C:\WINDOWS\System32\guard32.dll1 [2009/02/22 19:00:39 | 00,000,336 | ---- | C] () -- C:\Program Files\temp995.bat [2009/02/22 18:50:26 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/09/15 14:53:56 | 00,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI [2008/05/19 09:59:10 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini [2008/02/20 21:05:44 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2008/02/20 21:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest [2008/02/20 21:04:16 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest [2008/02/20 21:03:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2008/02/14 03:03:41 | 00,000,129 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2008/02/04 17:14:30 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2008/02/04 17:14:29 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2007/12/08 20:24:26 | 00,000,082 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Ad Annihilator.aap [2007/11/14 12:42:27 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2007/11/09 06:01:59 | 00,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll [2007/11/06 15:19:28 | 00,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll [2007/02/12 21:53:12 | 00,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2006/07/21 01:22:50 | 00,000,988 | ---- | C] () -- C:\WINDOWS\entpack.ini [2006/01/20 00:58:23 | 00,000,332 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat [2005/12/29 10:11:28 | 00,002,935 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/12/24 12:32:10 | 00,007,154 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/09/19 19:07:14 | 00,171,520 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2005/09/19 17:35:44 | 00,000,365 | ---- | C] () -- C:\WINDOWS\lexstat.ini [2005/09/16 17:07:56 | 00,000,155 | ---- | C] () -- C:\WINDOWS\winamp.ini [2005/09/16 16:02:00 | 00,000,941 | ---- | C] () -- C:\WINDOWS\ULead32.ini [2005/09/16 03:59:11 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2005/09/16 03:38:43 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/09/16 03:36:32 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll [2005/09/16 02:11:53 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2005/06/07 02:05:43 | 00,072,704 | ---- | C] () -- C:\WINDOWS\System32\zlibwapi.dll [2005/03/23 23:07:42 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2005/03/23 11:53:24 | 00,001,420 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2005/03/23 11:53:24 | 00,000,481 | ---- | C] () -- C:\WINDOWS\System32\emver.ini [1997/05/11 07:20:50 | 00,062,464 | ---- | C] () -- C:\WINDOWS\System32\hs_regex.dll ========== LOP Check ========== [2009/02/05 09:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore [2009/11/29 11:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9 [2008/12/12 20:42:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Berlitz [2009/02/22 19:55:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2009/09/17 16:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Metacafe [2005/09/16 23:22:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2008/09/29 21:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995 [2006/12/26 22:33:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2009/03/20 01:10:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan [2010/01/21 14:54:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator [2008/02/04 17:11:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut [2010/01/20 22:12:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/01/21 12:36:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TestOut [2009/02/05 09:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/11/09 18:02:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2009/03/19 13:23:35 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} [2008/05/19 10:01:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore [2007/12/08 20:24:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ad Annihilator.files [2008/06/12 16:39:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim [2008/03/01 16:51:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon [2008/12/12 20:52:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Berlitz [2010/01/20 18:52:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent [2006/06/09 00:50:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\CamfrogWEB [2010/01/16 11:23:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Elluminate [2009/11/30 18:42:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Ethereal [2005/10/11 22:24:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gen_ff v1.07 [2009/12/09 17:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo [2010/01/21 14:11:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\gtk-2.0 [2009/09/13 11:47:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Inkscape [2006/09/11 21:45:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech [2009/09/17 16:12:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Metacafe [2008/05/10 19:46:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera [2008/09/29 21:01:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\pdf995 [2005/09/16 03:42:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView [2009/03/26 09:03:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SecondLife [2010/01/22 08:49:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Spyware Terminator [2008/02/04 17:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TaxCut [2009/03/17 12:35:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\uTorrent [2007/01/11 10:54:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint [2010/01/21 14:24:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2001/05/24 11:59:30 | 00,162,304 | ---- | M] () -- C:\UNWISE.EXE < MD5 for: AGP440.SYS > [2004/08/04 14:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys [2004/08/04 14:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys [2004/08/04 09:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS < MD5 for: ATAPI.SYS > [2004/08/04 14:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys [2004/08/04 14:00:00 | 18,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys [2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 08:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys [2004/08/04 00:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [2004/08/04 14:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll [2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll [2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll [2004/08/04 14:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 14:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < %systemroot%\Tasks\*.job /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 214 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:260575F1 @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 @Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C980DA7D < End of report > ======================================================================== OTL Extras logfile created on: 1/22/2010 9:08:41 AM - Run 1 OTL by OldTimer - Version 3.1.25.4 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free 1.00 Gb Paging File | 1.00 Gb Available in Paging File | 52.00% Paging File free Paging file location(s): C:\pagefile.sys 360 720 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 71.36 Gb Total Space | 16.99 Gb Free Space | 23.81% Space Free | Partition Type: NTFS Drive D: | 3.16 Gb Total Space | 1.13 Gb Free Space | 35.68% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: SCHNEIDBOT Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) .js [@ = jsfile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.) "C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox -- (Mozilla Corporation) "C:\Program Files\TESTOUT\Cmi\Navigator.exe" = C:\Program Files\TESTOUT\Cmi\Navigator.exe:*:Disabled:TestOut Navigator -- (TestOut Corporation) "C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC) "C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.) "C:\Program Files\Java\jre6\bin\javaw.exe" = C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java Platform SE binary -- (Sun Microsystems, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{001E7FB6-BB6B-4ED0-BEDC-B5404ED96D4E}" = DocProc "{04AA1207-D8C6-45DC-A96D-48358EBE09F3}" = PSShortcuts "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{125D3C3A-1715-4162-A676-92BB76E25876}" = PS240 "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{1753255A-0AEB-4220-8C75-607B73F0C133}" = Copy "{183B7569-90FB-4C56-9761-0EEB002CAB83}" = Adobe Camera Raw 4.0 "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1B23DC08-878D-4791-A3C8-B126E7664846}" = Berlitz Learning System - Spanish "{20B83B31-09C4-4F0E-9774-EF8A12A0A527}" = Adobe Device Central CS3 "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java 6 Update 14 "{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg "{2A539CD9-0F75-4875-9A32-E06DD93C4114}" = Adobe Extension Manager CS3 "{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A12C952-61D5-4C3B-B68B-8CFBE47E22F1}" = Adobe Setup "{415CDA53-9100-476F-A7B2-476691E117C7}" = HP Smart Web Printing "{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works "{41C3C974-EC5E-494C-AFE6-E31D92E2E6CB}" = Adobe Version Cue CS3 Client "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{4DF98D0B-637E-42B4-B9D6-EB7693D2FBF8}" = Adobe ExtendScript Toolkit 2 "{4E951F0A-C53B-4AD6-A6DA-0D0A009073A9}" = Microsoft Office Live Meeting 2005 "{503AA035-41E2-4858-B31F-1E49AC66C309}" = Norton Security Center "{517B8FB2-26EE-43B0-AE1B-07408860AA69}" = DigitImg "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6AA003BF-73E5-4911-ADB7-71DD5674DDD4}" = Oracle Data Provider for .NET Help "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3 "{733D84D6-AAFD-4368-A1D0-F2734F6B9082}" = Adobe Help Viewer CS3 "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F3A2319-79CF-4701-95FB-034E99281808}" = Adobe Bridge Start Meeting "{824D3839-DAA1-4315-A822-7AE3E620E528}" = VideoToolkit01 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8389382B-53BA-4A87-8854-91E3D80A5AC7}" = HP Photosmart Essential2.01 "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime "{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support "{8E72B982-D54F-486F-B35A-C24B6F171033}" = Nero 7 Essentials "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer "{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3 "{90190409-6000-11D3-8CFE-0050048383C9}" = Microsoft Publisher 2002 "{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage "{99AD7357-130B-451F-B0E5-0D8EEA06397B}" = Certification Preparation "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3 "{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A4837078-FBC9-4C82-9923-B1C2781E4429}" = LabSim "{AB40272D-92AB-4F30-B36B-22EDE16F8FE5}" = HP Update "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A70500000002}" = Adobe Reader 7.0.8 "{ACA85783-8EEA-4f0a-B2A3-A8173F30209F}" = C4200_doccd "{AEA07F97-9088-497c-8821-0F36BD5DC251}" = HPProductAssistant "{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan "{B09BCBF6-87EE-4403-A336-3A9510856535}" = HP Photosmart All-In-One Software 9.0 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0 "{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3 "{BCD6CD1A-0DBE-412E-9F25-3B500D1E6BA1}" = SolutionCenter "{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer "{BFDE4176-5DFE-4db9-AA00-8F30CB001BDA}" = c4200_Help "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C39E671D-0528-4c5e-A034-8470C5BC393A}" = C4200 "{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CC4A73BF-938E-4C19-A553-853C035C9BA1}" = LightScribe System Software 1.10.13.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader "{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component "{D1C59F81-66FD-4E8E-B9F7-F4B2442D5222}" = Adobe Update Manager CS3 "{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files "{D6C99843-C14E-483E-B84F-6C463251CAE6}" = Berlitz Before You Know It Flash Cards "{D8B7A682-20DA-4797-8415-B1FB14D4D32B}" = PS_AIO_Software "{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}" = Photosmart 140,240,7200,7600,7700,7900 Series "{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E28750A2-45F2-4b63-99F7-9F81A94B1E2D}" = PS_AIO_Software_min "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0 "{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox "{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage "{F01D5ED5-D53A-4468-B428-149DC2CB3110}" = Adobe Dreamweaver CS3 "{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition "{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F72E2DDC-3DB8-4190-A21D-63883D955FE7}" = PSSWCORE "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio "{FD7F242B-9AA0-40c3-941E-3A9821D19C09}" = PS_AIO_ProductContext "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "Ad-Aware" = Ad-Aware "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "Adobe_435a6af7459cb02a9c1138113a26e93" = Adobe Dreamweaver CS3 "AIM_6" = AIM 6 "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.2 "AOL Spyware Protection" = AOL Spyware Protection "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove) "AVG9Uninstall" = AVG Free 9.0 "Belarc Advisor" = Belarc Advisor 8.1 "BigFix" = BigFix "CCleaner" = CCleaner (remove only) "CDex" = CDex extraction audio "CertBlaster" = CertBlaster "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP "COMODO Internet Security" = COMODO Internet Security "Ethereal" = Ethereal 0.10.14 "Expstudio Audio Editor FREE" = Expstudio Audio Editor FREE "Free FLV Converter_is1" = Free FLV Converter V 5.2 "FreeWAVToMP3Converter" = Free WAV To MP3 Converter 2.1 "HijackThis" = HijackThis 2.0.2 "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.01 "HP Solution Center & Imaging Support Tools" = HP Solution Center 9.0 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "HPOCR" = HP OCR Software 9.0 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "Inkscape" = Inkscape 0.46 "InstallShield_{F0BC0F9E-C4A8-485C-93ED-424DB9EA3F75}" = Oracle Database 10g Express Edition "LiveUpdate" = LiveUpdate 3.0 (Symantec Corporation) "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Metacafe" = Metacafe "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Money2005b" = Microsoft Money 2005 "Mozilla Firefox (3.5.7)" = Mozilla Firefox (3.5.7) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSN Music Assistant" = MSN Music Assistant "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "Port Magic" = Pure Networks Port Magic "PowerISO" = PowerISO "PROSet" = Intel® PRO Network Adapters and Drivers "PuTTY_is1" = PuTTY version 0.60 "RealPlayer 6.0" = RealPlayer "Sam Spade version 1.14_is1" = Sam Spade version 1.14 "Security Task Manager" = Security Task Manager 1.7h "Spyware Terminator_is1" = Spyware Terminator "SpywareBlaster_is1" = SpywareBlaster 4.2 "StreetPlugin" = Learn2 Player (Uninstall Only) "TestOut Product Navigator (SA)" = TestOut Navigator (Stand-Alone Version) "ViewpointMediaPlayer" = Viewpoint Media Player "WAV to MP3 Encoder" = WAV to MP3 Encoder "WIC" = Windows Imaging Component "WildPackets IP Subnet Calculator 3.2.1" = WildPackets IP Subnet Calculator 3.2.1 "Winamp" = Winamp "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinPcapInst" = WinPcap 4.0.2 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WS_FTP LE" = Ipswitch WS_FTP LE "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Customizations" = Yahoo! Browser Services "Yahoo! Internet Mail" = Yahoo! Mail ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "BitTorrent" = BitTorrent "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 1/22/2010 9:03:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:08:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:13:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:18:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:23:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:28:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:33:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:38:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:43:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:48:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. [ Application Events ] Error - 1/22/2010 9:03:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:08:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:13:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:18:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:23:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:28:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:33:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:38:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:43:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. Error - 1/22/2010 9:48:15 AM | Computer Name = SCHNEIDBOT | Source = Automatic LiveUpdate Scheduler | ID = 101 Description = Information Level: error Internet connection not detected. [ OSession Events ] Error - 2/15/2009 4:05:57 PM | Computer Name = SCHNEIDBOT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 2/19/2009 2:43:30 PM | Computer Name = SCHNEIDBOT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 3/3/2009 3:53:53 PM | Computer Name = SCHNEIDBOT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 3/3/2009 4:17:38 PM | Computer Name = SCHNEIDBOT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = Error - 3/3/2009 4:41:43 PM | Computer Name = SCHNEIDBOT | Source = Microsoft Office 12 Sessions | ID = 7001 Description = [ System Events ] Error - 1/21/2010 12:40:16 PM | Computer Name = SCHNEIDBOT | Source = Service Control Manager | ID = 7034 Description = The Terminal Services service terminated unexpectedly. It has done this 1 time(s). Error - 1/21/2010 12:45:07 PM | Computer Name = SCHNEIDBOT | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 1/21/2010 12:45:07 PM | Computer Name = SCHNEIDBOT | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 1/21/2010 12:45:16 PM | Computer Name = SCHNEIDBOT | Source = Print | ID = 23 Description = Printer Lexmark Z700-P700 Series,0 failed to initialize because a suitable Lexmark Z700-P700 Series driver could not be found. Error - 1/21/2010 12:46:21 PM | Computer Name = SCHNEIDBOT | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Partizan Error - 1/21/2010 10:31:37 PM | Computer Name = SCHNEIDBOT | Source = Service Control Manager | ID = 7034 Description = The PrismXL service terminated unexpectedly. It has done this 1 time(s). Error - 1/22/2010 4:23:08 AM | Computer Name = SCHNEIDBOT | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 1/22/2010 4:23:08 AM | Computer Name = SCHNEIDBOT | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 1/22/2010 4:23:09 AM | Computer Name = SCHNEIDBOT | Source = Print | ID = 23 Description = Printer Lexmark Z700-P700 Series,0 failed to initialize because a suitable Lexmark Z700-P700 Series driver could not be found. Error - 1/22/2010 4:23:33 AM | Computer Name = SCHNEIDBOT | Source = Service Control Manager | ID = 7026 Description = The following boot-start or system-start driver(s) failed to load: Partizan < End of report > ============================================================================== GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-01-22 16:40:38 Windows 5.1.2600 Service Pack 2 Running: 6s35fxe6.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\uxriipog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xAE761BCC] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xAE7611AA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xAE761832] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xAE76234C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xAE76108C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xAE76305C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xAE7632F4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xAE760C52] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xAE761FB6] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xAE762166] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xAE760A84] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xAE762CDE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xAE76142E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xAE761A0E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xAE7607B4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xAE7616BE] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xAE76092C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xAE762712] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xAE76363A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xAE762A7A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xAE761DB2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xAE762E8C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xAE762512] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xAE7613C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xAE7615B2] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xAE760F56] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xAE760E24] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO) AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat InCDrec.SYS (InCD File System Recognizer/Nero AG) Device -> \Driver\atapi \Device\Harddisk0\DR0 8A274856 ---- Registry - GMER 1.0.15 ---- ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@start 1 Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@type 1 Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@imagepath \systemroot\system32\drivers\gaopdxlhyenerddvbuyaktnijblmydhbqpkcvv.sys Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys@group file system Reg HKLM\SYSTEM\ControlSet002\Services\gaopdxserv.sys\modules (not active ControlSet) ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification <-- ROOTKIT !!! ---- Services - GMER 1.0.15 ---- Service C:\WINDOWS\system32\DRIVERS\atapi.sys (IDE/ATAPI Port Driver/Microsoft Corporation) [bOOT] atapi <-- ROOTKIT !!! ---- EOF - GMER 1.0.15 ----
  5. Jay320
    I've had this happen to me before, though last time it was one of many problems occurring simultaneously. I seem to be experiencing the wonderful search engine redirect phenomenon where I click on search results and I'm immediately redirected to a malicious site instead. Here is a Hijackthis log from a scan I just ran. Not sure if there's anything suspicious here, I only glanced at it. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:29:29 PM, on 1/21/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\AVG\AVG9\avgchsvx.exe C:\Program Files\AVG\AVG9\avgrsx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG9\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\AVG\AVG9\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\AVG\AVG9\avgnsx.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\PROGRA~1\AVG\AVG9\avgtray.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local> R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [spywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll O20 - AppInit_DLLs: C:\WINDOWS\system32\0019.DLL O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: LabSim Configuration and Security (OrbisClient.Services) - Unknown owner - C:\Program Files\TestOut\Orbis\OrbisClient.Services.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11759 bytes
  6. Jay320
    Okay, I managed to fix the CD-ROM drive problem. There was a program from Sony/XCM that you can run to remove any lingering registry entries from the crater.sys, aries.sys, etc. files. There were several other Upper/lower filters that referenced these (which couldn't be found because they were removed by ComboFix, thus causing the problem). Anyway, everything seems to be in order with that.
  7. Jay320
    I followed these latest instructions, updated and ran malwarebytes again. I got the same results as before - nothing was found, nothing removed. I'm not on my computer right now (meaning I'll have to post the logs at a later time) but I wanted to add this while it was all fresh in my memory. I realize what that aries.sys stuff is - it's from the Sony rootkit that comes with those copyright protected CDs. Well after using ComboFix to remove that junk, my CD/DVD drive no longer works. I get the wonderful Code 19 registry error when I look in device manager. I tried that whole thing about removing the Upper and Lower Filters but that didn't work. I followed Windows' advice of simply uninstalling the device and reinstalling it, but that did nothing either. This problem is almost as annoying as the ones I started out with! Anyway, if there is a simple fix for this, I would really appreciate learning what it is because I don't want to mess with the registry and cause more problems.
  8. Jay320
    First, here is the Malwarebytes log: Malwarebytes' Anti-Malware 1.38 Database version: 2368 Windows 5.1.2600 Service Pack 2 7/3/2009 11:17:11 AM mbam-log-2009-07-03 (11-17-11).txt Scan type: Quick Scan Objects scanned: 98600 Time elapsed: 6 minute(s), 48 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --------------------------------------------------------- Here is the HijackThis log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:20:54 AM, on 7/3/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11482 bytes ---------------------------------------------------------- And here is the ComboFix log: ComboFix 09-07-02.02 - Owner 07/03/2009 10:33.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1263.643 [GMT -4:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFscript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B} FILE :: "c:\windows\system32\$sys$filesystem\aries.sys" "c:\windows\system32\$sys$filesystem\crater.sys" "c:\windows\system32\drivers\$sys$cor.sys" "c:\windows\system32\drivers\hjzbioetmpjc.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\1e5670f.msi c:\windows\Installer\8bc54f.msp c:\windows\Installer\8bc557.msp c:\windows\system32\$sys$filesystem\crater.sys c:\windows\system32\drivers\$sys$cor.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AKAMAI -------\Service_$sys$cor -------\Service_$sys$crater -------\Service_Akamai -------\Service_pedopdlasujn ((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 ))))))))))))))))))))))))))))))) . 2009-06-12 01:50 . 2004-08-04 19:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-03 14:11 . 2009-04-12 05:14 -------- d-----w- c:\program files\Common Files\Akamai 2009-07-02 14:54 . 2009-03-25 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator 2009-07-02 14:54 . 2007-12-18 19:39 -------- d-----w- c:\program files\Spyware Terminator 2009-07-02 14:48 . 2009-03-25 19:56 -------- d-----w- c:\documents and settings\Owner\Application Data\Spyware Terminator 2009-07-01 12:58 . 2009-03-17 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-01 12:58 . 2009-03-17 21:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-01 12:58 . 2009-03-17 21:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-07-01 00:54 . 2006-08-02 20:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-29 03:25 . 2009-03-23 17:53 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent 2009-06-27 18:10 . 2009-05-22 21:56 -------- d-----w- c:\program files\TESTOUT 2009-06-27 15:00 . 2009-04-12 05:14 -------- d-----w- c:\documents and settings\Owner\Application Data\Metacafe 2009-06-27 15:00 . 2009-04-12 05:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Metacafe 2009-06-13 14:47 . 2009-03-20 20:56 168208 ----a-w- c:\windows\system32\guard32.dll 2009-06-13 14:47 . 2009-03-20 20:56 82080 ----a-w- c:\windows\system32\drivers\inspect.sys 2009-06-13 14:47 . 2009-03-20 20:56 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2009-06-13 14:47 . 2009-03-20 20:56 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys 2009-06-01 13:05 . 2007-11-28 16:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Move Networks 2009-06-01 03:40 . 2009-06-01 03:40 127877 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\uninstall.exe 2009-06-01 03:40 . 2009-05-01 06:30 4183416 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll 2009-06-01 03:40 . 2009-06-01 03:39 1685856 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\MoveMediaPlayerWin_071500000347.exe 2009-05-31 17:08 . 2009-05-31 17:08 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe 2009-05-31 17:08 . 2009-05-31 17:08 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll 2009-05-31 17:08 . 2009-05-31 17:08 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll 2009-05-31 17:08 . 2009-05-31 17:08 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe 2009-05-31 17:08 . 2009-03-19 18:47 15688 ----a-w- c:\windows\system32\lsdelete.exe 2009-05-31 17:08 . 2009-05-31 17:08 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll 2009-05-31 17:08 . 2009-05-31 17:08 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2009-05-31 17:08 . 2009-05-31 17:08 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll 2009-05-31 17:07 . 2009-05-31 17:07 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll 2009-05-31 17:07 . 2009-05-31 17:07 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll 2009-05-31 17:07 . 2009-05-31 17:07 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll 2009-05-31 17:07 . 2009-05-31 17:07 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll 2009-05-31 17:07 . 2009-05-31 17:07 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe 2009-05-31 17:07 . 2009-05-31 17:07 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2009-05-31 17:07 . 2009-05-31 17:07 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe 2009-05-31 17:07 . 2009-05-31 17:07 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe 2009-05-31 17:07 . 2009-05-31 17:07 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe 2009-05-31 17:07 . 2009-05-31 17:07 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2009-05-30 19:02 . 2005-09-16 22:07 -------- d-----w- c:\program files\Winamp 2009-05-24 15:40 . 2009-01-28 17:59 -------- d-----w- c:\program files\WS_FTP 2009-05-14 20:23 . 2009-05-14 20:23 -------- d-----w- c:\program files\PuTTY 2009-05-13 02:09 . 2008-05-10 02:29 139811 ----a-w- c:\windows\hpoins15.dat 2009-05-07 15:44 . 2005-03-23 16:52 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-04 12:04 . 2009-03-17 21:24 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-01 14:01 . 2009-05-01 14:01 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys 2009-05-01 14:01 . 2009-03-19 18:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-05-01 06:30 . 2009-05-01 06:30 97144 ----a-w- c:\documents and settings\Owner\Application Data\Move Networks\ie_bin\MovePlayerUpgrade.exe 2009-04-29 04:56 . 2005-03-23 16:53 827392 ----a-w- c:\windows\system32\wininet.dll 2009-04-29 04:55 . 2005-03-23 16:52 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-17 09:58 . 2005-03-23 16:53 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:26 . 2005-03-23 16:52 583168 ----a-w- c:\windows\system32\rpcrt4.dll 2009-02-23 00:00 . 2009-02-23 00:00 336 ----a-w- c:\program files\temp995.bat 2009-03-18 01:54 . 2009-03-18 01:54 2 --shatr- c:\windows\winstart.bat . ((((((((((((((((((((((((((((( SnapShot@2009-07-02_06.13.25 ))))))))))))))))))))))))))))))))))))))))) . + 2005-12-24 17:50 . 2005-12-24 17:50 84992 c:\windows\Installer\261e34d9.msi + 2008-05-10 02:31 . 2008-05-10 02:31 68096 c:\windows\Installer\1ec854d.msi + 2005-03-23 16:51 . 2004-08-04 19:00 66048 c:\windows\I386\WINNT32.MSI + 2005-03-23 10:02 . 2009-07-03 14:58 303624 c:\windows\system32\FNTCACHE.DAT + 2008-05-10 02:44 . 2008-05-10 02:44 252416 c:\windows\Installer\e662.msi + 2008-05-10 02:44 . 2008-05-10 02:44 239616 c:\windows\Installer\e65b.msi + 2008-05-10 02:43 . 2008-05-10 02:43 325120 c:\windows\Installer\e655.msi + 2008-05-10 02:41 . 2008-05-10 02:41 551936 c:\windows\Installer\e64e.msi + 2007-10-12 21:01 . 2007-10-12 21:01 339456 c:\windows\Installer\d46e870.msi + 2006-02-17 03:17 . 2006-02-17 03:17 274432 c:\windows\Installer\c7557bc.msi + 2006-02-17 03:17 . 2006-02-17 03:17 542208 c:\windows\Installer\c7557b4.msi + 2006-02-17 03:17 . 2006-02-17 03:17 376832 c:\windows\Installer\c7557ac.msi + 2006-11-15 08:01 . 2006-11-15 08:01 428544 c:\windows\Installer\c6ee33d.msi + 2006-10-19 02:10 . 2006-10-19 02:10 589312 c:\windows\Installer\c0e5a34.msi + 2009-02-26 15:12 . 2009-02-26 15:12 945152 c:\windows\Installer\6a76e8c.msi + 2007-08-15 07:01 . 2007-08-15 07:01 431104 c:\windows\Installer\6329e77.msi + 2008-07-19 16:19 . 2008-07-19 16:19 472064 c:\windows\Installer\42695ff.msi + 2008-11-13 08:01 . 2008-11-13 08:01 432640 c:\windows\Installer\386bfd8.msi + 2008-04-01 22:51 . 2008-04-01 22:51 289792 c:\windows\Installer\2d3c15aa.msi + 2009-03-17 18:52 . 2009-03-17 18:52 337408 c:\windows\Installer\288a70.msi + 2005-09-16 08:42 . 2005-09-16 08:42 578048 c:\windows\Installer\268e4.msi + 2009-03-19 18:23 . 2009-03-19 18:23 236032 c:\windows\Installer\219f90.msi + 2008-05-10 02:36 . 2008-05-10 02:36 312320 c:\windows\Installer\1ec8663.msi + 2008-05-10 02:36 . 2008-05-10 02:36 491008 c:\windows\Installer\1ec865d.msi + 2008-05-10 02:36 . 2008-05-10 02:36 898560 c:\windows\Installer\1ec8657.msi + 2008-05-10 02:35 . 2008-05-10 02:35 189440 c:\windows\Installer\1ec8642.msi + 2008-05-10 02:35 . 2008-05-10 02:35 472576 c:\windows\Installer\1ec8634.msi + 2008-05-10 02:35 . 2008-05-10 02:35 913920 c:\windows\Installer\1ec862c.msi + 2008-05-10 02:35 . 2008-05-10 02:35 343040 c:\windows\Installer\1ec8625.msi + 2008-05-10 02:34 . 2008-05-10 02:34 121344 c:\windows\Installer\1ec861b.msi + 2008-05-10 02:34 . 2008-05-10 02:34 586240 c:\windows\Installer\1ec8615.msi + 2008-05-10 02:34 . 2008-05-10 02:34 121344 c:\windows\Installer\1ec860b.msi + 2008-05-10 02:34 . 2008-05-10 02:34 426496 c:\windows\Installer\1ec8605.msi + 2008-05-10 02:34 . 2008-05-10 02:34 452608 c:\windows\Installer\1ec85fd.msi + 2008-05-10 02:34 . 2008-05-10 02:34 600576 c:\windows\Installer\1ec85f3.msi + 2008-05-10 02:34 . 2008-05-10 02:34 532480 c:\windows\Installer\1ec85ed.msi + 2008-05-10 02:33 . 2008-05-10 02:33 646656 c:\windows\Installer\1ec85e6.msi + 2008-05-10 02:33 . 2008-05-10 02:33 121344 c:\windows\Installer\1ec85b5.msi + 2008-05-10 02:33 . 2008-05-10 02:33 628736 c:\windows\Installer\1ec85af.msi + 2008-05-10 02:33 . 2008-05-10 02:33 526336 c:\windows\Installer\1ec85a1.msi + 2008-05-10 02:32 . 2008-05-10 02:32 121344 c:\windows\Installer\1ec8596.msi + 2008-05-10 02:32 . 2008-05-10 02:32 514560 c:\windows\Installer\1ec8590.msi + 2008-05-10 02:32 . 2008-05-10 02:32 305664 c:\windows\Installer\1ec858a.msi + 2008-05-10 02:32 . 2008-05-10 02:32 425472 c:\windows\Installer\1ec8584.msi + 2008-05-10 02:32 . 2008-05-10 02:32 811520 c:\windows\Installer\1ec8573.msi + 2008-05-10 02:32 . 2008-05-10 02:32 326144 c:\windows\Installer\1ec8568.msi + 2008-05-10 02:32 . 2008-05-10 02:32 500736 c:\windows\Installer\1ec8562.msi + 2008-05-10 02:32 . 2008-05-10 02:32 391168 c:\windows\Installer\1ec855a.msi + 2008-05-10 02:32 . 2008-05-10 02:32 592384 c:\windows\Installer\1ec8554.msi + 2007-08-09 13:30 . 2007-08-09 13:30 474624 c:\windows\Installer\1e56714.msi + 2008-04-14 20:28 . 2008-04-14 20:28 537600 c:\windows\Installer\1c9739cc.msi + 2006-03-04 04:34 . 2006-03-04 04:34 171008 c:\windows\Installer\1586d11c.msi + 2005-09-16 08:35 . 2005-09-16 08:35 557056 c:\windows\Installer\1558e8.msi + 2005-03-23 18:18 . 2005-03-23 18:18 264704 c:\windows\Installer\10d4f.msi + 2009-02-22 23:42 . 2009-02-22 23:42 100352 c:\windows\Installer\10a47374.msi + 2005-09-16 07:11 . 2004-07-22 22:02 156672 c:\windows\I386\DRV\MOD\modem assistant.msi + 2008-07-19 16:19 . 2008-07-19 16:19 751104 c:\windows\Downloaded Installations\{54EDFAB9-E74A-41E4-A133-D509387F10CC}\HP Product Detection.msi + 2006-03-27 05:33 . 2005-04-04 06:07 982016 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\ISScript11.Msi + 2005-03-23 16:52 . 2004-08-04 19:00 1326080 c:\windows\system32\webfldrs.msi + 2007-05-25 16:08 . 2007-05-25 16:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp + 2005-03-23 18:33 . 2005-03-23 18:33 3443712 c:\windows\Installer\e4d2c.msi + 2006-02-17 03:16 . 2006-02-17 03:16 2117632 c:\windows\Installer\c7557a4.msi + 2008-11-09 23:21 . 2008-11-09 23:21 8990208 c:\windows\Installer\b6e61.msi + 2008-11-09 23:19 . 2008-11-09 23:19 1549312 c:\windows\Installer\b6c31.msi + 2007-10-04 15:02 . 2007-10-04 15:02 2012160 c:\windows\Installer\8bc556.msp + 2009-02-14 16:17 . 2009-02-14 16:17 2109440 c:\windows\Installer\87c35a.msi + 2006-10-27 14:30 . 2006-10-27 14:30 3037184 c:\windows\Installer\7f65bdd.msi + 2009-02-26 15:11 . 2009-02-26 15:11 4245504 c:\windows\Installer\6a76e86.msi + 2005-11-01 04:21 . 2005-11-01 04:21 1884160 c:\windows\Installer\66d0f52.msi + 2005-09-18 07:01 . 2005-09-18 07:01 5864960 c:\windows\Installer\520bce1.msp + 2005-09-17 01:12 . 2005-09-17 01:12 3485184 c:\windows\Installer\41f26c2.msi + 2008-04-20 20:50 . 2008-04-20 20:50 8687616 c:\windows\Installer\3b924142.msi + 2009-06-21 15:42 . 2009-06-21 15:42 2130432 c:\windows\Installer\29589e21.msi + 2005-12-24 17:50 . 2005-12-24 17:50 4006400 c:\windows\Installer\261e34d2.msi + 2009-03-19 18:23 . 2009-03-19 18:23 1802240 c:\windows\Installer\219f96.msi + 2008-05-10 02:36 . 2008-05-10 02:36 1351680 c:\windows\Installer\1ec864b.msi + 2008-04-14 20:33 . 2008-04-14 20:33 1453568 c:\windows\Installer\1c9739d8.msi + 2008-04-14 20:31 . 2008-04-14 20:31 1868800 c:\windows\Installer\1c9739d2.msi + 2008-04-14 20:25 . 2008-04-14 20:25 5091840 c:\windows\Installer\1c9739c0.msi + 2005-09-16 08:29 . 2004-08-11 16:00 4806656 c:\windows\Installer\19f210.msi + 2006-05-17 03:24 . 2006-05-17 03:24 9299456 c:\windows\Installer\1934e.msp + 2008-11-09 23:03 . 2008-11-09 23:03 3771904 c:\windows\Installer\183d2d.msi + 2009-02-22 23:43 . 2009-02-22 23:43 1825792 c:\windows\Installer\10a4737a.msi + 2009-02-22 23:39 . 2009-02-22 23:39 6568448 c:\windows\Installer\10a4736e.msi + 2006-10-19 02:10 . 2006-10-19 02:10 2220544 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{BB4EE741-CA46-4345-A3B7-1AECBFAB0AFE}\HP Software Update.msi + 2006-03-27 05:33 . 2006-02-08 19:49 9934848 c:\windows\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\iTunes.msi + 2005-09-23 12:48 . 2005-09-23 12:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi + 2006-01-30 18:10 . 2006-01-30 18:10 13048832 c:\windows\Installer\7f65cc4.msp + 2007-07-12 07:01 . 2007-07-12 07:01 15256576 c:\windows\Installer\3419e791.msp + 2005-03-23 18:45 . 2005-03-23 18:45 19210240 c:\windows\Installer\19a1ab.msp . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1] @="{E4000AC4-5E5F-4956-807A-C5854405D64F}" [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}] 2007-11-26 04:29 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-09-23 180269] "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-12-04 176128] "HPHUPD05"="c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe" [2003-11-12 49152] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2004-02-02 495616] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-06-25 1629480] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-06-25 1057064] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-31 518488] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-13 1794320] "MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2007-11-26 474808] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2005-9-16 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-01 12:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Metacafe.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Metacafe.lnk backup=c:\windows\pss\Metacafe.lnkStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AIM6\\aim6.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\AVG\\AVG8\\avgui.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWService.exe"= "c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\TESTOUT\\Cmi\\Navigator.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2499:TCP"= 2499:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "4985:TCP"= 4985:TCP:Akamai NetSession Interface "4444:TCP"= 4444:TCP:Akamai NetSession Interface "1810:TCP"= 1810:TCP:Akamai NetSession Interface "1839:TCP"= 1839:TCP:Akamai NetSession Interface "1863:TCP"= 1863:TCP:Akamai NetSession Interface "3872:TCP"= 3872:TCP:Akamai NetSession Interface "4453:TCP"= 4453:TCP:Akamai NetSession Interface "4745:TCP"= 4745:TCP:Akamai NetSession Interface "1980:TCP"= 1980:TCP:Akamai NetSession Interface "2181:TCP"= 2181:TCP:Akamai NetSession Interface "2341:TCP"= 2341:TCP:Akamai NetSession Interface "2356:TCP"= 2356:TCP:Akamai NetSession Interface "2365:TCP"= 2365:TCP:Akamai NetSession Interface "2879:TCP"= 2879:TCP:Akamai NetSession Interface "1978:TCP"= 1978:TCP:Akamai NetSession Interface "4469:TCP"= 4469:TCP:Akamai NetSession Interface "3678:TCP"= 3678:TCP:Akamai NetSession Interface "3701:TCP"= 3701:TCP:Akamai NetSession Interface "1817:TCP"= 1817:TCP:Akamai NetSession Interface "4926:TCP"= 4926:TCP:Akamai NetSession Interface "1722:TCP"= 1722:TCP:Akamai NetSession Interface "2024:TCP"= 2024:TCP:Akamai NetSession Interface "2061:TCP"= 2061:TCP:Akamai NetSession Interface "1264:TCP"= 1264:TCP:Akamai NetSession Interface "1283:TCP"= 1283:TCP:Akamai NetSession Interface "1602:TCP"= 1602:TCP:Akamai NetSession Interface "1155:TCP"= 1155:TCP:Akamai NetSession Interface "1173:TCP"= 1173:TCP:Akamai NetSession Interface "1212:TCP"= 1212:TCP:Akamai NetSession Interface "1707:TCP"= 1707:TCP:Akamai NetSession Interface "1733:TCP"= 1733:TCP:Akamai NetSession Interface "2268:TCP"= 2268:TCP:Akamai NetSession Interface "4230:TCP"= 4230:TCP:Akamai NetSession Interface "3657:TCP"= 3657:TCP:Akamai NetSession Interface "1369:TCP"= 1369:TCP:Akamai NetSession Interface "1831:TCP"= 1831:TCP:Akamai NetSession Interface "2325:TCP"= 2325:TCP:Akamai NetSession Interface "1181:TCP"= 1181:TCP:Akamai NetSession Interface "1193:TCP"= 1193:TCP:Akamai NetSession Interface "4589:TCP"= 4589:TCP:Akamai NetSession Interface "4935:TCP"= 4935:TCP:Akamai NetSession Interface "1186:TCP"= 1186:TCP:Akamai NetSession Interface "1199:TCP"= 1199:TCP:Akamai NetSession Interface "1897:TCP"= 1897:TCP:Akamai NetSession Interface "1936:TCP"= 1936:TCP:Akamai NetSession Interface "3727:TCP"= 3727:TCP:Akamai NetSession Interface "3756:TCP"= 3756:TCP:Akamai NetSession Interface "3765:TCP"= 3765:TCP:Akamai NetSession Interface "3776:TCP"= 3776:TCP:Akamai NetSession Interface "3853:TCP"= 3853:TCP:Akamai NetSession Interface "4040:TCP"= 4040:TCP:Akamai NetSession Interface "4170:TCP"= 4170:TCP:Akamai NetSession Interface "1121:TCP"= 1121:TCP:Akamai NetSession Interface "2437:TCP"= 2437:TCP:Akamai NetSession Interface "3846:TCP"= 3846:TCP:Akamai NetSession Interface "4777:TCP"= 4777:TCP:Akamai NetSession Interface "2545:TCP"= 2545:TCP:Akamai NetSession Interface "1236:TCP"= 1236:TCP:Akamai NetSession Interface "1339:TCP"= 1339:TCP:Akamai NetSession Interface "2522:TCP"= 2522:TCP:Akamai NetSession Interface "2820:TCP"= 2820:TCP:Akamai NetSession Interface "3754:TCP"= 3754:TCP:Akamai NetSession Interface "3590:TCP"= 3590:TCP:Akamai NetSession Interface "4718:TCP"= 4718:TCP:Akamai NetSession Interface "1117:TCP"= 1117:TCP:Akamai NetSession Interface "3290:TCP"= 3290:TCP:Akamai NetSession Interface "2043:TCP"= 2043:TCP:Akamai NetSession Interface "2220:TCP"= 2220:TCP:Akamai NetSession Interface "2271:TCP"= 2271:TCP:Akamai NetSession Interface "2645:TCP"= 2645:TCP:Akamai NetSession Interface "3608:TCP"= 3608:TCP:Akamai NetSession Interface "3882:TCP"= 3882:TCP:Akamai NetSession Interface "3890:TCP"= 3890:TCP:Akamai NetSession Interface "2719:TCP"= 2719:TCP:Akamai NetSession Interface R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/19/2009 2:23 PM 64160] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/17/2009 5:23 PM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/17/2009 5:24 PM 108552] R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [3/20/2009 4:56 PM 132640] R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [3/20/2009 4:56 PM 24096] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/17/2009 5:23 PM 298776] R2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?] R2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 1:49 AM 204800] S0 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys --> c:\windows\system32\drivers\Partizan.sys [?] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/16/2009 4:00 AM 101936] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [3/17/2009 9:54 PM 29584] S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-07-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 17:07] 2009-06-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-07-03 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\pexpress\hphped05.exe [2004-01-06 18:05] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{F552DDE6-2090-4bf4-B924-6141E87789A5} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - hxxp://activex.camfrogweb.com/advanced/cfweb_activex.camfrogweb.com-advanced_instmodule.exe FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\kizt2imz.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\documents and settings\Owner\Application Data\Move Networks\plugins\npqmp071500000347.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-03 10:59 Windows 5.1.2600 Service Pack 2 NTFS detected NTDLL code modification: ZwClose, ZwOpenFile scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(1012) c:\windows\system32\guard32.dll - - - - - - - > 'explorer.exe'(1484) c:\windows\system32\guard32.dll c:\windows\system32\VirtualExpander\VEShellExt.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\COMODO\COMODO Internet Security\cmdagent.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\AVG\AVG8\avgrsx.exe c:\oraclexe\app\oracle\product\10.2.0\server\BIN\oracle.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\Spyware Terminator\sp_rsser.exe c:\program files\Common Files\Symantec Shared\Security Center\symwsc.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Symantec Shared\Security Center\SymSCUI.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe . ************************************************************************** . Completion time: 2009-07-03 11:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-03 15:06 ComboFix2.txt 2009-07-02 06:18 Pre-Run: 39,030,665,216 bytes free Post-Run: 39,012,704,256 bytes free 427 --- E O F --- 2009-06-11 07:05
  9. Jay320
    Okay, here is the new hijackThis log, and I've attached the ComboFix.txt file as well. I see some all too familiar files were found (I've gotten rid of them before but they've come back). Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:25:17 AM, on 7/2/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\WINDOWS\system32\ctfmon.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11385 bytes ComboFix.txt ComboFix.txt
  10. Jay320
    I first thought something was going on when I ran Spyware Terminator and it couldn't connect to update. After I restarted my computer, I started getting the awful SVCHost.exe application error (the instruction at "0x8c27a0eb" referenced memory at "0x8c27a0eb". The memory could not be "read".) If I click OK to terminate the program (OK being the only option), I get another popup that says the system has to shut down and there's a little timer with 60 seconds to close everything before the system shuts down. I had read something about Windows Update causing SVCHost errors - not sure if this is related to that because other things seem to be wrong as well. I also noticed that, upon trying to use System Restore, that System Restore has been turned off and I cannot turn it back on. I also can't seem to get online and even the tried to check the network settings but it just came up a blank window. Here is a HijackThis log from the system. Any help would be great because essentially my PC is unusable. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:44:28 PM, on 6/30/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16850) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-21-3388061850-1932007520-1780769229-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?') O4 - S-1-5-21-3388061850-1932007520-1780769229-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?') O4 - S-1-5-21-3388061850-1932007520-1780769229-1003 Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (User '?') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11156 bytes
  11. Jay320
    So far things look like they're back to normal. I tried a few search engine results and they went where I wanted them to go with no redirects. Also I was able to update some of the security programs without getting errors. Thanks for the help! This was driving me crazy for days!
  12. Jay320
    Okay, I ran Root Repeal and used it to wipe out the gaopdx....sys files (there were three of them, not just one). I then rebooted and ran MBAM but it didn't find anything else. AVG Anti-Virus was running real-time in the background, and while MBAM was scanning a window from AVG popped up saying it found a gaopdx...dll file, so maybe it took care of it before MBAM could find it. At any rate, here is the new HijackThis log followed by the MBAM log. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:27:15 PM, on 3/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymSCUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\AVG\AVG8\avgscanx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 11103 bytes Malwarebytes' Anti-Malware 1.34 Database version: 1878 Windows 5.1.2600 Service Pack 2 3/20/2009 3:43:41 PM mbam-log-2009-03-20 (15-43-41).txt Scan type: Quick Scan Objects scanned: 70448 Time elapsed: 6 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
  13. Jay320
    I'm sorry, but I do not see a walkthrough posted here.
  14. Jay320
    Here is a HijackThis log from my PC. I have been experiencing something I had never heard of, but after researching it for days on end I have come to find that it's similar to the common cold in that lots of people catch it but there doesn't seem to be a way to cure it! I'm talking about that nonsense where you can't use search engines because every result winds up redirecting you to another useless site. And malware / spyware programs either won't run or won't update properly. And Windows Firewall is always disabled upon restarting the computer. After running Malwarebytes I noticed a lot of things were caught and then removed. However, after restarting the computer, there were two new ones as if by malware magic. One of them is called gaopdxcounter and I've seen others who have had this problem as well. At any rate, here is the HijackThis log as well as the original Malwarebytes log followed by the most recent Malwarebytes log from the last time I ran it. Hope someone can figure this out because it's driving me nuts. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:12:11 AM, on 3/20/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\WINDOWS\CDProxyServ.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\System32\svchost.exe c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\BigFix\BigFix.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\HiJackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.yahoo.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_framework.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{D946675D-1D6C-4dc8-9E0D-B4B8EAA30EAA}\hphupd05.exe O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\Hewlett-Packard\Smart Web Printing\hpswp_extensions.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} - http://activex.camfrogweb.com/advanced/cfw..._instmodule.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Facebo...otoUploader.cab O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/inst...ctDetection.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: XCP CD Proxy (CD_Proxy) - Unknown owner - C:\WINDOWS\CDProxyServ.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: OracleDBConsoleorcl - Unknown owner - C:\app\Owner\product\11.1.0\db_1\bin\nmesrvc.exe (file missing) O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\omtsreco.exe O23 - Service: OracleServiceXE - Oracle Corporation - c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE O23 - Service: OracleXEClrAgent - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\bin\OraClrAgnt.exe O23 - Service: OracleXETNSListener - Unknown owner - C:\oraclexe\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 10780 bytes -------------------------------------------------------------- >>>Original scan with Malwarebytes:<<< Malwarebytes' Anti-Malware 1.34 Database version: 1749 Windows 5.1.2600 Service Pack 2 3/19/2009 10:17:20 PM mbam-log-2009-03-19 (22-17-20).txt Scan type: Quick Scan Objects scanned: 66289 Time elapsed: 2 minute(s), 58 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 14 Registry Values Infected: 0 Registry Data Items Infected: 7 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.Coupons) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3aa42713-5c1e-48e2-b432-d8bf420dd31d} (Rogue.Antivirus2008) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{343ce214-9998-4b21-a151-ffe970167297} (Rogue.Installer) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2d2bee6e-3c9a-4d58-b9ec-458edb28d0f6} (Rogue.DriveCleaner) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08399b7d-e254-4407-81e4-2eb734b9f48e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{08399b7d-e254-4407-81e4-2eb734b9f48e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Tcpip\Parameters\Interfaces\{08399b7d-e254-4407-81e4-2eb734b9f48e}\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.104,85.255.112.155 -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: C:\RECYCLER\S-9-1-62-100014347-100028542-100018406-9423.com (Trojan.Agent) -> Quarantined and deleted successfully. ----------------------------------------------------- >>>Second scan with Malwarebytes:<<< Malwarebytes' Anti-Malware 1.34 Database version: 1863 Windows 5.1.2600 Service Pack 2 3/20/2009 12:10:37 AM mbam-log-2009-03-20 (00-10-37).txt Scan type: Quick Scan Objects scanned: 69696 Time elapsed: 3 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\Fonts\error.exe (Worm.Archive) -> Quarantined and deleted successfully.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.