[Solved] Got the Browswer Redirect Problem

Status
Not open for further replies.
R

rockndad38

Posts: 21   +0
Well like so many other people I have the browser redirect problem too.
I tried to do what was indicated in the 8 step directions however I can't get GMER or dds. I am posting a hijackthis log. Will this be enough to let you see any problems?

Thanks for all you do to help us lost souls out!

Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Novell\XTAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Novell\ZENworks\wm.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Novell\ZENworks\NalAgent.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Novell\Messenger\NMCL32.exe
C:\Program Files\Centra\Client\bin\centraSystray.exe
C:\Program Files\Logitech\Logitech Vid\vid.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\esti\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
O4 - HKCU\..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe /startup
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: .mcafee.com[/url] (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: .mcafee.com[/url] (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190663323359
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9d89eabaa7b1e) (gupdate1c9d89eabaa7b1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Identity Finder Endpoint Service (IDFEndpointService) - Unknown owner - C:\Program Files\Identity Finder 4\idfEndpoint.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

--
End of file - 15537 bytes
 
Welcome aboard
yahooo.gif


How about all other steps?
What's the exact problem with running DDS?
 
Sorry I wasn't clear in my first post. GMER gives me the blue screen and then crashes, with DDS I get the black window saying it is running but I never get any reports. I have tried them both 5-6 times with the same results. I was able to get a GMER log in safemode and have posted it below the Malwarebytes log

I did TFC and Malaware bytes log is below.
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4395

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/5/2010 4:20:59 PM
mbam-log-2010-08-05 (16-20-59).txt

Scan type: Quick scan
Objects scanned: 172453
Time elapsed: 17 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-06 09:40:16
Windows 5.1.2600 Service Pack 3
Running: wfzpu15x.exe; Driver: C:\DOCUME~1\esti\LOCALS~1\Temp\pgtyipow.sys


---- Kernel code sections - GMER 1.0.15 ----

? nwfilter.sys The system cannot find the file specified. !

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F772048C] nwfilter.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
 
Good for now :)

Disable McAfee AV part before even attempting to download following tool.
Not too smart McAfee marks it as a malicious file.
You'll find a link below, how to disable McAfee.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Thanks so much for your help. Here is the combofix log. It says my post is too many characters so I will post it in 3 posts

ComboFix 10-08-06.01 - esti 08/06/2010 15:06:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -6:00]
Running from: c:\documents and settings\esti\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\settings.reg
c:\windows\system32\Data
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 17:27 . 2010-08-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-06 17:27 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-06 17:27 . 2008-04-07 11:38 45392 ----a-w- c:\windows\system32\AdobePDF.dll
2010-08-05 22:43 . 2010-01-04 12:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-08-05 22:41 . 2010-01-04 12:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\esti\Application Data\Sunbelt
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\program files\Sunbelt Software
2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-04 21:11 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 21:11 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 21:11 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 21:11 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 21:11 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 21:10 . 2010-08-04 21:11 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\esti\Application Data\Simply Super Software
2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-08-04 20:01 . 2010-08-04 20:01 2 --shatr- c:\windows\winstart.bat
2010-08-04 19:58 . 2010-08-04 20:43 -------- d-----w- c:\program files\UnHackMe
2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\documents and settings\esti\Application Data\IObit
2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\program files\IObit
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-03 13:51 . 2010-08-03 13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 02:36 . 2010-08-03 02:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-03 02:36 . 2010-08-04 05:51 -------- d-----w- c:\documents and settings\esti\Application Data\Spyware Terminator
2010-08-03 02:35 . 2010-08-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-08-03 02:35 . 2010-08-04 05:57 -------- d-----w- c:\program files\Spyware Terminator
2010-08-03 01:29 . 2010-08-04 16:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-03 01:28 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-03 01:28 . 2010-08-03 01:28 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-02 00:00 . 2010-08-02 00:00 23040 ----a-w- c:\windows\system32\drivers\ukikciki.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\esti\Application Data\Malwarebytes
2010-07-31 22:38 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-31 22:38 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 22:14 . 2010-07-31 22:14 23040 ----a-w- c:\windows\system32\drivers\akipckzg.sys
2010-07-31 15:06 . 2010-07-31 15:06 23040 ----a-w- c:\windows\system32\drivers\gfpihlqg.sys
2010-07-31 13:14 . 2010-07-31 13:14 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-07-31 05:14 . 2010-07-31 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-07-31 05:14 . 2010-07-31 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-31 03:14 . 2010-07-31 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Identity Finder
2010-07-31 03:13 . 2010-07-31 22:27 -------- d-----w- c:\program files\Identity Finder 4
2010-07-15 15:29 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 17:13 . 2010-07-09 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trivantis
 
Here is the 2nd part (of 3) of the combofix log file

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 21:23 . 2010-03-05 00:30 -------- d-----w- c:\documents and settings\esti\Application Data\Skype
2010-08-06 21:13 . 2010-02-26 17:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-06 21:13 . 2010-02-26 17:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-06 20:59 . 2007-05-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-06 20:59 . 2006-11-16 16:34 -------- d-----w- c:\program files\McAfee
2010-08-06 20:40 . 2006-11-15 20:59 86168 ----a-w- c:\documents and settings\teex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 17:27 . 2008-05-07 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-06 15:54 . 2010-03-05 00:35 -------- d-----w- c:\documents and settings\esti\Application Data\skypePM
2010-08-05 22:10 . 2009-06-04 19:35 -------- d-----w- c:\program files\Lavasoft
2010-08-05 22:09 . 2009-06-04 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-04 15:36 . 2010-01-03 18:10 -------- d-----w- c:\documents and settings\esti\Application Data\uTorrent
2010-08-04 05:30 . 2009-04-29 15:55 -------- d-----w- c:\documents and settings\esti\Application Data\.oit
2010-08-03 13:52 . 2010-08-03 13:52 63488 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-03 13:52 . 2010-08-03 13:52 52224 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-03 13:52 . 2010-08-03 13:52 117760 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 02:36 . 2010-08-03 02:36 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-08-03 02:36 . 2010-08-03 02:36 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-08-02 12:48 . 2004-08-03 22:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-08-01 21:00 . 2010-03-22 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-27 01:13 . 2010-08-04 21:12 3683248 ----a-w- c:\documents and settings\esti\Application Data\Simply Super Software\Trojan Remover\qjc31.exe
2010-07-15 17:03 . 2008-05-07 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 05:05 . 2009-04-29 23:11 -------- d-----w- c:\documents and settings\esti\Application Data\LimeWire
2010-07-09 17:11 . 2009-04-26 17:22 -------- d-----w- c:\program files\Trivantis
2010-07-03 06:54 . 2010-07-01 01:42 -------- d-----w- c:\documents and settings\esti\Application Data\dvdcss
2010-06-24 17:15 . 2010-06-24 17:15 -------- d-----w- c:\program files\Microsoft Forefront
2010-06-14 14:31 . 2006-11-15 20:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 01:12 . 2010-06-13 00:23 -------- d-----w- c:\program files\Winamp
2010-06-13 01:02 . 2010-06-13 00:23 -------- d-----w- c:\documents and settings\esti\Application Data\Winamp
2010-06-13 00:24 . 2010-06-13 00:24 -------- d-----w- c:\program files\Winamp Detect
2010-06-01 17:37 . 2010-06-24 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 01:50 . 2009-08-04 21:09 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-26 01:46 . 2009-08-04 21:09 5653224 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-17 14:39 . 2010-01-28 15:30 50354 ----a-w- c:\documents and settings\esti\Application Data\Facebook\uninstall.exe
2010-05-11 21:48 . 2010-05-11 18:20 256 ----a-w- C:\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Novell Messenger"="c:\novell\Messenger\NMCL32.exe" [2008-09-30 1417293]
"Centra Launcher"="c:\program files\Centra\Client\bin\centraSystray.exe" [2009-11-05 249856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-04-19 1291600]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-28 113664]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-5-27 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2008-01-04 458752]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-12-25 05:21 24576 ----a-r- c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^esti^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\esti\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-07-02 23:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55 50520 ----a-w- c:\documents and settings\esti\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-03 18:29 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 16:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-08-03 02:36 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-17 20:26 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe
 
Here is the 3rd and final part of the combofix file


[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\esti\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/5/2010 4:41 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2010 8:36 PM 142592]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/19/2010 4:49 PM 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 10:59 AM 167936]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/5/2010 4:43 PM 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [12/24/2007 11:21 PM 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9d89eabaa7b1e;Google Update Service (gupdate1c9d89eabaa7b1e);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 10:27 AM 133104]
S2 IDFEndpointService;Identity Finder Endpoint Service;"c:\program files\Identity Finder 4\idfEndpoint.exe" --> c:\program files\Identity Finder 4\idfEndpoint.exe [?]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 20:47]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

2010-08-06 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

2010-08-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

2010-08-06 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
FF - ProfilePath - c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-klmdb.sys



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 15:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\NETWIN32.DLL
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Novell\ZENworks\WMNTAPI.DLL

- - - - - - - > 'Explorer.exe'(4172)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\NETWIN32.DLL
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
c:\windows\system32\MSISIP.DLL
c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
c:\program files\Spyware Terminator\sptcontmenu.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\WinRAR\rarext.dll
c:\progra~1\TROJAN~1\Trshlex.dll
c:\program files\Sunbelt Software\CounterSpy\SBAMScanShellExt.dll
c:\program files\Identity Finder 4\idfshext.dll
c:\program files\Sunbelt Software\CounterSpy\SBFE.DLL
c:\progra~1\Creative\SHARED~1\CtCmeCtx.dll
c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll

- - - - - - - > 'explorer.exe'(4116)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\ieframe.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Novell\ZENworks\nalntsrv.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Novell\ZENworks\wm.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Novell\ZENworks\WMRUNDLL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Novell\ZENworks\NalAgent.exe
c:\windows\system32\NWTRAY.EXE
c:\windows\system32\Rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-08-06 15:29:37 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-06 21:29

Pre-Run: 44,223,705,088 bytes free
Post-Run: 44,183,896,064 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 366F46EBDD46D462CB96AAD56E6F4416
 
Very good :)

How is redirection?

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\windows\winstart.bat
c:\windows\system32\drivers\akipckzg.sys
c:\windows\system32\drivers\gfpihlqg.sys


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
At the moment I am not getting any browser redirects.....fingers crossed it stays that way.
Here is the latest combofix log (split into multiple posts)

"c:\windows\winstart.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\akipckzg.sys
c:\windows\system32\drivers\gfpihlqg.sys
c:\windows\winstart.bat

.
((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
.

2010-08-06 17:27 . 2010-08-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-08-06 17:27 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-08-06 17:27 . 2008-04-07 11:38 45392 ----a-w- c:\windows\system32\AdobePDF.dll
2010-08-05 22:43 . 2010-01-04 12:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
2010-08-05 22:41 . 2010-01-04 12:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\esti\Application Data\Sunbelt
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\program files\Sunbelt Software
2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-08-04 21:12 . 2010-07-27 01:13 3683248 ----a-w- c:\documents and settings\esti\Application Data\Simply Super Software\Trojan Remover\qjc31.exe
2010-08-04 21:11 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-08-04 21:11 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-08-04 21:11 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-08-04 21:11 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-08-04 21:11 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-08-04 21:10 . 2010-08-04 21:11 -------- d-----w- c:\program files\Trojan Remover
2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\esti\Application Data\Simply Super Software
2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-08-04 19:58 . 2010-08-04 20:43 -------- d-----w- c:\program files\UnHackMe
2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\documents and settings\esti\Application Data\IObit
2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\program files\IObit
2010-08-03 13:52 . 2010-08-03 13:52 63488 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-08-03 13:52 . 2010-08-03 13:52 52224 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-03 13:52 . 2010-08-03 13:52 117760 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com
2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-08-03 13:51 . 2010-08-03 13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-08-03 02:36 . 2010-08-03 02:36 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2010-08-03 02:36 . 2010-08-03 02:36 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2010-08-03 02:36 . 2010-08-03 02:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-08-03 02:36 . 2010-08-04 05:51 -------- d-----w- c:\documents and settings\esti\Application Data\Spyware Terminator
2010-08-03 02:35 . 2010-08-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-08-03 02:35 . 2010-08-04 05:57 -------- d-----w- c:\program files\Spyware Terminator
2010-08-03 01:29 . 2010-08-04 16:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-03 01:28 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-08-03 01:28 . 2010-08-03 01:28 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-08-02 00:00 . 2010-08-02 00:00 23040 ----a-w- c:\windows\system32\drivers\ukikciki.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\esti\Application Data\Malwarebytes
2010-07-31 22:38 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-31 22:38 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-31 13:14 . 2010-07-31 13:14 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
2010-07-31 05:14 . 2010-07-31 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
2010-07-31 05:14 . 2010-07-31 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-31 03:14 . 2010-07-31 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Identity Finder
2010-07-31 03:13 . 2010-07-31 22:27 -------- d-----w- c:\program files\Identity Finder 4
2010-07-15 15:29 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 17:13 . 2010-07-09 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trivantis

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-06 22:34 . 2010-03-05 00:30 -------- d-----w- c:\documents and settings\esti\Application Data\Skype
2010-08-06 22:04 . 2010-03-05 00:35 -------- d-----w- c:\documents and settings\esti\Application Data\skypePM
2010-08-06 21:13 . 2010-02-26 17:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-08-06 21:13 . 2010-02-26 17:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-08-06 20:59 . 2007-05-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-08-06 20:59 . 2006-11-16 16:34 -------- d-----w- c:\program files\McAfee
2010-08-06 20:40 . 2006-11-15 20:59 86168 ----a-w- c:\documents and settings\teex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-06 17:27 . 2008-05-07 18:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-08-05 22:10 . 2009-06-04 19:35 -------- d-----w- c:\program files\Lavasoft
2010-08-05 22:09 . 2009-06-04 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-08-04 15:36 . 2010-01-03 18:10 -------- d-----w- c:\documents and settings\esti\Application Data\uTorrent
2010-08-04 05:30 . 2009-04-29 15:55 -------- d-----w- c:\documents and settings\esti\Application Data\.oit
2010-08-02 12:48 . 2004-08-03 22:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
2010-08-01 21:00 . 2010-03-22 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-15 17:03 . 2008-05-07 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-10 05:05 . 2009-04-29 23:11 -------- d-----w- c:\documents and settings\esti\Application Data\LimeWire
2010-07-09 17:11 . 2009-04-26 17:22 -------- d-----w- c:\program files\Trivantis
2010-07-03 06:54 . 2010-07-01 01:42 -------- d-----w- c:\documents and settings\esti\Application Data\dvdcss
2010-06-24 17:15 . 2010-06-24 17:15 -------- d-----w- c:\program files\Microsoft Forefront
2010-06-14 14:31 . 2006-11-15 20:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 01:12 . 2010-06-13 00:23 -------- d-----w- c:\program files\Winamp
2010-06-13 01:02 . 2010-06-13 00:23 -------- d-----w- c:\documents and settings\esti\Application Data\Winamp
2010-06-13 00:24 . 2010-06-13 00:24 -------- d-----w- c:\program files\Winamp Detect
2010-06-01 17:37 . 2010-06-24 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-26 01:50 . 2009-08-04 21:09 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2010-05-26 01:46 . 2009-08-04 21:09 5653224 ----a-w- c:\windows\system32\SpoonUninstall.exe
2010-05-17 14:39 . 2010-01-28 15:30 50354 ----a-w- c:\documents and settings\esti\Application Data\Facebook\uninstall.exe
2010-05-11 21:48 . 2010-05-11 18:20 256 ----a-w- C:\pool.bin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"Novell Messenger"="c:\novell\Messenger\NMCL32.exe" [2008-09-30 1417293]
"Centra Launcher"="c:\program files\Centra\Client\bin\centraSystray.exe" [2009-11-05 249856]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531]
"P17Helper"="P17.dll" [2005-05-03 64512]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
"ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
"PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
"Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
"SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-04-19 1291600]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-28 113664]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-5-27 6144]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2008-01-04 458752]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
2007-12-25 05:21 24576 ----a-r- c:\windows\system32\novell\xtnotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^esti^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\esti\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
2010-07-02 23:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
2010-01-19 23:55 50520 ----a-w- c:\documents and settings\esti\Application Data\mjusbsp\cdloader2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-08-03 18:29 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-09-19 16:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
2010-08-03 02:36 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2010-05-17 20:26 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
 
Here is part 2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\esti\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/5/2010 4:41 PM 13400]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2010 8:36 PM 142592]
R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/19/2010 4:49 PM 16880]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 10:59 AM 167936]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/5/2010 4:43 PM 69720]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [12/24/2007 11:21 PM 61440]
R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate1c9d89eabaa7b1e;Google Update Service (gupdate1c9d89eabaa7b1e);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 10:27 AM 133104]
S2 IDFEndpointService;Identity Finder Endpoint Service;"c:\program files\Identity Finder 4\idfEndpoint.exe" --> c:\program files\Identity Finder 4\idfEndpoint.exe [?]
S2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-08-06 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 20:47]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

2010-08-06 c:\windows\Tasks\MP Scheduled Quick Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

2010-08-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

2010-08-06 c:\windows\Tasks\MP Scheduled Signature Update.job
- c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
FF - ProfilePath - c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-06 16:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(992)
c:\windows\system32\NETWIN32.DLL
c:\program files\Novell\ZENworks\ZENPOL32.DLL
c:\windows\system32\xmlparse.dll
c:\windows\system32\ZenMup.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Novell\ZENworks\WMNTAPI.DLL
.
Completion time: 2010-08-06 16:36:28
ComboFix-quarantined-files.txt 2010-08-06 22:36
ComboFix2.txt 2010-08-06 21:29

Pre-Run: 44,180,033,536 bytes free
Post-Run: 44,165,009,408 bytes free

- - End Of File - - A3311F0DFA13EAE474992ECEF079C42A
 
Looks good :)

Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.

====================================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:



netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
/md5start
/md5stop
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Great, thanks so much!
Here is the first part of the OTL file

OTL logfile created on: 8/6/2010 8:31:17 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\esti\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 42.22 Gb Free Space | 56.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
Drive R: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
Drive S: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
Drive T: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
Drive U: | 488.28 Mb Total Space | 498.96 Mb Free Space | 102.19% Space Free | Partition Type: NWFS
Drive Z: | 19.47 Gb Total Space | 4.42 Gb Free Space | 22.68% Space Free | Partition Type: NWFS

Computer Name: T7166417
Current User Name: esti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
PRC - [2010/08/02 20:36:26 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2010/07/26 21:45:47 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/07/26 21:45:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/19 14:01:32 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
PRC - [2010/04/19 13:48:54 | 002,726,000 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
PRC - [2010/04/19 13:47:50 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
PRC - [2010/01/19 16:51:32 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
PRC - [2010/01/19 16:49:44 | 000,016,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/04 18:19:12 | 000,249,856 | ---- | M] () -- C:\Program Files\Centra\Client\bin\centraSystray.exe
PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2009/04/30 15:39:30 | 005,472,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009/04/26 20:37:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/02/27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2008/11/04 12:09:58 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2008/09/30 14:14:24 | 001,417,293 | ---- | M] (Novell, Inc.) -- C:\Novell\Messenger\NMCL32.exe
PRC - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2008/05/12 17:52:56 | 000,393,216 | ---- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 07:00:14 | 000,113,152 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
PRC - [2007/12/24 23:21:44 | 000,152,128 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
PRC - [2007/12/24 23:21:42 | 000,012,224 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
PRC - [2007/12/24 23:21:26 | 000,061,440 | R--- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe
PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
PRC - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Identity Finder 4\idfEndpoint.exe -- (IDFEndpointService)
SRV - [2010/08/06 11:27:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/08/02 20:36:26 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010/04/19 13:48:54 | 002,726,000 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/04/19 13:47:50 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
SRV - [2010/01/19 16:49:44 | 000,016,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008/08/04 15:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2008/01/22 07:00:14 | 000,113,152 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
SRV - [2007/12/24 23:21:44 | 000,152,128 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
SRV - [2007/12/24 23:21:26 | 000,061,440 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)
SRV - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\esti\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/08/02 20:36:21 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 14:18:26 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/01/04 06:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2010/01/04 06:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/15 12:35:52 | 000,069,616 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2009/04/30 17:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/04/30 17:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
DRV - [2009/04/30 17:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2008/12/12 14:17:46 | 000,553,984 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2008/08/04 17:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2008/08/04 17:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2008/07/21 14:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2008/07/21 13:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2008/07/21 13:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/04 15:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2008/01/08 10:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
DRV - [2006/06/07 17:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
DRV - [2005/05/23 14:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
DRV - [2005/05/23 14:11:14 | 000,002,773 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Darpan.sys -- (Darpan)
DRV - [2005/04/24 19:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========
 
Here is the 2nd part of the OTL file

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 41
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 13:41:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 11:26:38 | 000,000,000 | ---D | M]

[2009/04/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Extensions
[2009/04/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/08/06 18:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions
[2009/07/18 14:50:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/08/26 20:34:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/08/05 17:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/03/04 18:29:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/03/29 10:02:06 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
[2008/01/30 14:48:38 | 000,074,280 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsharedview.dll
[2010/05/25 10:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/08/06 16:33:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
O4 - HKCU..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe ()
O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [Novell Messenger] C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra 'Tools' menuitem : Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190663323359 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\nim {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll (Novell, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\esti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\esti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/15 14:30:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/07/01 07:34:32 | 000,920,512 | RHS- | M] () - S:\Autorun.inf -- [ NWFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
 
3rd part of the OTL file

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/08/06 20:15:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
[2010/08/06 15:05:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/08/06 15:03:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/06 11:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2010/08/05 16:43:06 | 000,069,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
[2010/08/05 16:41:33 | 000,013,400 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
[2010/08/05 15:46:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\TFC.exe
[2010/08/05 11:37:39 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\esti\Desktop\TDSSKiller.exe
[2010/08/04 16:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Sunbelt
[2010/08/04 16:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
[2010/08/04 16:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
[2010/08/04 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/08/04 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\My Documents\Simply Super Software
[2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Simply Super Software
[2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/08/04 14:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\My Documents\RegRun2
[2010/08/04 13:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
[2010/08/04 08:11:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\esti\Desktop\HijackThis.exe
[2010/08/03 23:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\IObit
[2010/08/03 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/08/03 07:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\SUPERAntiSpyware.com
[2010/08/03 07:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2010/08/03 07:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/08/02 20:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Spyware Terminator
[2010/08/02 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/08/02 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010/08/02 19:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/08/02 19:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
[2010/07/31 16:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Malwarebytes
[2010/07/31 16:38:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/07/31 16:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/07/31 16:38:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/07/31 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/30 23:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
[2010/07/30 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/07/30 23:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/07/30 21:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/07/30 21:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/07/30 21:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identity Finder
[2010/07/30 21:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Identity Finder 4
[2010/07/09 11:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trivantis
[2010/06/30 19:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\dvdcss
[2010/06/24 11:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront
[2010/06/12 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2010/06/12 18:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/06/12 18:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2010/06/12 18:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Winamp
[2006/11/17 11:25:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

========== Files - Modified Within 90 Days ==========

[2010/08/06 20:24:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/08/06 20:23:56 | 000,003,634 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/08/06 20:23:56 | 000,000,426 | RHS- | M] () -- C:\Documents and Settings\esti\ntuser.pol
[2010/08/06 20:22:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/06 20:21:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/06 20:21:37 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
[2010/08/06 20:21:36 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[2010/08/06 20:21:31 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/06 20:18:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/06 20:18:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/06 20:18:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/06 20:18:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2010/08/06 20:18:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2010/08/06 20:17:37 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\esti\NTUSER.DAT
[2010/08/06 20:17:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\esti\ntuser.ini
[2010/08/06 20:16:58 | 006,050,782 | -H-- | M] () -- C:\Documents and Settings\esti\Local Settings\Application Data\IconCache.db
[2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
[2010/08/06 19:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/06 16:34:04 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/08/06 16:33:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/08/06 15:21:05 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/06 15:21:05 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/06 15:21:05 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/06 15:13:46 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/06 15:05:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/08/06 11:38:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/08/06 10:22:30 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2010/08/06 09:44:25 | 000,061,588 | ---- | M] () -- C:\ziswin.hst
[2010/08/05 16:09:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\dds.scr
[2010/08/05 16:09:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\wfzpu15x.exe
[2010/08/05 15:46:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\TFC.exe
[2010/08/05 14:09:54 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\esti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/04 16:17:32 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010/08/04 15:11:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/08/04 14:01:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/08/04 14:01:35 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2010/08/04 12:16:31 | 000,000,700 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/08/04 12:16:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/04 11:07:39 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2010/08/04 10:56:49 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/04 09:44:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2010/08/04 08:24:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\esti\defogger_reenable
[2010/08/04 08:11:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\esti\Desktop\HijackThis.exe
[2010/08/03 23:05:46 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/08/03 14:06:42 | 000,012,761 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\database fields.docx
[2010/08/03 08:43:50 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2010/08/03 07:51:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/02 20:36:48 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010/08/02 20:36:21 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/08/02 19:38:10 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100803-131033.backup
[2010/08/02 19:28:55 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/08/01 15:00:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/31 16:38:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/27 07:25:38 | 000,036,345 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\TEEXdata.xlsx
[2010/07/26 21:19:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\esti\Desktop\TDSSKiller.exe
[2010/07/21 14:13:26 | 000,000,032 | ---- | M] () -- C:\WINDOWS\.ini
[2010/07/21 14:11:48 | 000,000,079 | ---- | M] () -- C:\WINDOWS\ZipFilter.INI
[2010/07/21 14:11:48 | 000,000,079 | ---- | M] () -- C:\WINDOWS\XMLFilter.INI
[2010/07/21 14:11:47 | 000,000,079 | ---- | M] () -- C:\WINDOWS\WTFilter.INI
[2010/07/21 14:11:42 | 000,000,079 | ---- | M] () -- C:\WINDOWS\TextFilter.INI
[2010/07/20 16:07:18 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio.doc
[2010/07/20 14:25:10 | 000,730,858 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\100_7426.jpg
[2010/07/20 13:48:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio V2.doc
[2010/07/14 14:55:32 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
[2010/07/13 08:00:24 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Employee_Training_TEEX_33_05_02_99_01.doc
[2010/07/07 11:44:21 | 000,167,554 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Confined-space plan document.pdf
[2010/06/22 13:29:13 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\Phone List.xls
[2010/06/19 11:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/19 09:30:54 | 000,016,429 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brent Sanford Project Boy Scout Resume.docx
[2010/06/12 18:25:11 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/26 21:46:47 | 000,020,190 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brief History of Rope Rescue Online.docx
[2010/05/25 19:50:58 | 000,015,341 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
[2010/05/25 19:50:42 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
[2010/05/25 19:46:52 | 005,653,224 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2010/05/13 11:45:43 | 000,012,766 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Electric Vehicle inputs.docx
[2010/05/13 07:34:27 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\phone tree.xls
[2010/05/11 15:48:13 | 000,000,256 | ---- | M] () -- C:\pool.bin
[2010/05/11 12:26:48 | 011,403,073 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\LoaderBackup-(2010-05-11).ipd

========== Files Created - No Company Name ==========
 
Last part of the OTL file

[2010/08/06 15:05:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/08/06 15:05:48 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/08/06 11:26:39 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
[2010/08/05 16:09:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\esti\Desktop\wfzpu15x.exe
[2010/08/04 16:17:32 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
[2010/08/04 15:11:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
[2010/08/04 15:11:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
[2010/08/04 15:11:18 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2010/08/04 15:11:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
[2010/08/04 15:11:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2010/08/04 08:24:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\esti\Desktop\dds.scr
[2010/08/04 08:24:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\esti\defogger_reenable
[2010/08/03 23:05:46 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2010/08/03 14:06:42 | 000,012,761 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\database fields.docx
[2010/08/03 07:51:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/08/02 20:36:47 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
[2010/08/02 20:36:21 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
[2010/08/02 19:29:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/02 19:28:10 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
[2010/07/31 16:38:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/07/20 16:07:18 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio.doc
[2010/07/20 14:25:10 | 000,730,858 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\100_7426.jpg
[2010/07/20 13:47:32 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio V2.doc
[2010/07/13 08:00:23 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Employee_Training_TEEX_33_05_02_99_01.doc
[2010/07/07 11:44:21 | 000,167,554 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Confined-space plan document.pdf
[2010/06/25 11:06:25 | 000,000,412 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
[2010/06/25 11:06:24 | 000,000,406 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/24 11:21:52 | 000,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
[2010/06/19 09:30:54 | 000,016,429 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brent Sanford Project Boy Scout Resume.docx
[2010/06/12 18:25:11 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
[2010/05/26 08:30:42 | 000,020,190 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brief History of Rope Rescue Online.docx
[2010/05/13 11:45:43 | 000,012,766 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Electric Vehicle inputs.docx
[2010/05/11 12:26:48 | 011,403,073 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\LoaderBackup-(2010-05-11).ipd
[2010/05/11 12:20:51 | 000,000,256 | ---- | C] () -- C:\pool.bin
[2010/02/26 11:55:59 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/10/05 08:01:14 | 000,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll
[2009/08/03 13:31:42 | 000,336,896 | ---- | C] () -- C:\WINDOWS\System32\ammppg.dll
[2009/08/03 13:31:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\a1.dll
[2009/08/03 13:31:41 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll
[2009/08/03 13:31:41 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/08/03 13:31:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\amrdec.dll
[2009/08/03 13:31:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll
[2009/06/24 08:58:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\TextFilter.INI
[2009/05/18 16:26:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\.ini
[2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ZipFilter.INI
[2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\XMLFilter.INI
[2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\WTFilter.INI
[2009/05/18 14:44:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\LectoraPatchTemp.INI
[2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/04/27 15:25:01 | 000,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2009/01/21 01:44:58 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
[2009/01/21 01:42:38 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
[2009/01/21 01:10:56 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
[2009/01/20 22:31:08 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/06/19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/12/24 23:21:10 | 000,212,480 | R--- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
[2007/12/24 23:21:06 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
[2007/09/25 08:50:31 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2007/09/25 08:25:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2007/09/21 13:56:43 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2006/11/17 11:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2006/11/17 11:26:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2006/11/17 11:25:36 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
[2006/11/17 11:25:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/11/17 11:25:35 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
[2006/11/17 11:25:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
[2006/11/16 10:28:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
[2006/11/16 10:28:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
[2006/11/16 10:28:22 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
[2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
[2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
[2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
[2006/11/16 10:28:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
[2006/11/16 10:28:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
[2006/11/16 10:18:03 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/11/16 09:37:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/16 08:58:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
[2006/11/16 08:45:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[2006/11/16 08:45:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
[2006/11/16 08:45:56 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2006/11/16 08:45:46 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[2006/11/16 08:45:30 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2006/11/16 08:45:28 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2006/11/16 08:45:25 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[2006/11/16 08:45:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2006/11/09 15:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/03/17 03:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
[2004/03/17 03:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll

========== LOP Check ==========

[2009/09/25 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
[2010/08/02 19:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2010/07/30 21:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identity Finder
[2009/04/30 09:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProjectEngine
[2009/09/17 14:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2010/08/04 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2010/08/04 09:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2010/08/04 15:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/07/09 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trivantis
[2010/08/03 23:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\.oit
[2010/01/21 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Canon
[2010/03/29 10:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Centra
[2010/05/17 08:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Facebook
[2009/09/25 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\FileOpen
[2009/12/14 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\funkitron
[2010/08/03 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\IObit
[2009/11/07 11:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Leadertech
[2010/07/09 23:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\LimeWire
[2010/02/11 17:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\mjusbsp
[2009/08/03 14:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Research In Motion
[2009/04/28 08:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Saba
[2010/01/16 10:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\SecondLife
[2010/08/04 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Simply Super Software
[2010/08/03 23:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Spyware Terminator
[2009/04/26 11:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Thinstall
[2010/08/04 09:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\uTorrent
[2010/08/06 20:21:36 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
[2010/08/06 20:21:31 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/08/06 20:21:37 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/08/05 15:52:30 | 000,028,121 | ---- | M] () -- C:\aaw7boot.log
[2010/07/21 14:11:31 | 000,047,166 | ---- | M] () -- C:\artpdbg.log
[2006/11/15 14:30:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/04 12:16:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/08/06 15:05:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/08/06 16:36:29 | 000,026,848 | ---- | M] () -- C:\ComboFix.txt
[2006/11/15 14:30:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/09/25 14:23:37 | 000,017,552 | ---- | M] () -- C:\install.log
[2006/11/15 14:30:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/11/15 14:30:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/05/08 10:55:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/06 20:18:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/11 15:48:13 | 000,000,256 | ---- | M] () -- C:\pool.bin
[2007/06/04 08:28:54 | 000,000,093 | ---- | M] () -- C:\register.txt
[2006/11/16 09:57:53 | 000,000,501 | ---- | M] () -- C:\RHDSetup.log
[2010/08/01 22:09:35 | 000,048,914 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_01.08.2010_19.54.13_log.txt
[2010/08/02 07:42:40 | 000,045,600 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_07.42.14_log.txt
[2010/08/03 07:46:34 | 000,045,296 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_07.46.11_log.txt
[2010/08/03 12:29:26 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_12.29.04_log.txt
[2010/08/03 22:55:06 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_22.53.05_log.txt
[2010/08/04 07:54:31 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_04.08.2010_07.54.00_log.txt
[2010/08/04 07:55:52 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_04.08.2010_07.55.39_log.txt
[2010/08/05 11:38:38 | 000,046,492 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_05.08.2010_11.38.05_log.txt
[2009/09/25 14:23:22 | 000,000,438 | ---- | M] () -- C:\uninstall.log
[2010/08/06 09:44:25 | 000,061,588 | ---- | M] () -- C:\ziswin.hst

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >


< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/15 08:15:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/11/15 08:15:43 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/11/15 08:15:42 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"UseWUServer" = 1
"NoAUShutdownOption" = 1
"NoAUAsDefaultShutdownOption" = 1
"NoAutoUpdate" = 0
"AUOptions" = 4
"ScheduledInstallDay" = 0
"ScheduledInstallTime" = 11
"NoAutoRebootWithLoggedOnUsers" = 1
"DetectionFrequencyEnabled" = 1
"DetectionFrequency" = 22
"AutoInstallMinorUpdates" = 1

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
 
Here is the 1st part of the extra's log

OTL Extras logfile created on: 8/6/2010 8:31:20 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\esti\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.45 Gb Total Space | 42.22 Gb Free Space | 56.71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
Drive R: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
Drive S: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
Drive T: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
Drive U: | 488.28 Mb Total Space | 498.96 Mb Free Space | 102.19% Space Free | Partition Type: NWFS
Drive Z: | 19.47 Gb Total Space | 4.42 Gb Free Space | 22.68% Space Free | Partition Type: NWFS

Computer Name: T7166417
Current User Name: esti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallOverride" = 0
"AntiVirusOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Documents and Settings\esti\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\esti\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
"C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{328C3AB0-0506-46C2-83BF-B517F4FF8D7F}" = GroupWise - VC8
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
"{3FC0833E-073C-4D5D-A046-74BC32358CB3}" = GroupWise Messenger
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
"{552DF2FD-B58A-4C4B-9E43-8C7AB944E788}" = ZENworks Desktop Management Agent
"{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
 
Here is the last part of the Extras log

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C4FAB89-43D3-4ECA-BE3F-AEEB9DE6ABFB}" = GroupWise
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{86BEE1F7-80E4-4046-BDAF-479E2C586CFC}" =
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
"{AF0821A0-D5D1-4F84-99DE-13777540EAE1}" = CounterSpy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DDCD95B5-7230-462F-9889-7EBBEE74123C}" = Microsoft Forefront Client Security Antimalware Service
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
"{E8B56B38-A826-11DB-8C83-0011430C73A4}" = Microsoft Forefront Client Security State Assessment Service
"{EFD2D476-2334-4AE3-90D0-A1179F2B58FF}" = Lectora Professional Publishing Suite
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4134E7B-1C9D-46CB-867E-F73219C7AA4D}" = Identity Finder
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"AviSynth" = AviSynth 2.5
"BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CD Wave Editor_is1" = CD Wave Editor 1.98
"CentraClient" = Centra Client
"ClientAccessExpress" = IBM iSeries Access for Windows
"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)
"CSCLIB" = Canon Camera Support Core Library
"dBpoweramp Music Converter" = dBpoweramp Music Converter
"DPP" = Canon Utilities Digital Photo Professional 3.4
"EOS Utility" = Canon Utilities EOS Utility
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HitmanPro35" = Hitman Pro 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
"Lectora Enterprise Edition" = Lectora Enterprise Edition
"LimeWire" = LimeWire PRO 5.1.1
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 8.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MyCamera" = Canon Utilities MyCamera
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Novell Client for Windows" = Novell Client for Windows
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Project Engine Personal_is1" = Project Engine Personal 2009:3
"PROPLUS" = Microsoft Office Professional Plus 2007
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"SecondLife" = SecondLife (remove only)
"Spyware Terminator_is1" = Spyware Terminator
"SysInfo" = Creative System Information
"Trojan Remover_is1" = Trojan Remover 6.8.2
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.5
"WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"ZENcast Organizer" = ZENcast Organizer
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"f031ef6ac137efc5" = Dell Driver Download Manager
"Facebook Plug-In" = Facebook Plug-In
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/1/2010 4:50:36 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
Description = Hanging application uTorrent.exe, version 2.0.2.19648, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/1/2010 8:00:32 PM | Computer Name = T7166417 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/1/2010 8:05:28 PM | Computer Name = T7166417 | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 8/3/2010 8:11:28 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/3/2010 10:04:14 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
Description = Hanging application grpwise.exe, version 7.0.3.1294, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/4/2010 11:44:23 AM | Computer Name = T7166417 | Source = Application Error | ID = 1000
Description = Faulting application skype.exe, version 4.2.0.152, faulting module
mrsystem.dll, version 12.0.1280.0, fault address 0x0011aba7.

Error - 8/6/2010 5:21:05 PM | Computer Name = T7166417 | Source = FCSAMRtp | ID = 3003
Description = %%830 Real-Time Protection checkpoint has encountered an error and
failed. User: T7166417\esti Checkpoint ID: 1 Error Code: 0x80070005 Error description:
Access is denied.

Error - 8/6/2010 5:21:05 PM | Computer Name = T7166417 | Source = FCSAMRtp | ID = 3003
Description = %%830 Real-Time Protection checkpoint has encountered an error and
failed. User: T7166417\esti Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
Catastrophic failure

[ OSession Events ]
Error - 9/4/2009 5:36:28 PM | Computer Name = T7166417 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 179363
seconds with 2820 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/6/2010 5:02:46 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/6/2010 5:15:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/6/2010 5:15:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/6/2010 5:17:18 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/6/2010 5:19:23 PM | Computer Name = T7166417 | Source = FcsSas | ID = 141078
Description = Forefront Client Security State Assessment Service policy applied
with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter

Error - 8/6/2010 6:24:58 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7034
Description = The Process Monitor service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/6/2010 10:19:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7023
Description = The HID Input Service service terminated with the following error:
%%126

Error - 8/6/2010 10:19:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
9 service to connect.

Error - 8/6/2010 10:21:17 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 8/6/2010 10:23:31 PM | Computer Name = T7166417 | Source = FcsSas | ID = 141078
Description = Forefront Client Security State Assessment Service policy applied
with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter


< End of report >
 
Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

=======================================================================

OTL logs look perfectly clean :)

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Go to Kaspersky website and perform an online antivirus scan.

  • Disable your active antivirus program.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
 
Here is the security check

Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
Malwarebytes' Anti-Malware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Windows Defender MSASCui.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
Microsoft Forefront Client Security Client Antimalware\MsMpEng.exe
Microsoft Forefront Client Security Client Antimalware\MSASCui.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Someone is not following all of my instructions....hmmmm
My previous reply asked for Java update and removal of old Javas.
 
I updated the java, and removed the old. Do I need another security check scan? I am currently doing the Kaspersky scan, will post shortly
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back