Possible Computer Browser HiJack, Rootkit, or other Malware infection

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
My computer may have a browser hijack, rootkit, or other malware on it. I have WINDOWS XP.

A couple weeks ago I tried to go to an airline site by typing the name in the address bar (and getting official link too via Google-confirmed by WOT) but was somehow re-directed to another site which was not the right website. I was told that my server would not let me go to that site. I contacted my internet provider and they said that they were not blocking that site so no problem at their end. This occurred when trying to go there on both Internet Explorer 8 (IE8) and Firefox (my default browser).

The following ALERT appeared when I tried to go to the site:

This Connection is Untrusted


You have asked Firefox to connect
securely to xxx.spiritair.com, but we can't confirm that your connection is secure.

Normally, when you try to connect securely,
sites will present trusted identification to prove that you are
going to the right place. However, this site's identity can't be verified.

What Should I Do?

If you usually connect to this site without problems, this error could mean that someone is
trying to impersonate the site, and you shouldn't continue.

Technical Details
xxx.spiritair.com uses an invalid security certificate.

The certificate is only valid for the following names:
xxx.spirit.com , spirit.com
(Error code: ssl_error_bad_cert_domain)

I Understand the Risks


[Note: xxx=”www”]


A similar thing happened last night when I tried to go to another link via a e-mail in Mozilla Thunderbird. This was for a site to which I’ve gone to many times in the past but the above ALERT appeared. (for a different site though)

I’ve tried running various antivirus programs to check my system but can’t find any infection
. I download updates for all- Avira Antivir free, Malwarebytes Real-time, and Super anti-spyware free, and Spybot.
I also downloaded current McAfee Stinger and Cwshredder.

1) I ran my Antivir antivirus –3 hidden objects (rootkits)-possible? were noted in report (see my abridged report posted below)
2) I toggled system restore
3) Restarted system in SAVE MODE
4) Ran CWShredder then Stinger (at Max. heuristics)
5) Ran Super Anti-spyware free
6) Ran Malwarebytes
7) Ran Spybot
8) I think that I also ran Antivir too again in SAFE MODE but I am providing the run from NORMAL mode


NO INFECTION WAS FOUND!


10) Then, I re-booted system to NORMAL mode and did a search for *.tmp and *.temp files with the search program in my WINDOWS XP system..

I did find when unusual program “C: WINDOWS\48B8222675E3…(etc.).TMP” –this is suspect and was deleted.


Please assist me in checking out my system to ensure that there is no malware, rootkit, etc. on it. I have downloaded the programs per your procedure and the Logs are pasted below or attached as asked.

1) HiJackThis Log-pasted
2) DDS Log –pasted
3) Attach.txt file -attached
4) GMER Rootkit Log –ark.txt file-pasted


Avira AntiVir Personal Log
Report file date: Thursday, December 30, 2010 07:33

Scanning for 2309058 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : DELL

Starting search for hidden objects.
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\parseautoexec
[NOTE] The registry entry is invisible.
[WARNING] Unknown parameter!
[WARNING] System error [0]: The operation completed successfully.
[WARNING] Unknown parameter!
HKEY_LOCAL_MACHINE\Software\Microsoft\Environment\licence0
[NOTE] The registry entry is invisible.
[WARNING] Unknown parameter!
[WARNING] System error [0]: The operation completed successfully.
[WARNING] Unknown parameter!
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
[WARNING] Unknown parameter!
[WARNING] System error [0]: The operation completed successfully.
[WARNING] Unknown parameter!

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:32:49 PM, on 12/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Documents and Settings\Administrator\Desktop\Emergency Malware programs 3 19 07\analyzeme122910.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Secunia PSI (BETA).lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Secunia PSI (BETA).lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk.disabled
O4 - Startup: Secunia PSI (BETA).lnk.disabled
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled
O4 - Global Startup: WD Backup Monitor.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182743078562
O17 - HKLM\System\CCS\Services\Tcpip\..\{5434DCB3-376D-4633-89EB-AE97A9EB089D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 7743 bytes

DDS (Ver_10-12-12.02) - NTFSx86

Run by Owner at 12:36:11.34 on Thu 12/30/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1968 [GMT -5:00]

AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Security Suite Firewall *Enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uWindow Title = Windows Internet Explorer provided by Comcast
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~1\COMCAS~1.DLL
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: ZoneAlarm PopBlocker: {916c1ef1-ca89-4f1b-afda-3ca85bd0f831} - c:\windows\system32\shdocvw.dll
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [ZoneAlarm Client] "c:\program files\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\Logitech . Product Registration.lnk.disabled
StartupFolder: c:\documents and settings\administrator\start menu\programs\startup\Secunia PSI (BETA).lnk.disabled
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\WD Backup Monitor.lnk.disabled
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
Trusted Zone: musicmatch.com\online
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182743078562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: {5434DCB3-376D-4633-89EB-AE97A9EB089D} = 208.67.222.222,208.67.220.220
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\administrator\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPAbacheck.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPCIG.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\mozilla firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor
FF - Ext: Java Quick Starter: [email protected] - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2010-12-12 56208]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2010-9-28 15328]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-8-21 11608]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2009-6-22 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-7-10 353672]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-21 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-21 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-21 61960]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-7-10 363344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-7-31 203280]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-7-10 20952]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [2007-4-9 23208]
S3 grmn0400;grmn0400.Sys Garmin USB HS DCP driver (install);c:\windows\system32\drivers\grmn0400.sys [2007-4-9 22184]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [2007-4-9 17448]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [2009-12-13 39048]
S3 ma8500c;ma8500c;c:\windows\system32\drivers\ma8500c.sys [2008-5-27 24784]
S3 MA8500M;MA8500M;c:\windows\system32\drivers\MA8500M.sys [2008-5-27 25300]
S3 MA8500U;MA8500U;c:\windows\system32\drivers\MA8500U.sys [2008-5-27 49109]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3d.tmp --> c:\windows\system32\3D.tmp [?]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [2006-12-29 247808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 VisorUsb;Handspring USB;c:\windows\system32\drivers\visorusb.sys --> c:\windows\system32\drivers\VisorUsb.sys [?]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\macrium\reflect\ReflectService.exe [2010-9-28 220128]

=============== Created Last 30 ================

2010-12-15 02:47:25 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 02:46:45 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-12 06:47:01 -------- d-----w- C:\archive_db
2010-12-12 06:30:35 -------- d-----w- C:\New Folder 1
2010-12-12 06:15:26 -------- d-----w- c:\docume~1\alluse~1\applic~1\launcher
2010-12-12 06:14:39 56208 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-12-12 06:13:35 -------- d-----w- c:\program files\Paragon Software
2010-12-12 05:29:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Macrium
2010-12-12 05:27:12 -------- d-----w- c:\program files\Macrium
2010-12-06 01:32:39 -------- d-----w- c:\docume~1\admini~1\applic~1\Avira

==================== Find3M ====================

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ------w- c:\windows\system32\win32k.sys
2003-07-16 16:42:33 94784 --sh--w- c:\windows\twain.dll
2008-04-14 09:42:08 50688 --sh--w- c:\windows\twain_32.dll
2010-09-18 06:53:25 974848 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 09:42:02 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 09:42:02 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 09:42:04 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 09:42:04 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 09:42:34 11776 --sh--w- c:\windows\system32\regsvr32.exe

============= FINISH: 12:38:12.96 ===============

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-30 13:15:44

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST3120814A rev.3.AAJ
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdapod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xB8116FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xB8113C80]
SSDT B93E5D56 ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xB8117580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xB812B900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xB812BB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xB812FB10]
SSDT B93E5D4C ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xB8117670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xB8114210]
SSDT B93E5D5B ZwDeleteKey
SSDT B93E5D65 ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xB812B280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadDriver [0xB81108C0]
SSDT B93E5D6A ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xB812EF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwMapViewOfSection [0xB812FD90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xB8114070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xB812D180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xB812CF40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xB812F6F0]
SSDT B93E5D74 ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xB8116BE0]
SSDT B93E5D6F ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xB8117190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xB8114440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetSystemInformation [0xB81106A0]
SSDT B93E5D60 ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xB812C200]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xB812C080]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwUnloadDriver [0xB8110AF0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!ZwYieldExecution + 12E 804E4988 12 Bytes [80, 75, 11, B8, 00, B9, 12, ...]
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [C0, 08, 11, B8, 6A, 5D, 3E, ...]
? srescan.sys The system cannot find the file specified. !
init C:\WINDOWS\system32\DRIVERS\mohfilt.sys entry point in "init" section [0xF77F2720]
? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B8119E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B8119E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B8119E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [B8134B30] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B8119E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B811BB20] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B8119E90] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B811C260] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B811B930] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [B81148D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [B8114A80] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [B81145E0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [B8114980] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\Explorer.EXE[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [015D3880] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [015D3930] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [015D3A60] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1428] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [015D39D0] C:\WINDOWS\system32\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 hotcore3.sys (A part of Paragon System Utilities/Paragon Software Group)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
 

Attachments

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I must note that I DID backup my files to an external drive. I also used an image backup program, Paragon-free, to do a drive image. I downloaded Macrium Reflect-free too but decided to use Paragon instead as it seemed easier to use.

Should I run ComboFix or other rootkit programs to check out my computer? Please advise.

Thanks.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I have recently been getting error messages stating that I do not have enough resources (RAM?/CPU?) to perform certain apps which I have run fine in the past.

Something WEIRD is going on with my system.

Please HELP!


Thanks.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I scanned my system with Super Antispyware today and it found this. I may have a real problem on my system.

Rogue.Pallidium
HKU\S-1-5-21-1482476501-1801674531-725345543-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS#WARNONPOSTREDIRECT
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,460
Please visit Combofix Guide & Instructions for instructions for installing the recovery console and downloading and running ComboFix.

The only thing different from the instructions there is that when downloading and saving the ComboFix.exe I would like you to rename it to puppy.exe please.

Post the log from ComboFix when you've accomplished that along with a new HijackThis log.

Important notes regarding ComboFix:

ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
Attached is the log for Combofix and HijackThis.

Please let me know of any changes that I should make to my system. If I should go to any other forums for extra tweaking please let me know.

Thanks for your assistance.

ComboFix 11-01-08.01 - Owner 01/08/2011 17:29:47.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1957 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\puppy.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ZoneAlarm Security Suite Antivirus *Disabled/Outdated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\g2mdlhlpx.exe
C:\Install.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-08 to 2011-01-08 )))))))))))))))))))))))))))))))
.

2010-12-31 15:23 . 2010-12-31 15:23 -------- d-----w- c:\program files\iPod
2010-12-31 15:23 . 2010-12-31 15:24 -------- d-----w- c:\program files\iTunes
2010-12-31 15:19 . 2010-12-31 15:19 -------- d-----w- c:\program files\Bonjour
2010-12-31 15:07 . 2010-12-31 15:07 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Secunia PSI
2010-12-15 02:47 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 02:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-12 06:47 . 2010-12-12 06:47 -------- d-----w- C:\archive_db
2010-12-12 06:30 . 2010-12-12 06:30 -------- d-----w- C:\New Folder 1
2010-12-12 06:15 . 2010-12-12 06:15 -------- d-----w- c:\documents and settings\All Users\Application Data\launcher
2010-12-12 06:14 . 2010-08-25 19:45 56208 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-12-12 06:13 . 2010-12-12 06:13 -------- d-----w- c:\program files\Paragon Software
2010-12-12 05:29 . 2010-12-12 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrium
2010-12-12 05:27 . 2010-12-12 05:56 -------- d-----w- c:\program files\Macrium

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-30 00:49 . 2009-08-22 00:30 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-20 23:09 . 2008-07-31 17:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2008-07-11 01:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-06 01:47 . 2009-08-22 00:30 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 18:12 . 2007-02-20 03:05 81920 ------w- c:\windows\system32\isign32.dll
2010-11-12 23:53 . 2010-04-29 04:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 21:34 . 2010-11-09 04:42 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-11-06 00:26 . 2003-07-16 16:45 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2003-07-16 16:26 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2003-07-16 16:24 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2007-02-20 07:04 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2003-07-16 16:31 40960 ------w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2003-07-16 16:18 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2003-07-16 16:45 1853312 ------w- c:\windows\system32\win32k.sys
2007-11-09 20:10 . 2007-11-09 20:10 30288 ------w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 20:10 . 2007-11-09 20:10 79440 ------w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 20:10 . 2007-11-09 20:10 75344 ------w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 20:10 . 2007-11-09 20:10 140880 ------w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 20:10 . 2007-11-09 20:10 42576 ------w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 20:10 . 2007-11-09 20:10 50768 ------w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 20:10 . 2007-11-09 20:10 34384 ------w- c:\program files\mozilla firefox\plugins\logging.dll
2008-06-19 09:16 . 2008-06-19 09:16 118784 ------w- c:\program files\mozilla firefox\plugins\MyCamera.dll
2007-11-09 20:11 . 2007-11-09 20:11 685648 ------w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 20:11 . 2007-11-09 20:11 30288 ------w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2003-07-16 16:42 94784 --sh--w- c:\windows\twain.dll
2008-04-14 09:42 50688 --sh--w- c:\windows\twain_32.dll
2010-09-18 06:53 974848 --sh--w- c:\windows\system32\mfc42.dll
2008-04-14 09:42 57344 --sh--w- c:\windows\system32\msvcirt.dll
2008-04-14 09:42 413696 --sha-w- c:\windows\system32\msvcp60.dll
2008-04-14 09:42 551936 --sh--w- c:\windows\system32\oleaut32.dll
2008-04-14 09:42 84992 --sh--w- c:\windows\system32\olepro32.dll
2008-04-14 09:42 11776 --sh--w- c:\windows\system32\regsvr32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OpenDNS Updater"="c:\program files\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Logitech . Product Registration.lnk.disabled [2010-8-31 749]
Secunia PSI (BETA).lnk.disabled [2007-10-7 743]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled [2008-9-30 1228]
Secunia PSI Tray.lnk.disabled [2010-12-31 753]
WD Backup Monitor.lnk.disabled [2007-2-21 1631]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WD Button Manager"=WDBtnMgr.exe
"LWS"=c:\program files\Logitech\LWS\Webcam Software\LWS.exe -hide
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" /min
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"ZoneAlarm Client"="c:\program files\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Palm\\HotSync.exe"=
"c:\\Program Files\\Microsoft Baseline Security Analyzer 2\\mbsa.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\My Book\\WD Backup\\uWDBackup.exe"=
"c:\\Program Files\\My Book\\WD Backup\\uBBMonitor.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"c:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009
"80:UDP"= 80:UDP:167.206.251.15/255.255.255.255,167.206.251.16/255.255.255.255,167.206.251.80/255.255.255.255:Enabled:DNS

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [12/12/2010 1:14 AM 56208]
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [9/28/2010 2:03 PM 15328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/21/2009 7:30 PM 135336]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/10/2008 8:06 PM 363344]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [7/31/2008 10:50 AM 203280]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/10/2008 8:06 PM 20952]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S3 grmn0200;grmn0200.Sys Garmin USB DCP driver (install);c:\windows\system32\drivers\grmn0200.sys [4/9/2007 8:27 PM 23208]
S3 grmn0400;grmn0400.Sys Garmin USB HS DCP driver (install);c:\windows\system32\drivers\grmn0400.sys [4/9/2007 8:27 PM 22184]
S3 grmn1200;grmn0200.Sys Garmin USB DCP driver;c:\windows\system32\drivers\grmn1200.sys [4/9/2007 8:27 PM 17448]
S3 ICDUSB2;Sony IC Recorder (P);c:\windows\system32\drivers\IcdUsb2.sys [12/13/2009 6:28 PM 39048]
S3 ma8500c;ma8500c;c:\windows\system32\drivers\ma8500c.sys [5/27/2008 1:48 PM 24784]
S3 MA8500M;MA8500M;c:\windows\system32\drivers\MA8500M.sys [5/27/2008 1:48 PM 25300]
S3 MA8500U;MA8500U;c:\windows\system32\drivers\MA8500U.sys [5/27/2008 1:48 PM 49109]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp --> c:\windows\system32\3D.tmp [?]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\netr73.sys [12/29/2006 1:49 AM 247808]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872]
S3 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [12/21/2010 7:04 AM 987704]
S3 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [12/21/2010 7:04 AM 399416]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 VisorUsb;Handspring USB;c:\windows\system32\DRIVERS\VisorUsb.sys --> c:\windows\system32\DRIVERS\VisorUsb.sys [?]
S4 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [9/28/2010 2:02 PM 220128]

--- Other Services/Drivers In Memory ---

*Deregistered* - klmd25

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2011-01-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-06 c:\windows\Tasks\HPFRU Task 2003-06-24 19:40ewlett-Packard2003-06-24 19:40p officejet 7100 series2889F2163A36016833EE17BCE444564664912314172033397.job
- c:\program files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe [2003-06-25 06:10]

2011-01-06 c:\windows\Tasks\HPFRU Task 2003-06-24 19:40ewlett-Packard2003-06-24 19:40p officejet 7100 series2889F2163A36016833EE17BCE444564664912314222789422.job
- c:\program files\Hewlett-Packard\AiO\Shared\bin\hpqfrucl.exe [2003-06-25 06:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\*.windowsupdate
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: windowsupdate.com\download
Trusted Zone: musicmatch.com\online
TCP: {5434DCB3-376D-4633-89EB-AE97A9EB089D} = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: LinkExtend: {cf47767d-5f3a-4e32-9fce-5d79565c9702} - %profile%\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {B13721C7-F507-4982-B2E5-502A71474FED} - c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: [email protected] - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\program files\Analyzeme\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 17:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3D.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-1801674531-725345543-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,b5,4e,fb,0d,30,ff,44,89,ef,a9,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,b5,4e,fb,0d,30,ff,44,89,ef,a9,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,70,b5,4e,fb,0d,30,ff,44,89,ef,a9,\

[HKEY_USERS\S-1-5-21-1482476501-1801674531-725345543-500\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
Completion time: 2011-01-08 17:41:38
ComboFix-quarantined-files.txt 2011-01-08 22:41

Pre-Run: 35,127,402,496 bytes free
Post-Run: 35,105,079,296 bytes free

- - End Of File - - 41C17BA1CA707224E3326A61245366B0

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:49:35 PM, on 1/8/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Documents and Settings\Administrator\Desktop\Emergency Malware programs 3 19 07\analyzeme122910.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Secunia PSI (BETA).lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Secunia PSI (BETA).lnk.disabled (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk.disabled
O4 - Startup: Secunia PSI (BETA).lnk.disabled
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled
O4 - Global Startup: Secunia PSI Tray.lnk.disabled
O4 - Global Startup: WD Backup Monitor.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182743078562
O17 - HKLM\System\CCS\Services\Tcpip\..\{5434DCB3-376D-4633-89EB-AE97A9EB089D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6628 bytes
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,460
Did you have Ad-Aware and AVG installed at one time?

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs prior to running the tool.
  • Double click on MBRCheck.exe to run it. Please allow any prompts popped by Windows in order to run the tool.
    (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A command window will pop open and run. If any unknown MBR Code is found, you will have further options prompted, at this time please press N then press Enter.
  • Press Enter again to exit the program.
  • If nothing unusual is found, you will be shown the machine MBR status. Just press Enter to exit.
  • A text file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
Yes, I did have Lavasoft Adaware and AVG on my system a long time ago.

I no longer use them and if there are remnants they can be removed. I probably have a lot of garbage on my machine from the past which I am trying to clean up. The worst may be remnants of installs/uninstalls in the registry.

I try to surf safely not visiting questionable bad sites and I avoid downloading programs unless I really seem to need them. I download only from reputable sites or reputable computer advice sites per their links (if the download site still seems safe per WOT, Macafee siteadvisior, linkextend. It is still challenge keeping a computer malware free.

Also, i looked at the Combofix log

I did have Citrix netmeeting program once installed which might explain the "g2mdlhlpx.exe". If I didn't unintall this utility i can do so now as I no longer use it. (If I need it again it will be reinstalled)

The install.exe is of more concern. I do not know what this is about.

Thanks for your help. I will run this tool.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 158):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806FF000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xF75A8000 ACPI.sys
0xF7989000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF7597000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xF74D8000 ftdisk.sys
0xF798B000 dmload.sys
0xF74B2000 dmio.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xF749A000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF747A000 fltmgr.sys
0xF7647000 PxHelp20.sys
0xF7465000 drvmcdb.sys
0xF744E000 KSecDD.sys
0xF7B52000 Ntfs.sys
0xF7421000 NDIS.sys
0xF740D000 srescan.sys
0xF7717000 pssnap.sys
0xF787D000 Mup.sys
0xF7657000 agp440.sys
0xF771F000 hotcore3.sys
0xF7677000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xBA52F000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xBA51B000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF775F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xBA4F7000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7767000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF7687000 \SystemRoot\system32\DRIVERS\IntelC53.sys
0xBA4D4000 \SystemRoot\system32\DRIVERS\ks.sys
0xBA38C000 \SystemRoot\system32\DRIVERS\IntelC51.sys
0xBA2F4000 \SystemRoot\system32\DRIVERS\IntelC52.sys
0xF777F000 \SystemRoot\system32\DRIVERS\mohfilt.sys
0xF778F000 \SystemRoot\System32\Drivers\Modem.SYS
0xBA2D0000 \SystemRoot\system32\DRIVERS\e100b325.sys
0xF779F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7697000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF77AF000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF77B7000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF76A7000 \SystemRoot\System32\DRIVERS\serial.sys
0xF792B000 \SystemRoot\System32\DRIVERS\serenum.sys
0xBA2BC000 \SystemRoot\System32\DRIVERS\parport.sys
0xF76B7000 \SystemRoot\System32\DRIVERS\imapi.sys
0xF77BF000 \SystemRoot\system32\drivers\Afc.sys
0xF7991000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xF76C7000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF76D7000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF77D7000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0xBA1E6000 \SystemRoot\system32\drivers\smwdm.sys
0xBA19A000 \SystemRoot\system32\drivers\portcls.sys
0xF76E7000 \SystemRoot\system32\drivers\drmk.sys
0xF7995000 \SystemRoot\system32\drivers\aeaudio.sys
0xF7A6E000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF76F7000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF7947000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBA183000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7587000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7577000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7807000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xBA0D2000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7567000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7817000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF774F000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7757000 \SystemRoot\system32\DRIVERS\wanatw4.sys
0xF7999000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA0A2000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7557000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF799F000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBA044000 \SystemRoot\System32\DRIVERS\update.sys
0xBA7E0000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7787000 \SystemRoot\system32\DRIVERS\UimBus.sys
0xB9FDF000 \SystemRoot\System32\Drivers\Uim_IM.sys
0xB9FA3000 \SystemRoot\System32\Drivers\UimFIO.SYS
0xF7547000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xF7537000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF79A9000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7933000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xBA2B4000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xB8E2B000 \SystemRoot\system32\DRIVERS\klif.sys
0xF79AD000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7A5A000 \SystemRoot\System32\Drivers\Null.SYS
0xF79B1000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA28C000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA284000 \SystemRoot\System32\drivers\vga.sys
0xF79B5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79B9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA274000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF77C7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBA1CA000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xB8DA8000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xB8D4F000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xB8CFF000 \SystemRoot\System32\DRIVERS\netbt.sys
0xB8CCF000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xB8C64000 \SystemRoot\System32\vsdatant.sys
0xF7517000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xB8C42000 \SystemRoot\System32\drivers\afd.sys
0xF7507000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF77F7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0xB8C20000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF781F000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB8BF5000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xB9F93000 \SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS
0xB8B85000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xBA7B8000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7AC0000 \SystemRoot\System32\Drivers\BANTExt.sys
0xB8ABF000 \SystemRoot\system32\DRIVERS\avipbb.sys
0xB843A000 \SystemRoot\system32\DRIVERS\lvuvc.sys
0xF79C7000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0xBA798000 \SystemRoot\system32\drivers\usbaudio.sys
0xB83F6000 \SystemRoot\system32\DRIVERS\lvrs.sys
0xBA788000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB83B6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79F1000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF792F000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8DE3000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7A7C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB7149000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0xB71EA000 \??\C:\WINDOWS\system32\drivers\mbam.sys
0xF74F7000 \SystemRoot\system32\drivers\drvnddm.sys
0xF7AAF000 \SystemRoot\system32\dla\tfsndres.sys
0xB7134000 \SystemRoot\system32\dla\tfsnifs.sys
0xB71DA000 \SystemRoot\system32\dla\tfsnopio.sys
0xF79A7000 \SystemRoot\system32\dla\tfsnpool.sys
0xB8DD3000 \SystemRoot\system32\dla\tfsnboio.sys
0xB8B75000 \SystemRoot\system32\dla\tfsncofs.sys
0xF7A82000 \SystemRoot\system32\dla\tfsndrct.sys
0xB711C000 \SystemRoot\system32\dla\tfsnudf.sys
0xB7103000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB7176000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xB66A5000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB6460000 \SystemRoot\system32\drivers\wdmaud.sys
0xB65DD000 \SystemRoot\system32\drivers\sysaudio.sys
0xB63E5000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xB65B5000 \SystemRoot\system32\DRIVERS\MaVc2K.sys
0xF79A5000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB61A5000 \SystemRoot\System32\DRIVERS\srv.sys
0xB6165000 \??\C:\WINDOWS\system32\drivers\tmcomm.sys
0xB8DDB000 \SystemRoot\system32\Drivers\LVPr2Mon.sys
0xB5CFC000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xB4923000 \SystemRoot\system32\DRIVERS\sr.sys
0xF79D5000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB5B64000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys
0xF776F000 \??\C:\WINDOWS\system32\drivers\mbamswissarmy.sys
0xB32EC000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 32):
0 System Idle Process
4 System
644 C:\WINDOWS\system32\smss.exe
700 csrss.exe
724 C:\WINDOWS\system32\winlogon.exe
768 C:\WINDOWS\system32\services.exe
780 C:\WINDOWS\system32\lsass.exe
976 C:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1152 C:\WINDOWS\system32\svchost.exe
1248 svchost.exe
1392 svchost.exe
1964 C:\WINDOWS\system32\spoolsv.exe
2004 C:\Program Files\Avira\AntiVir Desktop\sched.exe
432 svchost.exe
496 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
532 C:\Program Files\Java\jre6\bin\jqs.exe
412 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
144 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
996 C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
1120 C:\WINDOWS\system32\svchost.exe
1264 C:\WINDOWS\wanmpsvc.exe
2388 alg.exe
2912 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2928 C:\WINDOWS\system32\dla\tfswctrl.exe
2964 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3012 C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
3068 C:\WINDOWS\system32\ctfmon.exe
4036 C:\WINDOWS\explorer.exe
2268 C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
204 C:\Program Files\Internet Explorer\iexplore.exe
1328 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST3120814A, Rev: 3.AAJ

Size Device Name MBR Status
--------------------------------------------
111 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,460
Download OTS.exe to your Desktop.
  1. Close any open browsers.
  2. If your Real protection or Antivirus interferes with OTS, allow it to run.
  3. Double-click on OTS.exe to start the program.
  4. In Additional Scans section put a check in Disabled MS Config Items and EventViewer logs
  5. Now click the Run Scan button on the toolbar.
  6. Let it run unhindered until it finishes.
  7. When the scan is complete Notepad will open with the report file loaded in it.
  8. Save that notepad file.
Use the Reply button, scroll down to the attachments section and attach the notepad file here.
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I made the changes in OTC for the advanced settings.


Code:
OTS logfile created on: 1/9/2011 4:20:59 PM - Run 1
OTS by OldTimer - Version 3.1.41.0     Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.78 Gb Total Space | 32.24 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: DELL
Current User Name: Owner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
 
[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/01/09 16:17:13 | 000,642,560 | ---- | M] (OldTimer Tools)
mbamservice.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation)
mbamgui.exe -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe -> [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation)
avguard.exe -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2010/12/12 12:30:19 | 000,267,944 | ---- | M] (Avira GmbH)
sched.exe -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH)
avgnt.exe -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe -> [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH)
opendnsupdater.exe -> C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe -> [2010/06/16 16:42:58 | 000,839,680 | ---- | M] ()
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.)
avshadow.exe -> C:\Program Files\Avira\AntiVir Desktop\avshadow.exe -> [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2009/02/15 22:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\ZoneAlarm\zlclient.exe -> [2009/02/15 22:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD)
mcsacore.exe -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 11:04:44 | 000,203,280 | ---- | M] ()
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.)
 
[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/01/09 16:17:13 | 000,642,560 | ---- | M] (OldTimer Tools)
comctl32.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll -> [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation)
 
[Win32 Services - Safe List]
(HidServ) Human Interface Device Access [On_Demand | Stopped] -> C:\WINDOWS\System32\hidserv.dll -> File not found
(getPlusHelper) getPlus(R) Helper [Disabled | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> File not found
(Secunia PSI Agent) Secunia PSI Agent [On_Demand | Stopped] -> C:\Program Files\Secunia\PSI\PSIA.exe -> [2010/12/21 07:04:30 | 000,987,704 | ---- | M] (Secunia)
(Secunia Update Agent) Secunia Update Agent [On_Demand | Stopped] -> C:\Program Files\Secunia\PSI\sua.exe -> [2010/12/21 07:04:30 | 000,399,416 | ---- | M] (Secunia)
(MBAMService) MBAMService [Auto | Running] -> C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -> [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation)
(AntiVirService) Avira AntiVir Guard [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\avguard.exe -> [2010/12/12 12:30:19 | 000,267,944 | ---- | M] (Avira GmbH)
(Apple Mobile Device) Apple Mobile Device [Disabled | Stopped] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.)
(ReflectService) Macrium Reflect Image Mounting Service [Disabled | Stopped] -> C:\Program Files\Macrium\Reflect\ReflectService.exe -> [2010/09/28 14:02:58 | 000,220,128 | ---- | M] ()
(AntiVirSchedulerService) Avira AntiVir Scheduler [Auto | Running] -> C:\Program Files\Avira\AntiVir Desktop\sched.exe -> [2010/08/02 16:10:00 | 000,135,336 | ---- | M] (Avira GmbH)
(LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -> [2010/05/07 17:47:32 | 000,162,648 | ---- | M] (Logitech Inc.)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2009/02/15 22:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD)
(McAfee SiteAdvisor Service) McAfee SiteAdvisor Service [Auto | Running] -> C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -> [2008/10/08 11:04:44 | 000,203,280 | ---- | M] ()
(CCALib8) Canon Camera Access Library 8 [On_Demand | Stopped] -> C:\Program Files\Canon\CAL\CALMAIN.exe -> [2007/01/31 13:55:42 | 000,096,370 | ---- | M] (Canon Inc.)
(AOL ACS) AOL Connectivity Service [Disabled | Stopped] -> C:\Program Files\Common Files\AOL\ACS\acsd.exe -> [2003/08/19 12:27:52 | 001,376,360 | ---- | M] (America Online, Inc.)
(ICDSPTSV) Sony SPTI Service for DVE [On_Demand | Stopped] -> C:\WINDOWS\system32\IcdSptSv.exe -> [2003/04/01 22:08:30 | 000,069,632 | ---- | M] (Sony Corporation)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2003/01/10 17:13:04 | 000,065,536 | ---- | M] (America Online, Inc.)
 
[Driver Services - Safe List]
(VisorUsb) Handspring USB [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\VisorUsb.sys -> File not found
(TMPassthruMP) TMPassthruMP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\TMPassthru.sys -> File not found
(MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\3D.tmp -> File not found
(Lbd) Lbd [File_System | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\Lbd.sys -> File not found
(catchme) catchme [Kernel | On_Demand | Stopped] -> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -> File not found
(avipbb) avipbb [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\avipbb.sys -> [2010/12/29 19:49:27 | 000,135,096 | ---- | M] (Avira GmbH)
(MBAMProtector) MBAMProtector [File_System | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
(avgntflt) avgntflt [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\avgntflt.sys -> [2010/12/05 20:47:59 | 000,061,960 | ---- | M] (Avira GmbH)
(pssnap) Paramount Software Snapshot Filter [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\pssnap.sys -> [2010/09/28 14:03:22 | 000,015,328 | ---- | M] (Macrium Software)
(PSI) PSI [File_System | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psi_mf.sys -> [2010/09/01 03:30:58 | 000,015,544 | ---- | M] (Secunia)
(Uim_IM) UIM Drive Backup Image Plugin [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\Uim_IM.sys -> [2010/08/25 14:45:28 | 000,395,464 | ---- | M] (Paragon)
(hotcore3) hc3ServiceName [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\hotcore3.sys -> [2010/08/25 14:45:28 | 000,056,208 | ---- | M] (Paragon Software Group)
(UimBus) Universal Image Mounter Controller [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\UimBus.sys -> [2010/08/25 14:45:28 | 000,037,080 | ---- | M] (Windows (R) 2000 DDK provider)
(FilterService) UVCFilterService [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\lvuvcflt.sys -> [2010/07/27 03:15:20 | 000,023,904 | ---- | M] (Logitech Inc.)
(LVUVC) Logitech Webcam 500(UVC) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\lvuvc.sys -> [2010/07/27 03:14:58 | 006,842,464 | ---- | M] (Logitech Inc.)
(LVRS) Logitech RightSound Filter Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\lvrs.sys -> [2010/07/27 03:12:50 | 000,282,336 | ---- | M] (Logitech Inc.)
(ssmdrv) ssmdrv [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ssmdrv.sys -> [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH)
(avgio) avgio [Kernel | System | Running] -> C:\Program Files\Avira\AntiVir Desktop\avgio.sys -> [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH)
(SASKUTIL) SASKUTIL [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -> [2010/06/03 22:44:05 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(LVPr2Mon) LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2010/05/07 17:43:30 | 000,025,824 | ---- | M] ()
(SASDIFSV) SASDIFSV [Kernel | System | Running] -> C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -> [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
(SASENUM) SASENUM [Kernel | On_Demand | Stopped] -> C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -> [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2009/02/15 22:10:26 | 000,353,672 | ---- | M] (Check Point Software Technologies LTD)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2009/01/16 22:53:59 | 000,102,664 | ---- | M] (Trend Micro Inc.)
(KLIF) KLIF [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\klif.sys -> [2008/12/11 21:32:42 | 000,148,496 | ---- | M] (Kaspersky Lab)
(srescan) srescan [Kernel | Boot | Running] -> C:\WINDOWS\system32\ZoneLabs\srescan.sys -> [2008/11/17 01:24:00 | 000,051,688 | ---- | M] (Check Point Software Technologies LTD)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 23:15:14 | 000,060,032 | ---- | M] (Microsoft Corporation)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/03/06 10:51:14 | 000,003,840 | ---- | M] ()
(MA8500U) MA8500U [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MA8500U.sys -> [2007/10/29 14:32:00 | 000,049,109 | ---- | M] (Mobile Action Technology Inc.)
(MaVctrl) MaVctrl [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\MaVc2K.sys -> [2007/01/16 10:44:46 | 000,011,986 | ---- | M] (Mobile Action Technology Inc.)
(grmn0400) grmn0400.Sys Garmin USB HS DCP driver (install) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\grmn0400.sys -> [2007/01/05 15:51:40 | 000,022,184 | ---- | M] (GARMIN Corp.)
(grmn1200) grmn0200.Sys Garmin USB DCP driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\grmn1200.sys -> [2007/01/05 15:51:38 | 000,017,448 | ---- | M] (GARMIN Corp.)
(grmn0200) grmn0200.Sys Garmin USB DCP driver (install) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\grmn0200.sys -> [2007/01/05 15:51:36 | 000,023,208 | ---- | M] (GARMIN Corp.)
(netr73) Linksys Compact Wireless-G USB Adapter Driver for Vista [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\netr73.sys -> [2006/12/29 01:49:00 | 000,247,808 | ---- | M] (Ralink Technology Inc.)
(IntelC52) IntelC52 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC52.sys -> [2006/03/01 20:30:54 | 000,618,880 | ---- | M] (Intel Corporation)
(RT73) Linksys Home Wireless-G USB Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\rt73.sys -> [2005/11/24 06:51:38 | 000,245,248 | R--- | M] (Ralink Technology, Corp.)
(MaRdPnp) MaRdPnp [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\mardp2k.sys -> [2005/08/17 22:44:50 | 000,049,867 | R--- | M] (Mobile Action Technology Inc.)
(ma8500c) ma8500c [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ma8500c.sys -> [2005/06/16 17:11:58 | 000,024,784 | ---- | M] (Mobile Action Technology Inc.)
(IntelC51) IntelC51 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC51.sys -> [2005/05/06 14:42:26 | 001,339,776 | ---- | M] (Intel Corporation)
(IntelC53) IntelC53 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\IntelC53.sys -> [2005/05/06 14:40:50 | 000,047,360 | ---- | M] (Intel Corporation)
(mohfilt) mohfilt [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\mohfilt.sys -> [2005/05/06 14:40:20 | 000,036,880 | ---- | M] (Intel Corporation)
(Afc) PPdus ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\afc.sys -> [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.)
(MA8500M) MA8500M [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\MA8500M.sys -> [2004/09/16 16:11:02 | 000,025,300 | ---- | M] (Mobile Action Technology Inc.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation)
(ATWPKT2) ATWPKT2 [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\AOL\ACS\ATWPkt2.sys -> [2003/08/06 17:02:34 | 000,017,613 | ---- | M] (America Online)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudfa.sys -> [2003/08/06 01:04:00 | 000,100,373 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudf.sys -> [2003/08/06 01:04:00 | 000,098,068 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnifs.sys -> [2003/08/06 01:04:00 | 000,083,284 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsncofs.sys -> [2003/08/06 01:04:00 | 000,034,837 | ---- | M] (Sonic Solutions)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnboio.sys -> [2003/08/06 01:04:00 | 000,025,685 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnopio.sys -> [2003/08/06 01:04:00 | 000,014,229 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnpool.sys -> [2003/08/06 01:04:00 | 000,006,357 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndrct.sys -> [2003/08/06 01:04:00 | 000,004,117 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndres.sys -> [2003/08/06 01:04:00 | 000,002,233 | ---- | M] (Sonic Solutions)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2003/07/31 03:21:00 | 000,084,576 | ---- | M] (Sonic Solutions)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\sscdbhk5.sys -> [2003/07/14 11:28:40 | 000,005,621 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\system32\drivers\ssrtln.sys -> [2003/07/14 11:28:22 | 000,023,219 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\drvnddm.sys -> [2003/06/20 02:56:00 | 000,040,448 | ---- | M] (Sonic Solutions)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2003/01/10 17:13:04 | 000,033,588 | ---- | M] (America Online, Inc.)
(ICDUSB2) Sony IC Recorder (P) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\IcdUsb2.sys -> [2002/11/28 21:23:24 | 000,039,048 | ---- | M] (Sony Corporation)
(PalmUSBD) PalmUSBD [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PalmUSBD.sys -> [2002/05/22 11:42:42 | 000,015,326 | ---- | M] (Palm, Inc.)
(OMCI) OMCI [Kernel | System | Running] -> C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS -> [2001/08/22 08:42:58 | 000,013,632 | ---- | M] (Dell Computer Corporation)
 
[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> 
HKEY_LOCAL_MACHINE\: Main\\"StartPage" -> http://www.optonline.net -> 
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> 
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.google.com/ -> 
HKEY_CURRENT_USER\: SearchURL\CNNSI\\"" -> search.sportsillustrated.cnn.com/pages/search.jsp?query=%s -> 
HKEY_CURRENT_USER\: SearchURL\Dictionary\\"" -> dictionary.reference.com/search?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\Google\\"" -> google.com/search?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\GoogleGroups\\"" -> groups-beta.google.com/groups?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\GoogleImages\\"" -> images.google.com/images?hl=en&lr=&q=%s -> 
HKEY_CURRENT_USER\: SearchURL\GoogleNews\\"" -> news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News -> 
HKEY_CURRENT_USER\: SearchURL\KB\\"" -> support.microsoft.com/search/default.aspx?query=%s -> 
HKEY_CURRENT_USER\: SearchURL\KBDLL\\"" -> support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1 -> 
HKEY_CURRENT_USER\: SearchURL\Movies\\"" -> fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s -> 
HKEY_CURRENT_USER\: SearchURL\MSN\\"" -> search.msn.com/results.asp?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\Thesaurus\\"" -> thesaurus.reference.com/search?q=%s -> 
HKEY_CURRENT_USER\: SearchURL\Weather\\"" -> weather.com/weather/local/%s -> 
HKEY_CURRENT_USER\: SearchURL\Yahoo\\"" -> search.yahoo.com/search?p=%s -> 
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 -> 
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local -> 
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\lxg22szv.default\prefs.js -> 
browser.startup.homepage -> "www.msn.com" ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions ->  -> 
HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45} -> C:\Program Files\McAfee\SiteAdvisor [C:\PROGRAM FILES\MCAFEE\SITEADVISOR] -> [2010/03/02 19:13:43 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions ->  -> 
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/01/03 23:10:57 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/12/31 10:33:13 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions ->  -> 
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components -> C:\Program Files\Mozilla Thunderbird\components [C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS] -> [2010/12/31 10:21:45 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins -> C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS -> 
< FireFox Extensions [User Folders] > -> 
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions -> [2010/08/19 22:35:01 | 000,000,000 | ---D | M]
No name found   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/08/19 22:35:01 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions -> [2011/01/09 12:03:23 | 000,000,000 | ---D | M]
NoScript   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2011/01/05 00:06:47 | 000,000,000 | ---D | M]
WOT   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} -> [2010/09/09 20:43:45 | 000,000,000 | ---D | M]
LinkExtend   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{cf47767d-5f3a-4e32-9fce-5d79565c9702} -> [2010/11/28 00:08:56 | 000,000,000 | ---D | M]
Adblock Plus   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} -> [2010/12/30 13:33:37 | 000,000,000 | ---D | M]
"BetterPrivacy"   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3} -> [2010/09/20 23:01:06 | 000,000,000 | ---D | M]
Adobe DLM (powered by getPlus(R))   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} -> [2010/06/26 19:37:20 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xcqg4yz.profile052308\extensions\[email protected] -> [2010/09/22 20:06:11 | 000,000,000 | ---D | M]
  -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions -> [2008/05/23 23:31:11 | 000,000,000 | ---D | M]
NoScript   -> C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\lxg22szv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} -> [2008/05/11 09:06:26 | 000,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > -> 
  -> C:\Program Files\Mozilla Firefox\extensions -> [2011/01/09 16:14:28 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} -> [2010/11/08 23:42:33 | 000,000,000 | ---D | M]
Java Console   -> C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} -> [2010/12/29 19:55:48 | 000,000,000 | ---D | M]
< HOSTS File > ([2011/01/08 17:37:01 | 000,000,027 | ---- | M] - 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts -> 
Reset Hosts
127.0.0.1       localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> 
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2003/08/06 01:04:00 | 000,106,548 | ---- | M] (Sonic Solutions)
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor BHO] -> [2008/09/30 12:05:24 | 000,145,424 | ---- | M] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> 
"{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}" [HKLM] -> c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll [McAfee SiteAdvisor Toolbar] -> [2008/09/30 12:05:24 | 000,145,424 | ---- | M] ()
"{4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29}" [HKLM] -> C:\Program Files\ComcastToolbar\comcasttoolbar.dll [Comcast Toolbar] -> [2006/11/07 14:21:58 | 001,821,184 | ---- | M] (Comcast Cable Communications.                )
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"avgnt" -> C:\Program Files\Avira\AntiVir Desktop\avgnt.exe ["C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min] -> [2010/08/02 16:09:55 | 000,281,768 | ---- | M] (Avira GmbH)
"Malwarebytes' Anti-Malware" -> C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ["C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray] -> [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation)
"ZoneAlarm Client" -> C:\Program Files\ZoneAlarm\zlclient.exe ["C:\Program Files\ZoneAlarm\zlclient.exe"] -> [2009/02/15 22:10:22 | 000,981,384 | ---- | M] (Check Point Software Technologies LTD)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> 
"OpenDNS Updater" -> C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe ["C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart] -> [2010/06/16 16:42:58 | 000,839,680 | ---- | M] ()
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Logitech . Product Registration.lnk.disabled -> [2010/08/31 19:51:26 | 000,000,749 | ---- | M] ()
 -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Secunia PSI (BETA).lnk.disabled -> [2007/10/07 00:56:07 | 000,000,743 | ---- | M] ()
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> 
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled -> [2008/09/30 10:44:13 | 000,001,228 | ---- | M] ()
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled -> [2010/12/31 10:07:06 | 000,000,753 | ---- | M] ()
 -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk.disabled -> [2007/02/21 09:33:44 | 000,001,631 | ---- | M] ()
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> 
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoCDBurning" ->  [0] -> File not found
\\"HonorAutoRunSetting" ->  [1] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings - Explorer [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" ->  [323] -> File not found
\\"NoDriveAutoRun" ->  [67108863] -> File not found
\\"NoDrives" ->  [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> 
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> 
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 15:31:02 | 001,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> 
CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] ->  [Reg Error: Value error.] -> File not found
CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] ->  [Reg Error: Key error.] -> File not found
CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] ->  [Reg Error: Key error.] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> 
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7582 domain(s) found. -> 
online_musicmatch.com [https] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. -> 
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 33558 domain(s) found. -> 
internet .[about] -> Trusted sites -> 
mcafee.com .[https] -> Trusted sites -> 
*.update_microsoft.com [http] -> Trusted sites -> 
*.update_microsoft.com [https] -> Trusted sites -> 
*.windowsupdate_microsoft.com [http] -> Trusted sites -> 
update_microsoft.com [http] -> Trusted sites -> 
windowsupdate_microsoft.com [http] -> Trusted sites -> 
download_windowsupdate.com [http] -> Trusted sites -> 
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 36 range(s) found. -> 
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> 
{01A88BB1-1174-41EC-ACCB-963509EAE56B} [HKLM] -> http://support.dell.com/systemprofiler/SysPro.CAB [SysProWmi Class] -> 
{0DB074F0-617E-4EE9-912C-2965CF2AA5A4} [HKLM] -> http://download.microsoft.com/download/7/0/7/707a44ad-52ad-49af-b7ef-e21b6b0656e4/VirtualEarth3D.cab [SentinelVE3D Class] -> 
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} [HKLM] -> http://download.bitdefender.com/resources/scan8/oscan8.cab [BDSCANONLINE Control] -> 
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1182743078562 [MUWebControl Class] -> 
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab [Java Plug-in 1.6.0_23] -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> 
DhcpNameServer -> 75.75.75.75 75.75.76.76 -> 
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> 
{5434DCB3-376D-4633-89EB-AE97A9EB089D}\\DhcpNameServer -> 75.75.75.75 75.75.76.76   (Intel(R) PRO/100 VE Network Connection) -> 
{5434DCB3-376D-4633-89EB-AE97A9EB089D}\\NameServer -> 208.67.222.222,208.67.220.220   (Intel(R) PRO/100 VE Network Connection) -> 
IE Styles -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles
"MaxScriptStatements" -> Reg Error: Invalid data type.
"Use My Stylesheet" -> Reg Error: Invalid data type.
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> 
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> 
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> -> 
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks -> 
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" [HKLM] -> C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [] -> [2008/05/13 09:13:36 | 000,077,824 | ---- | M] (SuperAdBlocker.com)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> 
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> 
"C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe" -> C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe [C:\Program Files\Adobe\Acrobat.com\Acrobat.com.exe:*:Enabled:Acrobat.com] -> [2009/06/27 18:05:57 | 000,095,744 | ---- | M] ()
"C:\Program Files\America Online 9.0\aol.exe" -> C:\Program Files\America Online 9.0\aol.exe [C:\Program Files\America Online 9.0\aol.exe:*:Enabled:America Online 9.0] -> [2003/08/09 17:36:02 | 000,045,139 | ---- | M] (America Online, Inc.)
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe] -> [2007/07/05 09:55:36 | 000,353,280 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\Grisoft\AVG7\avgemc.exe" -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe] -> [2007/07/05 09:55:37 | 000,352,768 | ---- | M] (GRISOFT, s.r.o.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/12/13 17:16:14 | 009,777,448 | ---- | M] (Apple Inc.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" -> C:\Program Files\Logitech\Logitech Vid\Vid.exe [C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid] -> [2009/07/16 15:35:42 | 005,458,704 | ---- | M] (Logitech Inc.)
"C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe" -> C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe [C:\Program Files\Microsoft Baseline Security Analyzer 2\mbsa.exe:*:Enabled:Microsoft Baseline Security Analyzer 2.0.1] -> [2006/11/06 16:54:10 | 000,051,200 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" -> C:\Program Files\Mozilla Firefox\firefox.exe [C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox] -> [2010/12/12 21:49:36 | 000,912,344 | ---- | M] (Mozilla Corporation)
"C:\Program Files\My Book\WD Backup\uBBMonitor.exe" -> C:\Program Files\My Book\WD Backup\uBBMonitor.exe [C:\Program Files\My Book\WD Backup\uBBMonitor.exe:*:Enabled:WD Backup Monitor] -> [2006/01/22 18:30:16 | 000,098,304 | ---- | M] (ArcSoft, Inc.)
"C:\Program Files\My Book\WD Backup\uWDBackup.exe" -> C:\Program Files\My Book\WD Backup\uWDBackup.exe [C:\Program Files\My Book\WD Backup\uWDBackup.exe:*:Enabled:WD Backup] -> [2006/01/22 19:51:06 | 000,466,944 | ---- | M] (ArcSoft, Inc.)
"C:\Program Files\Palm\HotSync.exe" -> C:\Program Files\Palm\HotSync.exe [C:\Program Files\Palm\HotSync.exe:*:Enabled:HotSync Manager] -> [2002/05/22 11:42:36 | 000,299,008 | ---- | M] (Palm, Inc.)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe [C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service] -> [2009/02/15 22:10:22 | 002,402,184 | ---- | M] (Check Point Software Technologies LTD)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> 
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 -> 
"DisplayName" -> CD-ROM Driver -> 
"ImagePath" ->  [System32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > ->  -> 
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2007/02/19 22:06:40 | 000,000,000 | -HS- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> 
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> 
comfile [open] -> "%1" %* -> 
exefile [open] -> "%1" %* -> 
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> 
.com [@ = ComFile] -> "%1" %* -> 
.exe [@ = exefile] -> "%1" %* -> 
 
[Registry - Additional Scans - Safe List]
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state -> 
"bootini" -> 0 -> 
"services" -> 0 -> 
"startup" -> 0 -> 
"system.ini" -> 0 -> 
"win.ini" -> 0 -> 
< EventViewer Logs - Last 10 Errors > -> Event Information -> Description
Application [ Error ] 1/4/2011 12:00:17 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/4/2011 9:55:52 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/5/2011 12:09:18 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/5/2011 9:21:00 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/6/2011 12:26:27 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/7/2011 9:20:08 AM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/7/2011 9:21:21 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/8/2011 11:06:56 AM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/8/2011 3:54:26 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
Application [ Error ] 1/9/2011 5:10:02 PM Computer Name = DELL | Source = crypt32 | ID = 131080 -> Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.  
System [ Error ] 1/8/2011 2:00:17 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:17 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:23 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:23 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:29 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:29 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:35 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:35 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:41 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
System [ Error ] 1/8/2011 2:00:41 PM Computer Name = DELL | Source = DCOM | ID = 10005 -> Description = DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Service with arguments ""  in order to run the server:  {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
 
[Files/Folders - Created Within 30 Days]
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/01/09 16:17:12 | 000,642,560 | ---- | C] (OldTimer Tools)
 Tech Guy Support 1-8-2011 -> C:\Documents and Settings\Administrator\Desktop\Tech Guy Support 1-8-2011 -> [2011/01/08 20:44:06 | 000,000,000 | ---D | C]
 RECYCLER -> C:\RECYCLER -> [2011/01/08 17:52:56 | 000,000,000 | -HSD | C]
 SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2011/01/08 17:27:31 | 000,212,480 | ---- | C] (SteelWerX)
 SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2011/01/08 17:27:31 | 000,161,792 | ---- | C] (SteelWerX)
 SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2011/01/08 17:27:31 | 000,136,704 | ---- | C] (SteelWerX)
 NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2011/01/08 17:27:31 | 000,031,232 | ---- | C] (NirSoft)
 Qoobox -> C:\Qoobox -> [2011/01/08 17:26:52 | 000,000,000 | ---D | C]
 iTunes -> C:\Documents and Settings\All Users\Start Menu\Programs\iTunes -> [2010/12/31 10:25:01 | 000,000,000 | ---D | C]
 iPod -> C:\Program Files\iPod -> [2010/12/31 10:23:58 | 000,000,000 | ---D | C]
 iTunes -> C:\Program Files\iTunes -> [2010/12/31 10:23:54 | 000,000,000 | ---D | C]
 Bonjour -> C:\Program Files\Bonjour -> [2010/12/31 10:19:32 | 000,000,000 | ---D | C]
 Secunia PSI -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Secunia PSI -> [2010/12/31 10:07:19 | 000,000,000 | ---D | C]
 Malware Removal-Tech Support Guy forum 12-30-10 -> C:\Documents and Settings\Administrator\Desktop\Malware Removal-Tech Support Guy forum 12-30-10 -> [2010/12/30 12:39:04 | 000,000,000 | ---D | C]
 Sun -> C:\Documents and Settings\All Users\Application Data\Sun -> [2010/12/29 19:56:28 | 000,000,000 | ---D | C]
 javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/12/29 19:55:44 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.)
 javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/12/29 19:55:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 java.exe -> C:\WINDOWS\System32\java.exe -> [2010/12/29 19:55:44 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.)
 ndproxy.sys -> C:\WINDOWS\System32\dllcache\ndproxy.sys -> [2010/12/14 21:47:25 | 000,040,960 | ---- | C] (Microsoft Corporation)
 wab.exe -> C:\WINDOWS\System32\dllcache\wab.exe -> [2010/12/14 21:46:45 | 000,045,568 | ---- | C] (Microsoft Corporation)
 archive_db -> C:\archive_db -> [2010/12/12 01:47:01 | 000,000,000 | ---D | C]
 New Folder 1 -> C:\New Folder 1 -> [2010/12/12 01:30:35 | 000,000,000 | ---D | C]
 launcher -> C:\Documents and Settings\All Users\Application Data\launcher -> [2010/12/12 01:15:26 | 000,000,000 | ---D | C]
 hotcore3.sys -> C:\WINDOWS\System32\drivers\hotcore3.sys -> [2010/12/12 01:14:39 | 000,056,208 | ---- | C] (Paragon Software Group)
 Paragon Backup & Recovery™ 2010 Free Advanced -> C:\Documents and Settings\Administrator\Start Menu\Programs\Paragon Backup & Recovery™ 2010 Free Advanced -> [2010/12/12 01:14:36 | 000,000,000 | ---D | C]
 Paragon Software -> C:\Program Files\Paragon Software -> [2010/12/12 01:13:35 | 000,000,000 | ---D | C]
 Macrium -> C:\Documents and Settings\All Users\Application Data\Macrium -> [2010/12/12 00:29:32 | 000,000,000 | ---D | C]
 Macrium -> C:\Documents and Settings\Administrator\Start Menu\Programs\Macrium -> [2010/12/12 00:27:14 | 000,000,000 | ---D | C]
 Macrium -> C:\Program Files\Macrium -> [2010/12/12 00:27:12 | 000,000,000 | ---D | C]
 Macrium Drive Imaging -> C:\Documents and Settings\Administrator\Desktop\Macrium Drive Imaging -> [2010/12/11 22:35:16 | 000,000,000 | ---D | C]
 
[Files/Folders - Modified Within 30 Days]
 fidbox.dat -> C:\WINDOWS\System32\drivers\fidbox.dat -> [2011/01/09 16:28:47 | 1858,269,216 | -HS- | M] ()
 OTS.exe -> C:\Documents and Settings\Administrator\Desktop\OTS.exe -> [2011/01/09 16:17:13 | 000,642,560 | ---- | M] (OldTimer Tools)
 vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2011/01/09 16:09:30 | 000,351,220 | -H-- | M] ()
 wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2011/01/09 16:09:21 | 000,002,206 | ---- | M] ()
 bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2011/01/09 16:08:36 | 000,002,048 | --S- | M] ()
 lvuvc.hs -> C:\WINDOWS\System32\drivers\lvuvc.hs -> [2011/01/09 16:08:26 | 000,000,000 | ---- | M] ()
 logiflt.iad -> C:\WINDOWS\System32\drivers\logiflt.iad -> [2011/01/09 16:08:24 | 000,000,000 | ---- | M] ()
 fidbox.idx -> C:\WINDOWS\System32\drivers\fidbox.idx -> [2011/01/09 12:14:52 | 021,776,132 | -HS- | M] ()
 H.S. Correspondence.doc -> C:\Documents and Settings\Administrator\My Documents\H.S. Correspondence.doc -> [2011/01/08 23:46:25 | 000,019,456 | ---- | M] ()
 zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2011/01/08 21:48:51 | 000,004,212 | -H-- | M] ()
 MBRCheck.exe -> C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe -> [2011/01/08 20:21:43 | 000,080,384 | ---- | M] ()
 hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2011/01/08 17:37:01 | 000,000,027 | ---- | M] ()
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2011/01/08 17:19:10 | 004,150,305 | R--- | M] ()
 Rogue Pallidium infection.doc -> C:\Documents and Settings\Administrator\My Documents\Rogue Pallidium infection.doc -> [2011/01/08 13:45:03 | 000,033,792 | ---- | M] ()
 Nano Abstract.doc -> C:\Documents and Settings\Administrator\My Documents\Nano Abstract.doc -> [2011/01/06 15:35:26 | 000,022,528 | ---- | M] ()
 HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1222789422.job -> C:\WINDOWS\tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1222789422.job -> [2011/01/06 11:45:00 | 000,000,392 | ---- | M] ()
 Acton Networkers.doc -> C:\Documents and Settings\Administrator\Desktop\Acton Networkers.doc -> [2011/01/06 11:41:34 | 000,022,528 | ---- | M] ()
 HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1172033397.job -> C:\WINDOWS\tasks\HPFRU Task #Hewlett-Packard#hp officejet 7100 series#1172033397.job -> [2011/01/05 23:55:01 | 000,000,408 | ---- | M] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2011/01/05 21:20:38 | 000,049,152 | ---- | M] ()
 AppleSoftwareUpdate.job -> C:\WINDOWS\tasks\AppleSoftwareUpdate.job -> [2011/01/03 22:42:03 | 000,000,284 | ---- | M] ()
 In Harm's Way- Developmental Toxicants by PSR.pdf -> C:\Documents and Settings\Administrator\Desktop\In Harm's Way- Developmental Toxicants by PSR.pdf -> [2011/01/02 00:14:57 | 002,771,889 | ---- | M] ()
 Secunia PSI Tray.lnk.disabled -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled -> [2010/12/31 10:07:06 | 000,000,753 | ---- | M] ()
 2010-12-30 Malware.doc -> C:\Documents and Settings\Administrator\My Documents\2010-12-30 Malware.doc -> [2010/12/30 19:46:09 | 000,084,480 | ---- | M] ()
 Backup of 2010-12-30 Malware.wbk -> C:\Documents and Settings\Administrator\My Documents\Backup of 2010-12-30 Malware.wbk -> [2010/12/30 19:45:56 | 000,083,456 | ---- | M] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2010/12/29 19:50:54 | 000,000,802 | ---- | M] ()
 avipbb.sys -> C:\WINDOWS\System32\drivers\avipbb.sys -> [2010/12/29 19:49:27 | 000,135,096 | ---- | M] (Avira GmbH)
 Sonia cache cleaning.doc -> C:\Documents and Settings\Administrator\My Documents\Sonia cache cleaning.doc -> [2010/12/21 00:56:28 | 000,019,968 | ---- | M] ()
 mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
 mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation)
 Genealogy Research Plan for Hess.doc -> C:\Documents and Settings\Administrator\My Documents\Genealogy Research Plan for Hess.doc -> [2010/12/19 19:33:03 | 003,229,696 | ---- | M] ()
 Backup of Genealogy Research Plan for Hess.wbk -> C:\Documents and Settings\Administrator\My Documents\Backup of Genealogy Research Plan for Hess.wbk -> [2010/12/19 19:32:04 | 003,229,696 | ---- | M] ()
 FNTCACHE.DAT -> C:\WINDOWS\System32\FNTCACHE.DAT -> [2010/12/15 10:35:20 | 000,130,888 | ---- | M] ()
 imsins.BAK -> C:\WINDOWS\imsins.BAK -> [2010/12/14 22:58:24 | 000,001,393 | ---- | M] ()
 Spybot - Search & Destroy.lnk -> C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk -> [2010/12/12 23:38:03 | 000,000,963 | ---- | M] ()
 hosts.20110108-132159.backup -> C:\WINDOWS\System32\drivers\etc\hosts.20110108-132159.backup -> [2010/12/12 23:00:44 | 000,426,196 | R--- | M] ()
 Paragon Backup & Recovery™ 2010 Free Advanced.lnk -> C:\Documents and Settings\Administrator\Desktop\Paragon Backup & Recovery™ 2010 Free Advanced.lnk -> [2010/12/12 01:14:37 | 000,002,291 | ---- | M] ()
 Macrium Reflect.lnk -> C:\Documents and Settings\Administrator\Desktop\Macrium Reflect.lnk -> [2010/12/12 00:27:14 | 000,002,070 | ---- | M] ()
 Paragon Drive Imaging manual_BR2010FreeAd.pdf -> C:\Documents and Settings\Administrator\Desktop\Paragon Drive Imaging manual_BR2010FreeAd.pdf -> [2010/12/11 22:22:15 | 005,780,633 | ---- | M] ()
 Disk Imaging -Gizmo blog p.4.doc -> C:\Documents and Settings\Administrator\Desktop\Disk Imaging -Gizmo blog p.4.doc -> [2010/12/11 22:09:55 | 000,075,264 | ---- | M] ()
 1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp -> 
 
[Files - No Company Name]
 H.S. Correspondence.doc -> C:\Documents and Settings\Administrator\My Documents\H.S. Correspondence.doc -> [2011/01/08 22:39:01 | 000,019,456 | ---- | C] ()
 MBRCheck.exe -> C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe -> [2011/01/08 20:21:42 | 000,080,384 | ---- | C] ()
 PEV.exe -> C:\WINDOWS\PEV.exe -> [2011/01/08 17:27:31 | 000,256,512 | ---- | C] ()
 sed.exe -> C:\WINDOWS\sed.exe -> [2011/01/08 17:27:31 | 000,098,816 | ---- | C] ()
 MBR.exe -> C:\WINDOWS\MBR.exe -> [2011/01/08 17:27:31 | 000,089,088 | ---- | C] ()
 grep.exe -> C:\WINDOWS\grep.exe -> [2011/01/08 17:27:31 | 000,080,412 | ---- | C] ()
 zip.exe -> C:\WINDOWS\zip.exe -> [2011/01/08 17:27:31 | 000,068,096 | ---- | C] ()
 puppy.exe -> C:\Documents and Settings\Administrator\Desktop\puppy.exe -> [2011/01/08 17:19:09 | 004,150,305 | R--- | C] ()
 Rogue Pallidium infection.doc -> C:\Documents and Settings\Administrator\My Documents\Rogue Pallidium infection.doc -> [2011/01/08 13:28:13 | 000,033,792 | ---- | C] ()
 Nano Abstract.doc -> C:\Documents and Settings\Administrator\My Documents\Nano Abstract.doc -> [2011/01/06 14:56:07 | 000,022,528 | ---- | C] ()
 Acton Networkers.doc -> C:\Documents and Settings\Administrator\Desktop\Acton Networkers.doc -> [2011/01/06 11:33:33 | 000,022,528 | ---- | C] ()
 In Harm's Way- Developmental Toxicants by PSR.pdf -> C:\Documents and Settings\Administrator\Desktop\In Harm's Way- Developmental Toxicants by PSR.pdf -> [2011/01/02 00:14:57 | 002,771,889 | ---- | C] ()
 Secunia PSI Tray.lnk.disabled -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk.disabled -> [2010/12/31 10:07:06 | 000,000,753 | ---- | C] ()
 2010-12-30 Malware.doc -> C:\Documents and Settings\Administrator\My Documents\2010-12-30 Malware.doc -> [2010/12/30 19:30:35 | 000,084,480 | ---- | C] ()
 Backup of 2010-12-30 Malware.wbk -> C:\Documents and Settings\Administrator\My Documents\Backup of 2010-12-30 Malware.wbk -> [2010/12/30 19:30:35 | 000,083,456 | ---- | C] ()
 Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk -> [2010/12/29 19:50:54 | 000,000,802 | ---- | C] ()
 Sonia cache cleaning.doc -> C:\Documents and Settings\Administrator\My Documents\Sonia cache cleaning.doc -> [2010/12/21 00:56:28 | 000,019,968 | ---- | C] ()
 Genealogy Research Plan for Hess.doc -> C:\Documents and Settings\Administrator\My Documents\Genealogy Research Plan for Hess.doc -> [2010/12/18 22:52:42 | 003,229,696 | ---- | C] ()
 Backup of Genealogy Research Plan for Hess.wbk -> C:\Documents and Settings\Administrator\My Documents\Backup of Genealogy Research Plan for Hess.wbk -> [2010/12/18 22:52:42 | 003,229,696 | ---- | C] ()
 Paragon Backup & Recovery™ 2010 Free Advanced.lnk -> C:\Documents and Settings\Administrator\Desktop\Paragon Backup & Recovery™ 2010 Free Advanced.lnk -> [2010/12/12 01:14:37 | 000,002,291 | ---- | C] ()
 Macrium Reflect.lnk -> C:\Documents and Settings\Administrator\Desktop\Macrium Reflect.lnk -> [2010/12/12 00:27:14 | 000,002,070 | ---- | C] ()
 Paragon Drive Imaging manual_BR2010FreeAd.pdf -> C:\Documents and Settings\Administrator\Desktop\Paragon Drive Imaging manual_BR2010FreeAd.pdf -> [2010/12/11 22:22:15 | 005,780,633 | ---- | C] ()
 Disk Imaging -Gizmo blog p.4.doc -> C:\Documents and Settings\Administrator\Desktop\Disk Imaging -Gizmo blog p.4.doc -> [2010/12/11 22:09:21 | 000,075,264 | ---- | C] ()
 KPD.INI -> C:\WINDOWS\KPD.INI -> [2010/08/31 23:43:42 | 000,000,064 | ---- | C] ()
 LogiDPP.dll -> C:\WINDOWS\System32\LogiDPP.dll -> [2010/07/27 03:03:20 | 010,829,656 | ---- | C] ()
 DevManagerCore.dll -> C:\WINDOWS\System32\DevManagerCore.dll -> [2010/07/27 03:03:18 | 000,290,648 | ---- | C] ()
 iKeyLFT2.dll -> C:\WINDOWS\System32\drivers\iKeyLFT2.dll -> [2010/05/07 17:46:36 | 000,014,168 | ---- | C] ()
 LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2010/05/07 17:43:30 | 000,025,824 | ---- | C] ()
 JUNO.INI -> C:\WINDOWS\JUNO.INI -> [2010/01/09 17:54:16 | 000,000,309 | ---- | C] ()
 lvcoinst.ini -> C:\WINDOWS\System32\lvcoinst.ini -> [2009/12/29 22:26:42 | 000,090,411 | ---- | C] ()
 DVEdit.INI -> C:\WINDOWS\DVEdit.INI -> [2009/12/13 18:59:53 | 000,000,000 | ---- | C] ()
 trc.dll -> C:\WINDOWS\System32\trc.dll -> [2009/12/13 18:28:26 | 000,122,880 | ---- | C] ()
 dsp_trc.dll -> C:\WINDOWS\System32\dsp_trc.dll -> [2009/12/13 18:28:16 | 000,081,920 | ---- | C] ()
 IcdSptSvps.dll -> C:\WINDOWS\System32\IcdSptSvps.dll -> [2009/12/13 18:28:16 | 000,024,576 | ---- | C] ()
 ztvunace26.dll -> C:\WINDOWS\System32\ztvunace26.dll -> [2009/09/26 08:24:20 | 000,077,312 | ---- | C] ()
 BANTExt.sys -> C:\WINDOWS\System32\drivers\BANTExt.sys -> [2009/06/30 21:10:28 | 000,003,840 | ---- | C] ()
 libeay32_0.9.6l.dll -> C:\WINDOWS\System32\libeay32_0.9.6l.dll -> [2008/07/10 10:47:39 | 000,796,584 | ---- | C] ()
 HP_48BitScanUpdatePatch.ini -> C:\WINDOWS\HP_48BitScanUpdatePatch.ini -> [2008/06/30 17:19:36 | 000,000,214 | ---- | C] ()
 PanelExe.INI -> C:\WINDOWS\PanelExe.INI -> [2008/05/27 14:06:39 | 000,000,000 | ---- | C] ()
 EngineExe.INI -> C:\WINDOWS\EngineExe.INI -> [2008/05/27 14:06:38 | 000,000,000 | ---- | C] ()
 AlbumExe.INI -> C:\WINDOWS\AlbumExe.INI -> [2008/05/27 14:01:41 | 000,000,000 | ---- | C] ()
 FileMgrExe.INI -> C:\WINDOWS\FileMgrExe.INI -> [2008/05/27 14:00:15 | 000,000,000 | ---- | C] ()
 PhoneBkExe.INI -> C:\WINDOWS\PhoneBkExe.INI -> [2008/05/27 13:57:25 | 000,000,216 | ---- | C] ()
 streamhlp.dll -> C:\WINDOWS\System32\streamhlp.dll -> [2008/02/10 10:57:22 | 000,059,392 | R--- | C] ()
 addr_file.html -> C:\Documents and Settings\All Users\Application Data\addr_file.html -> [2007/12/17 20:57:26 | 000,000,305 | ---- | C] ()
 bdoscandellang.ini -> C:\WINDOWS\bdoscandellang.ini -> [2007/10/25 10:26:48 | 000,000,453 | ---- | C] ()
 DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2007/06/28 22:22:00 | 000,049,152 | ---- | C] ()
 HipEnforceFrontend.settings -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\HipEnforceFrontend.settings -> [2007/03/19 03:18:54 | 000,000,730 | ---- | C] ()
 HipEnforceFrontend.settings -> C:\Documents and Settings\Administrator\Local Settings\Application Data\HipEnforceFrontend.settings -> [2007/03/18 22:52:55 | 000,000,718 | ---- | C] ()
 Sandboxie.ini -> C:\WINDOWS\Sandboxie.ini -> [2007/03/18 18:53:48 | 000,003,156 | ---- | C] ()
 QTSBandwidthCache -> C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache -> [2007/03/12 20:04:20 | 000,001,755 | ---- | C] ()
 sr2spec.ini -> C:\WINDOWS\System32\sr2spec.ini -> [2007/03/01 18:19:54 | 000,000,210 | ---- | C] ()
 MPLAYER.INI -> C:\WINDOWS\MPLAYER.INI -> [2007/02/26 21:05:56 | 000,000,082 | ---- | C] ()
 visorusb.dll -> C:\WINDOWS\System32\visorusb.dll -> [2007/02/26 17:38:38 | 000,007,812 | ---- | C] ()
 WORDPAD.INI -> C:\WINDOWS\WORDPAD.INI -> [2007/02/22 20:20:00 | 000,000,754 | ---- | C] ()
 ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2007/02/21 10:42:32 | 000,000,611 | ---- | C] ()
 e100bmsg.dll -> C:\WINDOWS\System32\e100bmsg.dll -> [2007/02/21 04:02:19 | 000,012,288 | ---- | C] ()
 wininit.ini -> C:\WINDOWS\wininit.ini -> [2007/02/20 23:58:36 | 000,001,502 | ---- | C] ()
 DevMgr.ini -> C:\WINDOWS\DevMgr.ini -> [2007/02/20 23:50:01 | 000,004,398 | ---- | C] ()
 Hposcv07.INI -> C:\WINDOWS\Hposcv07.INI -> [2007/02/20 23:49:37 | 000,000,020 | ---- | C] ()
 ODBCINST.INI -> C:\WINDOWS\ODBCINST.INI -> [2007/02/18 23:35:31 | 000,004,346 | ---- | C] ()
 px.ini -> C:\WINDOWS\System32\px.ini -> [2003/11/20 16:39:58 | 000,000,000 | ---- | C] ()
 win2000.dll -> C:\WINDOWS\System32\win2000.dll -> [2003/06/25 01:38:06 | 000,159,744 | ---- | C] ()
 XLREC.DLL -> C:\WINDOWS\System32\XLREC.DLL -> [1997/07/11 00:00:00 | 000,031,232 | ---- | C] ()
 RECNCL.DLL -> C:\WINDOWS\System32\RECNCL.DLL -> [1997/07/11 00:00:00 | 000,025,600 | ---- | C] ()
 ODBCSTF.DLL -> C:\WINDOWS\System32\ODBCSTF.DLL -> [1997/07/11 00:00:00 | 000,022,016 | ---- | C] ()
 DOCOBJ.DLL -> C:\WINDOWS\System32\DOCOBJ.DLL -> [1997/07/11 00:00:00 | 000,022,016 | ---- | C] ()
 HLINKPRX.DLL -> C:\WINDOWS\System32\HLINKPRX.DLL -> [1997/07/11 00:00:00 | 000,012,288 | ---- | C] ()
 
[Alternate Data Streams]
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\Administrator\My Documents\MyProject8371.avery:SummaryInformation
@Alternate Data Stream - 148 bytes -> C:\Documents and Settings\Administrator\Desktop\hbedv.key:SummaryInformation
@Alternate Data Stream - 172 bytes -> C:\psfile.exe:SummaryInformation
< End of report >
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I re-read the post. I pasted it instead by mistake so here is the attached version.
 

Attachments

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
118,460
Start OTS. Copy/Paste the information in the code box below into the pane where it says "Paste fix here" and then click the "Run Fix" button.

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the OK button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new HijackThis log please.
Code:
[Kill All Processes]
[Unregister Dlls]
[Driver Services - Safe List]
NY -> (TMPassthruMP) TMPassthruMP [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\DRIVERS\TMPassthru.sys
NY -> (MEMSWEEP2) MEMSWEEP2 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\3D.tmp
NY -> (Lbd) Lbd [File_System | Boot | Stopped] -> C:\WINDOWS\System32\DRIVERS\Lbd.sys
[Registry - Safe List]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.]
YN -> CmdMapping\\"{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}" [HKLM] -> [Reg Error: Key error.]
YN -> CmdMapping\\"{FB5F1910-F110-11d2-BB9E-00C04F795683}" [HKLM] -> [Reg Error: Key error.]
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
YY -> "C:\Program Files\Grisoft\AVG7\avgamsvr.exe" -> C:\Program Files\Grisoft\AVG7\avgamsvr.exe [C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe]
YY -> "C:\Program Files\Grisoft\AVG7\avgemc.exe" -> C:\Program Files\Grisoft\AVG7\avgemc.exe [C:\Program Files\Grisoft\AVG7\avgemc.exe:*:Enabled:avgemc.exe]
[Files/Folders - Modified Within 30 Days]
NY ->  1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp
[Alternate Data Streams]
NY -> @Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
NY -> @Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
[Empty Temp Folders]
[Start Explorer]
[Reboot]
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I disconnected my computer from the internet then disabled my firewall and antivirus programs before running the fix. The fix and reboot went well. Firewall and AV restarted.

I've posted my OTC log and HijackThis log below.

Besides deleting my AVG and certain entries associated with it what did you do? What have you found from my logs etc.?


I have looked through my C:programs folder and I've found a number of folders/programs that probably can be deleted. I assume that most can be done via Add/Remove programs. Somehow not all folders may have been removed after uninstalling some programs.

Among the program folders that I can probably get rid of are
:
BCL Technologies (What is this?-I might need it)
CompPlusApplications (What is this?-I might need it)
Grisoft
Lavasoft
Norton Security Scan
Panda Security
ThreatExpert Memory Scanner

There may be remnants from these programs in my registry too.
Please advise how to handle this.

Also, I've noticed that my HijackThis log file is preceded by an internet explorer icon instead of a notepad icon. How do I change the icon for this file? I used the HijackThis from TrendMicro.

Thanks for your assistance.

All Processes Killed
[Driver Services - Safe List]
Service TMPassthruMP stopped successfully!
Service TMPassthruMP deleted successfully!
File C:\WINDOWS\System32\DRIVERS\TMPassthru.sys not found.
Service MEMSWEEP2 stopped successfully!
Service MEMSWEEP2 deleted successfully!
File C:\WINDOWS\System32\3D.tmp not found.
Service Lbd stopped successfully!
Service Lbd deleted successfully!
File C:\WINDOWS\System32\DRIVERS\Lbd.sys not found.
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgamsvr.exe deleted successfully.
C:\Program Files\Grisoft\AVG7\avgamsvr.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Grisoft\AVG7\avgemc.exe deleted successfully.
C:\Program Files\Grisoft\AVG7\avgemc.exe moved successfully.
[Files/Folders - Modified Within 30 Days]
[Alternate Data Streams]
ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9 deleted successfully.
[Empty Temp Folders]


User: Administrator
->Temp folder emptied: 99862 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 64599853 bytes
->Flash cache emptied: 5205 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3577 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 62.00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.41.0 fix logfile created on 01112011_224323

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
==================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:05 PM, on 1/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ZoneAlarm\zlclient.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\Documents and Settings\Administrator\Desktop\Emergency Malware programs 3 19 07\analyzeme122910.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [OpenDNS Updater] "C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe" /autostart
O4 - S-1-5-18 Startup: Logitech . Product Registration.lnk.disabled (User 'SYSTEM')
O4 - S-1-5-18 Startup: Secunia PSI (BETA).lnk.disabled (User 'SYSTEM')
O4 - .DEFAULT Startup: Logitech . Product Registration.lnk.disabled (User 'Default user')
O4 - .DEFAULT Startup: Secunia PSI (BETA).lnk.disabled (User 'Default user')
O4 - Startup: Logitech . Product Registration.lnk.disabled
O4 - Startup: Secunia PSI (BETA).lnk.disabled
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 2.lnk.disabled
O4 - Global Startup: Secunia PSI Tray.lnk.disabled
O4 - Global Startup: WD Backup Monitor.lnk.disabled
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182743078562
O17 - HKLM\System\CCS\Services\Tcpip\..\{5434DCB3-376D-4633-89EB-AE97A9EB089D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 6942 bytes
 

rk233

Thread Starter
Joined
Feb 7, 2007
Messages
84
I was just recently doing a search on google and my Malwarebytes program blocked an (outgoing) connection attempt to (78.46.104.42)

How can I find out what program/process generated this outgoing (malware) request? What is this site?

I went to WHOIS and it seems it came from Germany. Could this be from a pdf file read online?

I go to WOT green circle sites when I search on google to reduce my risk of going to a bad site.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top