[Solved] Got the Browswer Redirect Problem

By rockndad38
Aug 5, 2010
Topic Status:
Not open for further replies.
  1. Well like so many other people I have the browser redirect problem too.
    I tried to do what was indicated in the 8 step directions however I can't get GMER or dds. I am posting a hijackthis log. Will this be enough to let you see any problems?

    Thanks for all you do to help us lost souls out!

    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Novell\XTAgent.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files\Novell\ZENworks\nalntsrv.exe
    C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Novell\ZENworks\wm.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Novell\ZENworks\NalAgent.exe
    C:\WINDOWS\system32\NWTRAY.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Novell\Messenger\NMCL32.exe
    C:\Program Files\Centra\Client\bin\centraSystray.exe
    C:\Program Files\Logitech\Logitech Vid\vid.exe
    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\esti\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
    O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe"
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
    O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
    O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
    O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
    O4 - HKLM\..\Run: [MaxMenuMgr] "C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [Microsoft Forefront Client Security Antimalware Service] "C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\Run: [SBAMTray] "C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [Novell Messenger] "C:\Novell\Messenger\NMCL32.exe"
    O4 - HKCU\..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe /startup
    O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
    O9 - Extra 'Tools' menuitem: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\MESSEN~1\NMCL32.exe
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
    O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
    O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190663323359
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    O23 - Service: Google Update Service (gupdate1c9d89eabaa7b1e) (gupdate1c9d89eabaa7b1e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Identity Finder Endpoint Service (IDFEndpointService) - Unknown owner - C:\Program Files\Identity Finder 4\idfEndpoint.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: McAfee SiteAdvisor Enterprise Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
    O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\nalntsrv.exe
    O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: CounterSpy Antispyware (SBAMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    O23 - Service: SB Recovery Service (SBPIMSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\System32\Novell\XTAgent.exe
    O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\wm.exe

    --
    End of file - 15537 bytes
  2. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Welcome aboard [​IMG]

    How about all other steps?
    What's the exact problem with running DDS?
  3. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Sorry I wasn't clear in my first post. GMER gives me the blue screen and then crashes, with DDS I get the black window saying it is running but I never get any reports. I have tried them both 5-6 times with the same results. I was able to get a GMER log in safemode and have posted it below the Malwarebytes log

    I did TFC and Malaware bytes log is below.
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4395

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    8/5/2010 4:20:59 PM
    mbam-log-2010-08-05 (16-20-59).txt

    Scan type: Quick scan
    Objects scanned: 172453
    Time elapsed: 17 minute(s), 55 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-08-06 09:40:16
    Windows 5.1.2600 Service Pack 3
    Running: wfzpu15x.exe; Driver: C:\DOCUME~1\esti\LOCALS~1\Temp\pgtyipow.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    ? nwfilter.sys The system cannot find the file specified. !

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\rdpdr.sys[ntoskrnl.exe!FsRtlRegisterUncProvider] [F772048C] nwfilter.sys

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
  4. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Good for now :)

    Disable McAfee AV part before even attempting to download following tool.
    Not too smart McAfee marks it as a malicious file.
    You'll find a link below, how to disable McAfee.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Thanks so much for your help. Here is the combofix log. It says my post is too many characters so I will post it in 3 posts

    ComboFix 10-08-06.01 - esti 08/06/2010 15:06:53.1.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1377 [GMT -6:00]
    Running from: c:\documents and settings\esti\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\settings.reg
    c:\windows\system32\Data
    c:\windows\TEMP\logishrd\LVPrcInj01.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
    .

    2010-08-06 17:27 . 2010-08-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-08-06 17:27 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-08-06 17:27 . 2008-04-07 11:38 45392 ----a-w- c:\windows\system32\AdobePDF.dll
    2010-08-05 22:43 . 2010-01-04 12:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-08-05 22:41 . 2010-01-04 12:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\esti\Application Data\Sunbelt
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\program files\Sunbelt Software
    2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-04 21:11 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 21:11 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 21:11 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 21:11 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 21:11 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 21:10 . 2010-08-04 21:11 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\esti\Application Data\Simply Super Software
    2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-08-04 20:01 . 2010-08-04 20:01 2 --shatr- c:\windows\winstart.bat
    2010-08-04 19:58 . 2010-08-04 20:43 -------- d-----w- c:\program files\UnHackMe
    2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\documents and settings\esti\Application Data\IObit
    2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\program files\IObit
    2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com
    2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-03 13:51 . 2010-08-03 13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-03 02:36 . 2010-08-03 02:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2010-08-03 02:36 . 2010-08-04 05:51 -------- d-----w- c:\documents and settings\esti\Application Data\Spyware Terminator
    2010-08-03 02:35 . 2010-08-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2010-08-03 02:35 . 2010-08-04 05:57 -------- d-----w- c:\program files\Spyware Terminator
    2010-08-03 01:29 . 2010-08-04 16:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-08-03 01:28 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-08-03 01:28 . 2010-08-03 01:28 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-08-02 00:00 . 2010-08-02 00:00 23040 ----a-w- c:\windows\system32\drivers\ukikciki.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\esti\Application Data\Malwarebytes
    2010-07-31 22:38 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-31 22:38 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-31 22:14 . 2010-07-31 22:14 23040 ----a-w- c:\windows\system32\drivers\akipckzg.sys
    2010-07-31 15:06 . 2010-07-31 15:06 23040 ----a-w- c:\windows\system32\drivers\gfpihlqg.sys
    2010-07-31 13:14 . 2010-07-31 13:14 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
    2010-07-31 05:14 . 2010-07-31 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
    2010-07-31 05:14 . 2010-07-31 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-31 03:14 . 2010-07-31 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Identity Finder
    2010-07-31 03:13 . 2010-07-31 22:27 -------- d-----w- c:\program files\Identity Finder 4
    2010-07-15 15:29 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 17:13 . 2010-07-09 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trivantis
  6. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the 2nd part (of 3) of the combofix log file

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-06 21:23 . 2010-03-05 00:30 -------- d-----w- c:\documents and settings\esti\Application Data\Skype
    2010-08-06 21:13 . 2010-02-26 17:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-08-06 21:13 . 2010-02-26 17:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-08-06 20:59 . 2007-05-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-08-06 20:59 . 2006-11-16 16:34 -------- d-----w- c:\program files\McAfee
    2010-08-06 20:40 . 2006-11-15 20:59 86168 ----a-w- c:\documents and settings\teex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-06 17:27 . 2008-05-07 18:56 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-06 15:54 . 2010-03-05 00:35 -------- d-----w- c:\documents and settings\esti\Application Data\skypePM
    2010-08-05 22:10 . 2009-06-04 19:35 -------- d-----w- c:\program files\Lavasoft
    2010-08-05 22:09 . 2009-06-04 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-04 15:36 . 2010-01-03 18:10 -------- d-----w- c:\documents and settings\esti\Application Data\uTorrent
    2010-08-04 05:30 . 2009-04-29 15:55 -------- d-----w- c:\documents and settings\esti\Application Data\.oit
    2010-08-03 13:52 . 2010-08-03 13:52 63488 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-03 13:52 . 2010-08-03 13:52 52224 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-08-03 13:52 . 2010-08-03 13:52 117760 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-03 02:36 . 2010-08-03 02:36 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
    2010-08-03 02:36 . 2010-08-03 02:36 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
    2010-08-02 12:48 . 2004-08-03 22:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
    2010-08-01 21:00 . 2010-03-22 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-27 01:13 . 2010-08-04 21:12 3683248 ----a-w- c:\documents and settings\esti\Application Data\Simply Super Software\Trojan Remover\qjc31.exe
    2010-07-15 17:03 . 2008-05-07 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-10 05:05 . 2009-04-29 23:11 -------- d-----w- c:\documents and settings\esti\Application Data\LimeWire
    2010-07-09 17:11 . 2009-04-26 17:22 -------- d-----w- c:\program files\Trivantis
    2010-07-03 06:54 . 2010-07-01 01:42 -------- d-----w- c:\documents and settings\esti\Application Data\dvdcss
    2010-06-24 17:15 . 2010-06-24 17:15 -------- d-----w- c:\program files\Microsoft Forefront
    2010-06-14 14:31 . 2006-11-15 20:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-13 01:12 . 2010-06-13 00:23 -------- d-----w- c:\program files\Winamp
    2010-06-13 01:02 . 2010-06-13 00:23 -------- d-----w- c:\documents and settings\esti\Application Data\Winamp
    2010-06-13 00:24 . 2010-06-13 00:24 -------- d-----w- c:\program files\Winamp Detect
    2010-06-01 17:37 . 2010-06-24 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-26 01:50 . 2009-08-04 21:09 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    2010-05-26 01:46 . 2009-08-04 21:09 5653224 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-05-17 14:39 . 2010-01-28 15:30 50354 ----a-w- c:\documents and settings\esti\Application Data\Facebook\uninstall.exe
    2010-05-11 21:48 . 2010-05-11 18:20 256 ----a-w- C:\pool.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "Novell Messenger"="c:\novell\Messenger\NMCL32.exe" [2008-09-30 1417293]
    "Centra Launcher"="c:\program files\Centra\Client\bin\centraSystray.exe" [2009-11-05 249856]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531]
    "P17Helper"="P17.dll" [2005-05-03 64512]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
    "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]
    "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
    "SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-04-19 1291600]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-28 113664]
    VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-5-27 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2008-01-04 458752]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
    2007-12-25 05:21 24576 ----a-r- c:\windows\system32\novell\xtnotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^esti^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\esti\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
    2010-07-02 23:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2010-01-19 23:55 50520 ----a-w- c:\documents and settings\esti\Application Data\mjusbsp\cdloader2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
    2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
    2010-08-03 18:29 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2008-09-19 16:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
    2010-08-03 02:36 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-05-17 20:26 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe
  7. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the 3rd and final part of the combofix file


    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\esti\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/5/2010 4:41 PM 13400]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2010 8:36 PM 142592]
    R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/19/2010 4:49 PM 16880]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 10:59 AM 167936]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/5/2010 4:43 PM 69720]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
    R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [12/24/2007 11:21 PM 61440]
    R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9d89eabaa7b1e;Google Update Service (gupdate1c9d89eabaa7b1e);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 10:27 AM 133104]
    S2 IDFEndpointService;Identity Finder Endpoint Service;"c:\program files\Identity Finder 4\idfEndpoint.exe" --> c:\program files\Identity Finder 4\idfEndpoint.exe [?]
    S2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 20:47]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

    2010-08-06 c:\windows\Tasks\MP Scheduled Quick Scan.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

    2010-08-06 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

    2010-08-06 c:\windows\Tasks\MP Scheduled Signature Update.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    FF - ProfilePath - c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    SafeBoot-klmdb.sys



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-06 15:19
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(992)
    c:\windows\system32\NETWIN32.DLL
    c:\program files\Novell\ZENworks\ZENPOL32.DLL
    c:\windows\system32\xmlparse.dll
    c:\windows\system32\ZenMup.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\Novell\ZENworks\WMNTAPI.DLL

    - - - - - - - > 'Explorer.exe'(4172)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\IEFRAME.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    c:\windows\system32\NETWIN32.DLL
    c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
    c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
    c:\program files\Novell\ZENworks\NLS\english\NalUIRes.dll
    c:\program files\SUPERAntiSpyware\SASSEH.DLL
    c:\windows\system32\MSISIP.DLL
    c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll
    c:\program files\Spyware Terminator\sptcontmenu.dll
    c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
    c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
    c:\program files\WinRAR\rarext.dll
    c:\progra~1\TROJAN~1\Trshlex.dll
    c:\program files\Sunbelt Software\CounterSpy\SBAMScanShellExt.dll
    c:\program files\Identity Finder 4\idfshext.dll
    c:\program files\Sunbelt Software\CounterSpy\SBFE.DLL
    c:\progra~1\Creative\SHARED~1\CtCmeCtx.dll
    c:\program files\Adobe\Acrobat 9.0\Acrobat Elements\ContextMenu.dll

    - - - - - - - > 'explorer.exe'(4116)
    c:\windows\system32\WININET.dll
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\system32\ieframe.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\CTsvcCDA.EXE
    c:\program files\Cisco Systems\VPN Client\cvpnd.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\program files\Novell\ZENworks\nalntsrv.exe
    c:\program files\Spyware Terminator\sp_rsser.exe
    c:\windows\system32\MsPMSPSv.exe
    c:\program files\Novell\ZENworks\wm.exe
    c:\program files\Canon\CAL\CALMAIN.exe
    c:\program files\Novell\ZENworks\WMRUNDLL.EXE
    c:\windows\system32\wscntfy.exe
    c:\program files\Novell\ZENworks\NalAgent.exe
    c:\windows\system32\NWTRAY.EXE
    c:\windows\system32\Rundll32.exe
    c:\windows\system32\RunDLL32.exe
    c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
    c:\program files\Skype\Plugin Manager\skypePM.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-06 15:29:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-06 21:29

    Pre-Run: 44,223,705,088 bytes free
    Post-Run: 44,183,896,064 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - 366F46EBDD46D462CB96AAD56E6F4416
  8. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Very good :)

    How is redirection?

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\windows\winstart.bat
    c:\windows\system32\drivers\akipckzg.sys
    c:\windows\system32\drivers\gfpihlqg.sys
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
  9. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    At the moment I am not getting any browser redirects.....fingers crossed it stays that way.
    Here is the latest combofix log (split into multiple posts)

    "c:\windows\winstart.bat"
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\system32\drivers\akipckzg.sys
    c:\windows\system32\drivers\gfpihlqg.sys
    c:\windows\winstart.bat

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-06 to 2010-08-06 )))))))))))))))))))))))))))))))
    .

    2010-08-06 17:27 . 2010-08-06 17:27 -------- d-----w- c:\program files\Common Files\Macrovision Shared
    2010-08-06 17:27 . 2008-04-07 11:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
    2010-08-06 17:27 . 2008-04-07 11:38 45392 ----a-w- c:\windows\system32\AdobePDF.dll
    2010-08-05 22:43 . 2010-01-04 12:29 69720 ----a-w- c:\windows\system32\drivers\sbapifs.sys
    2010-08-05 22:41 . 2010-01-04 12:29 13400 ----a-w- c:\windows\system32\drivers\sbaphd.sys
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\esti\Application Data\Sunbelt
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2010-08-04 22:17 . 2010-08-04 22:17 -------- d-----w- c:\program files\Sunbelt Software
    2010-08-04 21:12 . 2010-08-04 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
    2010-08-04 21:12 . 2010-07-27 01:13 3683248 ----a-w- c:\documents and settings\esti\Application Data\Simply Super Software\Trojan Remover\qjc31.exe
    2010-08-04 21:11 . 2006-06-19 19:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
    2010-08-04 21:11 . 2006-05-25 21:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
    2010-08-04 21:11 . 2005-08-26 07:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2010-08-04 21:11 . 2003-02-03 02:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2010-08-04 21:11 . 2002-03-06 07:00 75264 ----a-w- c:\windows\system32\unacev2.dll
    2010-08-04 21:10 . 2010-08-04 21:11 -------- d-----w- c:\program files\Trojan Remover
    2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\esti\Application Data\Simply Super Software
    2010-08-04 21:10 . 2010-08-04 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
    2010-08-04 19:58 . 2010-08-04 20:43 -------- d-----w- c:\program files\UnHackMe
    2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\documents and settings\esti\Application Data\IObit
    2010-08-04 05:05 . 2010-08-04 05:05 -------- d-----w- c:\program files\IObit
    2010-08-03 13:52 . 2010-08-03 13:52 63488 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
    2010-08-03 13:52 . 2010-08-03 13:52 52224 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-08-03 13:52 . 2010-08-03 13:52 117760 ----a-w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\esti\Application Data\SUPERAntiSpyware.com
    2010-08-03 13:52 . 2010-08-03 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2010-08-03 13:51 . 2010-08-03 13:52 -------- d-----w- c:\program files\SUPERAntiSpyware
    2010-08-03 02:36 . 2010-08-03 02:36 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
    2010-08-03 02:36 . 2010-08-03 02:36 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
    2010-08-03 02:36 . 2010-08-03 02:36 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
    2010-08-03 02:36 . 2010-08-04 05:51 -------- d-----w- c:\documents and settings\esti\Application Data\Spyware Terminator
    2010-08-03 02:35 . 2010-08-04 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
    2010-08-03 02:35 . 2010-08-04 05:57 -------- d-----w- c:\program files\Spyware Terminator
    2010-08-03 01:29 . 2010-08-04 16:56 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-08-03 01:28 . 2010-08-03 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
    2010-08-03 01:28 . 2010-08-03 01:28 -------- d-----w- c:\program files\Hitman Pro 3.5
    2010-08-02 00:00 . 2010-08-02 00:00 23040 ----a-w- c:\windows\system32\drivers\ukikciki.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\esti\Application Data\Malwarebytes
    2010-07-31 22:38 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-07-31 22:38 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-31 22:38 . 2010-07-31 22:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-07-31 13:14 . 2010-07-31 13:14 -------- d-sh--w- c:\documents and settings\NetworkService\UserData
    2010-07-31 05:14 . 2010-07-31 05:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\FileOpen
    2010-07-31 05:14 . 2010-07-31 05:15 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-07-31 03:14 . 2010-07-31 03:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Identity Finder
    2010-07-31 03:13 . 2010-07-31 22:27 -------- d-----w- c:\program files\Identity Finder 4
    2010-07-15 15:29 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-09 17:13 . 2010-07-09 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Trivantis

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-06 22:34 . 2010-03-05 00:30 -------- d-----w- c:\documents and settings\esti\Application Data\Skype
    2010-08-06 22:04 . 2010-03-05 00:35 -------- d-----w- c:\documents and settings\esti\Application Data\skypePM
    2010-08-06 21:13 . 2010-02-26 17:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-08-06 21:13 . 2010-02-26 17:55 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
    2010-08-06 20:59 . 2007-05-04 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-08-06 20:59 . 2006-11-16 16:34 -------- d-----w- c:\program files\McAfee
    2010-08-06 20:40 . 2006-11-15 20:59 86168 ----a-w- c:\documents and settings\teex\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-06 17:27 . 2008-05-07 18:56 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-05 22:10 . 2009-06-04 19:35 -------- d-----w- c:\program files\Lavasoft
    2010-08-05 22:09 . 2009-06-04 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-04 15:36 . 2010-01-03 18:10 -------- d-----w- c:\documents and settings\esti\Application Data\uTorrent
    2010-08-04 05:30 . 2009-04-29 15:55 -------- d-----w- c:\documents and settings\esti\Application Data\.oit
    2010-08-02 12:48 . 2004-08-03 22:58 23040 ----a-w- c:\windows\system32\drivers\mouclass.sys
    2010-08-01 21:00 . 2010-03-22 14:11 1324 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-07-15 17:03 . 2008-05-07 17:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-07-10 05:05 . 2009-04-29 23:11 -------- d-----w- c:\documents and settings\esti\Application Data\LimeWire
    2010-07-09 17:11 . 2009-04-26 17:22 -------- d-----w- c:\program files\Trivantis
    2010-07-03 06:54 . 2010-07-01 01:42 -------- d-----w- c:\documents and settings\esti\Application Data\dvdcss
    2010-06-24 17:15 . 2010-06-24 17:15 -------- d-----w- c:\program files\Microsoft Forefront
    2010-06-14 14:31 . 2006-11-15 20:28 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-13 01:12 . 2010-06-13 00:23 -------- d-----w- c:\program files\Winamp
    2010-06-13 01:02 . 2010-06-13 00:23 -------- d-----w- c:\documents and settings\esti\Application Data\Winamp
    2010-06-13 00:24 . 2010-06-13 00:24 -------- d-----w- c:\program files\Winamp Detect
    2010-06-01 17:37 . 2010-06-24 17:19 221568 ------w- c:\windows\system32\MpSigStub.exe
    2010-05-26 01:50 . 2009-08-04 21:09 15341 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
    2010-05-26 01:46 . 2009-08-04 21:09 5653224 ----a-w- c:\windows\system32\SpoonUninstall.exe
    2010-05-17 14:39 . 2010-01-28 15:30 50354 ----a-w- c:\documents and settings\esti\Application Data\Facebook\uninstall.exe
    2010-05-11 21:48 . 2010-05-11 18:20 256 ----a-w- C:\pool.bin
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "Novell Messenger"="c:\novell\Messenger\NMCL32.exe" [2008-09-30 1417293]
    "Centra Launcher"="c:\program files\Centra\Client\bin\centraSystray.exe" [2009-11-05 249856]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-04-30 5472016]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]
    "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531]
    "P17Helper"="P17.dll" [2005-05-03 64512]
    "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
    "RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 1116920]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960]
    "ZENRC Tray Icon"="c:\windows\system32\zentray.exe" [2005-05-18 40960]
    "PD0620 STISvc"="P0620Pin.dll" [2005-05-10 36864]
    "BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]
    "Microsoft Forefront Client Security Antimalware Service"="c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe" [2010-01-19 1033600]
    "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-08-02 1167808]
    "SBAMTray"="c:\program files\Sunbelt Software\CounterSpy\SBAMTray.exe" [2010-04-19 1291600]
    "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
    "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-4-28 113664]
    VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2009-5-27 6144]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "CompatibleRUPSecurity"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2008-01-04 458752]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
    2007-12-25 05:21 24576 ----a-r- c:\windows\system32\novell\xtnotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Authentication Packages REG_MULTI_SZ msv1_0 nwv1_0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FCSAM]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^esti^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\esti\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
    2010-07-02 23:33 2347216 ----a-w- c:\program files\IObit\Advanced SystemCare 3\AWC.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
    2006-01-02 23:41 45056 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cdloader]
    2010-01-19 23:55 50520 ----a-w- c:\documents and settings\esti\Application Data\mjusbsp\cdloader2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
    2007-11-06 17:08 397312 ------w- c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
    2005-12-10 02:29 49152 ------w- c:\program files\CyberLink\PowerDVD\DVDLauncher.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
    2010-08-03 18:29 6289216 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
    2006-03-24 01:17 118784 ----a-w- c:\windows\system32\igfxpers.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2009-01-05 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
    2008-09-19 16:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminatorUpdate]
    2010-08-03 02:36 3037696 ----a-w- c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2010-07-19 17:50 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
    2010-05-17 20:26 322352 ----a-w- c:\program files\uTorrent\uTorrent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    2010-05-25 16:08 37888 ----a-w- c:\program files\Winamp\winampa.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
  10. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is part 2

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Novell\\GroupWise\\grpwise.exe"=
    "c:\\Novell\\GroupWise\\notify.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Documents and Settings\\esti\\Application Data\\mjusbsp\\magicJack.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 12:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 12:41 PM 67656]
    R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [8/5/2010 4:41 PM 13400]
    R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [10/13/2009 9:02 AM 95024]
    R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [8/2/2010 8:36 PM 142592]
    R2 BlankScr;HBDevice;c:\windows\system32\drivers\blankscr.sys [5/23/2005 2:47 PM 6899]
    R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe [1/19/2010 4:49 PM 16880]
    R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe [4/6/2007 4:12 AM 73120]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    R2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [5/9/2006 10:59 AM 167936]
    R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [8/5/2010 4:43 PM 69720]
    R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\CounterSpy\SBPIMSvc.exe [4/19/2010 1:47 PM 181584]
    R2 XTAgent;Novell XTier Agent Services;c:\windows\system32\novell\xtagent.exe [12/24/2007 11:21 PM 61440]
    R3 Darpan;Darpan;c:\windows\system32\drivers\Darpan.sys [5/23/2005 2:11 PM 2773]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1c9d89eabaa7b1e;Google Update Service (gupdate1c9d89eabaa7b1e);c:\program files\Google\Update\GoogleUpdate.exe [5/19/2009 10:27 AM 133104]
    S2 IDFEndpointService;Identity Finder Endpoint Service;"c:\program files\Identity Finder 4\idfEndpoint.exe" --> c:\program files\Identity Finder 4\idfEndpoint.exe [?]
    S2 SBAMSvc;CounterSpy Antispyware;c:\program files\Sunbelt Software\CounterSpy\SBAMSvc.exe [4/19/2010 1:48 PM 2726000]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 6:00 AM 14336]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    WINRM REG_MULTI_SZ WINRM
    .
    Contents of the 'Scheduled Tasks' folder

    2010-08-06 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-26 20:47]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

    2010-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-19 16:27]

    2010-08-06 c:\windows\Tasks\MP Scheduled Quick Scan.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

    2010-08-06 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]

    2010-08-06 c:\windows\Tasks\MP Scheduled Signature Update.job
    - c:\program files\Microsoft Forefront\Client Security\Client\Antimalware\MpCmdRun.exe [2010-01-19 22:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Append to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert link target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert link target to existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - hxxp://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
    FF - ProfilePath - c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPCentraUpdater.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npsharedview.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-06 16:34
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(992)
    c:\windows\system32\NETWIN32.DLL
    c:\program files\Novell\ZENworks\ZENPOL32.DLL
    c:\windows\system32\xmlparse.dll
    c:\windows\system32\ZenMup.dll
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    c:\program files\Novell\ZENworks\WMNTAPI.DLL
    .
    Completion time: 2010-08-06 16:36:28
    ComboFix-quarantined-files.txt 2010-08-06 22:36
    ComboFix2.txt 2010-08-06 21:29

    Pre-Run: 44,180,033,536 bytes free
    Post-Run: 44,165,009,408 bytes free

    - - End Of File - - A3311F0DFA13EAE474992ECEF079C42A
  11. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  12. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Great, thanks so much!
    Here is the first part of the OTL file

    OTL logfile created on: 8/6/2010 8:31:17 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\esti\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 42.22 Gb Free Space | 56.71% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive J: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
    Drive R: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
    Drive S: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
    Drive T: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
    Drive U: | 488.28 Mb Total Space | 498.96 Mb Free Space | 102.19% Space Free | Partition Type: NWFS
    Drive Z: | 19.47 Gb Total Space | 4.42 Gb Free Space | 22.68% Space Free | Partition Type: NWFS

    Computer Name: T7166417
    Current User Name: esti
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
    PRC - [2010/08/02 20:36:26 | 000,488,960 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
    PRC - [2010/07/26 21:45:47 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/07/26 21:45:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/04/19 14:01:32 | 001,291,600 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe
    PRC - [2010/04/19 13:48:54 | 002,726,000 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe
    PRC - [2010/04/19 13:47:50 | 000,181,584 | ---- | M] (Sunbelt Software) -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe
    PRC - [2010/01/19 16:51:32 | 001,033,600 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
    PRC - [2010/01/19 16:49:44 | 000,016,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
    PRC - [2009/11/24 12:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
    PRC - [2009/11/04 18:19:12 | 000,249,856 | ---- | M] () -- C:\Program Files\Centra\Client\bin\centraSystray.exe
    PRC - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    PRC - [2009/09/25 23:31:32 | 000,185,640 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
    PRC - [2009/05/08 11:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
    PRC - [2009/05/08 11:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
    PRC - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    PRC - [2009/04/30 15:39:30 | 005,472,016 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
    PRC - [2009/04/26 20:37:22 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/02/27 12:14:26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2008/11/04 12:09:58 | 000,615,696 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
    PRC - [2008/09/30 14:14:24 | 001,417,293 | ---- | M] (Novell, Inc.) -- C:\Novell\Messenger\NMCL32.exe
    PRC - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    PRC - [2008/05/12 17:52:56 | 000,393,216 | ---- | M] (Novell, Inc) -- C:\Program Files\Novell\ZENworks\NalAgent.exe
    PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2008/01/22 07:00:14 | 000,113,152 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
    PRC - [2007/12/24 23:21:44 | 000,152,128 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WM.EXE
    PRC - [2007/12/24 23:21:42 | 000,012,224 | R--- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
    PRC - [2007/12/24 23:21:26 | 000,061,440 | R--- | M] (Novell, Inc.) -- C:\WINDOWS\system32\novell\xtagent.exe
    PRC - [2007/07/17 11:03:38 | 000,868,352 | ---- | M] () -- C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    PRC - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
    PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
    PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
    PRC - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
    PRC - [2004/10/14 13:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
    PRC - [2002/03/12 11:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
    MOD - [2008/04/13 18:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Identity Finder 4\idfEndpoint.exe -- (IDFEndpointService)
    SRV - [2010/08/06 11:27:40 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/08/02 20:36:26 | 000,488,960 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
    SRV - [2010/04/19 13:48:54 | 002,726,000 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBAMSvc.exe -- (SBAMSvc)
    SRV - [2010/04/19 13:47:50 | 000,181,584 | ---- | M] (Sunbelt Software) [Auto | Running] -- C:\Program Files\Sunbelt Software\CounterSpy\SBPIMSvc.exe -- (SBPIMSvc)
    SRV - [2010/01/19 16:49:44 | 000,016,880 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe -- (FCSAM)
    SRV - [2009/09/25 23:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
    SRV - [2009/08/07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2009/04/30 17:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
    SRV - [2008/08/04 15:59:00 | 000,053,339 | ---- | M] (Novell, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
    SRV - [2008/06/19 18:08:44 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
    SRV - [2008/01/22 07:00:14 | 000,113,152 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\NALNTSRV.EXE -- (NALNTSERVICE)
    SRV - [2007/12/24 23:21:44 | 000,152,128 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\WM.EXE -- (ZFDWM)
    SRV - [2007/12/24 23:21:26 | 000,061,440 | R--- | M] (Novell, Inc.) [Auto | Running] -- C:\WINDOWS\system32\novell\xtagent.exe -- (XTAgent)
    SRV - [2007/04/06 04:12:48 | 000,073,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe -- (FcsSas)
    SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
    SRV - [2006/05/09 10:59:00 | 000,167,936 | ---- | M] (Novell, Inc.) [Auto | Running] -- C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe -- (Remote Management Agent)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\DRIVERS\OMCI.SYS -- (OMCI)
    DRV - File not found [File_System | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\Lbd.sys -- (Lbd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\esti\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/08/02 20:36:21 | 000,142,592 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sp_rsdrv2.sys -- (sp_rsdrv2)
    DRV - [2010/05/10 12:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2010/03/01 14:18:26 | 000,095,024 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
    DRV - [2010/02/17 12:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2010/01/04 06:29:42 | 000,069,720 | ---- | M] (Sunbelt Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
    DRV - [2010/01/04 06:29:40 | 000,013,400 | ---- | M] (Sunbelt Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
    DRV - [2009/12/15 15:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
    DRV - [2009/12/15 15:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
    DRV - [2009/12/15 15:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2009/12/15 15:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
    DRV - [2009/12/15 15:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
    DRV - [2009/05/15 12:35:52 | 000,069,616 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MpFilter.sys -- (MpFilter)
    DRV - [2009/04/30 17:03:30 | 000,023,832 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
    DRV - [2009/04/30 17:03:08 | 006,754,712 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech Webcam 500(UVC)
    DRV - [2009/04/30 17:01:36 | 000,265,496 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
    DRV - [2009/04/30 17:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
    DRV - [2008/12/12 14:17:46 | 000,553,984 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
    DRV - [2008/08/04 17:17:14 | 000,185,216 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
    DRV - [2008/08/04 17:06:32 | 000,058,496 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
    DRV - [2008/07/21 14:45:20 | 000,017,664 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
    DRV - [2008/07/21 13:47:04 | 000,029,440 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
    DRV - [2008/07/21 13:39:20 | 000,045,824 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
    DRV - [2008/06/19 18:07:50 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
    DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2008/04/04 15:32:46 | 000,020,208 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
    DRV - [2008/03/29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
    DRV - [2008/01/08 10:27:32 | 000,038,603 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
    DRV - [2007/06/15 01:47:26 | 001,127,936 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P17.sys -- (P17)
    DRV - [2007/01/18 17:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
    DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLADResM.SYS -- (DLADResM)
    DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABMFSM.SYS -- (DLABMFSM)
    DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS -- (DLAUDF_M)
    DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS -- (DLAUDFAM)
    DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS -- (DLAOPIOM)
    DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLABOIOM.SYS -- (DLABOIOM)
    DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS -- (DLAIFS_M)
    DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\DLAPoolM.SYS -- (DLAPoolM)
    DRV - [2006/08/11 10:05:58 | 000,051,768 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\DRVNDDM.SYS -- (drvnddm)
    DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
    DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
    DRV - [2006/07/21 10:21:26 | 000,099,176 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\DRVMCDB.SYS -- (drvmcdb)
    DRV - [2006/06/07 17:08:58 | 001,580,544 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2006/05/10 15:00:16 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2005/11/22 10:51:22 | 000,018,353 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
    DRV - [2005/10/12 13:12:18 | 000,009,297 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
    DRV - [2005/10/12 13:11:32 | 000,006,128 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS) Novell Simple Naming Services (NWSNS)
    DRV - [2005/05/23 14:47:18 | 000,006,899 | ---- | M] (Novell Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\blankscr.sys -- (BlankScr)
    DRV - [2005/05/23 14:11:14 | 000,002,773 | ---- | M] (Novell, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Darpan.sys -- (Darpan)
    DRV - [2005/04/24 19:57:36 | 000,091,864 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\P0620Vid.sys -- (PD0620VID)
    DRV - [2005/01/26 11:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2005/01/10 09:15:30 | 000,106,496 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/01/10 09:15:24 | 000,138,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2003/02/26 14:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========
  13. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the 2nd part of the OTL file

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
    FF - prefs.js..extensions.enabledItems: 6
    FF - prefs.js..extensions.enabledItems: 2
    FF - prefs.js..extensions.enabledItems: 41
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/03 13:41:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 11:26:38 | 000,000,000 | ---D | M]

    [2009/04/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Extensions
    [2009/04/29 17:12:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Extensions\mozswing@mozswing.org
    [2010/08/06 18:50:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions
    [2009/07/18 14:50:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/08/26 20:34:53 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\esti\Application Data\Mozilla\Firefox\Profiles\jsfz2ls3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/08/05 17:48:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/03/04 18:29:55 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/03/29 10:02:06 | 000,163,840 | ---- | M] (Centra Software, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPCentraUpdater.dll
    [2008/01/30 14:48:38 | 000,074,280 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsharedview.dll
    [2010/05/25 10:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2010/08/06 16:33:56 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
    O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)
    O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
    O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
    O4 - HKLM..\Run: [Microsoft Forefront Client Security Antimalware Service] C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
    O4 - HKLM..\Run: [P17Helper] C:\WINDOWS\System32\P17.dll ()
    O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.dll (Creative Technology Ltd.)
    O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
    O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\CounterSpy\SBAMTray.exe (Sunbelt Software)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
    O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
    O4 - HKLM..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe (Novell, Inc.)
    O4 - HKCU..\Run: [Centra Launcher] C:\Program Files\Centra\Client\bin\centraSystray.exe ()
    O4 - HKCU..\Run: [CTSyncU.exe] C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe ()
    O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
    O4 - HKCU..\Run: [Novell Messenger] C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
    O9 - Extra 'Tools' menuitem : Novell Messenger - {3C3171BC-1025-43d1-8D1D-61CF4B38A28F} - C:\Novell\Messenger\NMCL32.exe (Novell, Inc.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll (Novell, Inc)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
    O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
    O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
    O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} http://webconference.tamus.edu/SiteRoots/main/Install/win32/CentraUpdaterAx.cab (CentraUpdaterAxCtl Class)
    O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab (Office Genuine Advantage Validation Tool)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/win...ls/en/x86/client/wuweb_site.cab?1190663323359 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
    O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150
    O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
    O18 - Protocol\Handler\nim {3D206AE2-3039-413B-B748-3ACC562EC22A} - C:\Novell\Messenger\nmcg32.dll (Novell, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\NetIdentity Notification: DllName - C:\WINDOWS\system32\Novell\XtNotify.dll - C:\WINDOWS\system32\novell\xtnotify.dll (Novell, Inc.)
    O24 - Desktop WallPaper: C:\Documents and Settings\esti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\esti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {763370C4-268E-4308-A60C-D8DA0342BE32} - C:\Program Files\Novell\ZENworks\NalShell.dll (Novell, Inc)
    O30 - LSA: Authentication Packages - (nwv1_0) - C:\WINDOWS\System32\nwv1_0.dll (Novell, Inc.)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/11/15 14:30:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/07/01 07:34:32 | 000,920,512 | RHS- | M] () - S:\Autorun.inf -- [ NWFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: aux1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
     
  14. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    3rd part of the OTL file

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/06 20:15:37 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
    [2010/08/06 15:05:41 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/06 15:03:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/06 11:27:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
    [2010/08/05 16:43:06 | 000,069,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbapifs.sys
    [2010/08/05 16:41:33 | 000,013,400 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\sbaphd.sys
    [2010/08/05 15:46:56 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\TFC.exe
    [2010/08/05 11:37:39 | 001,170,256 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\esti\Desktop\TDSSKiller.exe
    [2010/08/04 16:17:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Sunbelt
    [2010/08/04 16:17:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sunbelt
    [2010/08/04 16:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Sunbelt Software
    [2010/08/04 15:12:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/08/04 15:11:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\My Documents\Simply Super Software
    [2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
    [2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Simply Super Software
    [2010/08/04 15:10:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/08/04 14:01:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\My Documents\RegRun2
    [2010/08/04 13:58:25 | 000,000,000 | ---D | C] -- C:\Program Files\UnHackMe
    [2010/08/04 08:11:09 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\esti\Desktop\HijackThis.exe
    [2010/08/03 23:05:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\IObit
    [2010/08/03 23:05:23 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
    [2010/08/03 07:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\SUPERAntiSpyware.com
    [2010/08/03 07:52:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2010/08/03 07:51:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/08/02 20:36:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Spyware Terminator
    [2010/08/02 20:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    [2010/08/02 20:35:45 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
    [2010/08/02 19:28:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/08/02 19:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Hitman Pro 3.5
    [2010/07/31 16:38:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Malwarebytes
    [2010/07/31 16:38:14 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/07/31 16:38:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/07/31 16:38:09 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/07/31 16:38:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/07/30 23:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\FileOpen
    [2010/07/30 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/30 23:14:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/30 21:19:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/30 21:19:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/30 21:14:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identity Finder
    [2010/07/30 21:13:17 | 000,000,000 | ---D | C] -- C:\Program Files\Identity Finder 4
    [2010/07/09 11:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trivantis
    [2010/06/30 19:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\dvdcss
    [2010/06/24 11:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Forefront
    [2010/06/12 18:24:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
    [2010/06/12 18:24:44 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
    [2010/06/12 18:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
    [2010/06/12 18:23:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\esti\Application Data\Winamp
    [2006/11/17 11:25:35 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll

    ========== Files - Modified Within 90 Days ==========

    [2010/08/06 20:24:48 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
    [2010/08/06 20:23:56 | 000,003,634 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
    [2010/08/06 20:23:56 | 000,000,426 | RHS- | M] () -- C:\Documents and Settings\esti\ntuser.pol
    [2010/08/06 20:22:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/06 20:21:57 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/06 20:21:37 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
    [2010/08/06 20:21:36 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    [2010/08/06 20:21:31 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/08/06 20:18:42 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/08/06 20:18:19 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/06 20:18:16 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/06 20:18:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
    [2010/08/06 20:18:08 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
    [2010/08/06 20:17:37 | 015,728,640 | -H-- | M] () -- C:\Documents and Settings\esti\NTUSER.DAT
    [2010/08/06 20:17:22 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\esti\ntuser.ini
    [2010/08/06 20:16:58 | 006,050,782 | -H-- | M] () -- C:\Documents and Settings\esti\Local Settings\Application Data\IconCache.db
    [2010/08/06 20:15:37 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\OTL.exe
    [2010/08/06 19:18:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/06 16:34:04 | 000,000,246 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/06 16:33:56 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/06 15:21:05 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/08/06 15:21:05 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/08/06 15:21:05 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/08/06 15:13:46 | 000,318,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/08/06 15:05:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2010/08/06 11:38:58 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/08/06 10:22:30 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
    [2010/08/06 09:44:25 | 000,061,588 | ---- | M] () -- C:\ziswin.hst
    [2010/08/05 16:09:54 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\dds.scr
    [2010/08/05 16:09:20 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\wfzpu15x.exe
    [2010/08/05 15:46:52 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\esti\Desktop\TFC.exe
    [2010/08/05 14:09:54 | 000,162,816 | ---- | M] () -- C:\Documents and Settings\esti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/04 16:17:32 | 000,001,769 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
    [2010/08/04 15:11:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
    [2010/08/04 14:01:35 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/04 14:01:35 | 000,001,754 | ---- | M] () -- C:\WINDOWS\System32\AUTOEXEC.NT
    [2010/08/04 12:16:31 | 000,000,700 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/08/04 12:16:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/04 11:07:39 | 000,002,337 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
    [2010/08/04 10:56:49 | 000,016,968 | ---- | M] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/08/04 09:44:58 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
    [2010/08/04 08:24:13 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\esti\defogger_reenable
    [2010/08/04 08:11:06 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\esti\Desktop\HijackThis.exe
    [2010/08/03 23:05:46 | 000,000,874 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
    [2010/08/03 14:06:42 | 000,012,761 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\database fields.docx
    [2010/08/03 08:43:50 | 000,002,347 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
    [2010/08/03 07:51:47 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/08/02 20:36:48 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
    [2010/08/02 20:36:21 | 000,142,592 | ---- | M] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
    [2010/08/02 19:38:10 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100803-131033.backup
    [2010/08/02 19:28:55 | 000,001,663 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2010/08/01 15:00:35 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/31 16:38:17 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/27 07:25:38 | 000,036,345 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\TEEXdata.xlsx
    [2010/07/26 21:19:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/07/22 16:11:12 | 001,170,256 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\esti\Desktop\TDSSKiller.exe
    [2010/07/21 14:13:26 | 000,000,032 | ---- | M] () -- C:\WINDOWS\.ini
    [2010/07/21 14:11:48 | 000,000,079 | ---- | M] () -- C:\WINDOWS\ZipFilter.INI
    [2010/07/21 14:11:48 | 000,000,079 | ---- | M] () -- C:\WINDOWS\XMLFilter.INI
    [2010/07/21 14:11:47 | 000,000,079 | ---- | M] () -- C:\WINDOWS\WTFilter.INI
    [2010/07/21 14:11:42 | 000,000,079 | ---- | M] () -- C:\WINDOWS\TextFilter.INI
    [2010/07/20 16:07:18 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio.doc
    [2010/07/20 14:25:10 | 000,730,858 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\100_7426.jpg
    [2010/07/20 13:48:31 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio V2.doc
    [2010/07/14 14:55:32 | 000,002,353 | ---- | M] () -- C:\Documents and Settings\esti\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2007.lnk
    [2010/07/13 08:00:24 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Employee_Training_TEEX_33_05_02_99_01.doc
    [2010/07/07 11:44:21 | 000,167,554 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Confined-space plan document.pdf
    [2010/06/22 13:29:13 | 000,072,704 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\Phone List.xls
    [2010/06/19 11:01:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/19 09:30:54 | 000,016,429 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brent Sanford Project Boy Scout Resume.docx
    [2010/06/12 18:25:11 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
    [2010/05/26 21:46:47 | 000,020,190 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Brief History of Rope Rescue Online.docx
    [2010/05/25 19:50:58 | 000,015,341 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat
    [2010/05/25 19:50:42 | 000,033,846 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.bmp
    [2010/05/25 19:46:52 | 005,653,224 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
    [2010/05/13 11:45:43 | 000,012,766 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\Electric Vehicle inputs.docx
    [2010/05/13 07:34:27 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\esti\Desktop\phone tree.xls
    [2010/05/11 15:48:13 | 000,000,256 | ---- | M] () -- C:\pool.bin
    [2010/05/11 12:26:48 | 011,403,073 | ---- | M] () -- C:\Documents and Settings\esti\My Documents\LoaderBackup-(2010-05-11).ipd

    ========== Files Created - No Company Name ==========
  15. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Last part of the OTL file

    [2010/08/06 15:05:52 | 000,000,211 | ---- | C] () -- C:\Boot.bak
    [2010/08/06 15:05:48 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/06 11:26:39 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Acrobat 9 Pro.lnk
    [2010/08/05 16:09:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\esti\Desktop\wfzpu15x.exe
    [2010/08/04 16:17:32 | 000,001,769 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CounterSpy.lnk
    [2010/08/04 15:11:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Trojan Remover.lnk
    [2010/08/04 15:11:18 | 000,162,304 | ---- | C] () -- C:\WINDOWS\System32\ztvunrar36.dll
    [2010/08/04 15:11:18 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
    [2010/08/04 15:11:18 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\ztvunace26.dll
    [2010/08/04 15:11:18 | 000,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
    [2010/08/04 08:24:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\esti\Desktop\dds.scr
    [2010/08/04 08:24:13 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\esti\defogger_reenable
    [2010/08/03 23:05:46 | 000,000,874 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
    [2010/08/03 14:06:42 | 000,012,761 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\database fields.docx
    [2010/08/03 07:51:47 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/08/02 20:36:47 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Terminator.lnk
    [2010/08/02 20:36:21 | 000,142,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\sp_rsdrv2.sys
    [2010/08/02 19:29:36 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
    [2010/08/02 19:28:10 | 000,001,663 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Hitman Pro 3.5.lnk
    [2010/07/31 16:38:17 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/07/20 16:07:18 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio.doc
    [2010/07/20 14:25:10 | 000,730,858 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\100_7426.jpg
    [2010/07/20 13:47:32 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brenda Sanford bio V2.doc
    [2010/07/13 08:00:23 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Employee_Training_TEEX_33_05_02_99_01.doc
    [2010/07/07 11:44:21 | 000,167,554 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Confined-space plan document.pdf
    [2010/06/25 11:06:25 | 000,000,412 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Signature Update.job
    [2010/06/25 11:06:24 | 000,000,406 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2010/06/24 11:21:52 | 000,000,430 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Quick Scan.job
    [2010/06/19 09:30:54 | 000,016,429 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brent Sanford Project Boy Scout Resume.docx
    [2010/06/12 18:25:11 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Winamp.lnk
    [2010/05/26 08:30:42 | 000,020,190 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Brief History of Rope Rescue Online.docx
    [2010/05/13 11:45:43 | 000,012,766 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\Electric Vehicle inputs.docx
    [2010/05/11 12:26:48 | 011,403,073 | ---- | C] () -- C:\Documents and Settings\esti\My Documents\LoaderBackup-(2010-05-11).ipd
    [2010/05/11 12:20:51 | 000,000,256 | ---- | C] () -- C:\pool.bin
    [2010/02/26 11:55:59 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
    [2009/10/05 08:01:14 | 000,189,952 | ---- | C] () -- C:\WINDOWS\System32\Qcard32.dll
    [2009/08/03 13:31:42 | 000,336,896 | ---- | C] () -- C:\WINDOWS\System32\ammppg.dll
    [2009/08/03 13:31:42 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\a1.dll
    [2009/08/03 13:31:41 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\qscl.dll
    [2009/08/03 13:31:41 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
    [2009/08/03 13:31:41 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\amrdec.dll
    [2009/08/03 13:31:41 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\qcpsdk.dll
    [2009/06/24 08:58:32 | 000,000,079 | ---- | C] () -- C:\WINDOWS\TextFilter.INI
    [2009/05/18 16:26:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\.ini
    [2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\ZipFilter.INI
    [2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\XMLFilter.INI
    [2009/05/18 14:46:20 | 000,000,079 | ---- | C] () -- C:\WINDOWS\WTFilter.INI
    [2009/05/18 14:44:12 | 000,000,040 | ---- | C] () -- C:\WINDOWS\LectoraPatchTemp.INI
    [2009/05/08 11:13:04 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
    [2009/04/30 17:00:12 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
    [2009/04/27 15:25:01 | 000,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
    [2009/01/21 01:44:58 | 000,757,818 | ---- | C] () -- C:\WINDOWS\System32\gwadd1.dll
    [2009/01/21 01:42:38 | 000,303,166 | ---- | C] () -- C:\WINDOWS\System32\gwodm132.dll
    [2009/01/21 01:10:56 | 000,098,354 | ---- | C] () -- C:\WINDOWS\System32\GWLDO132.DLL
    [2009/01/20 22:31:08 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
    [2008/06/19 18:08:52 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
    [2008/06/19 18:08:44 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
    [2008/02/04 17:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
    [2007/12/24 23:21:10 | 000,212,480 | R--- | C] () -- C:\WINDOWS\System32\DBPORT6.DLL
    [2007/12/24 23:21:06 | 000,061,440 | R--- | C] () -- C:\WINDOWS\System32\XMLPARSE.DLL
    [2007/09/25 08:50:31 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
    [2007/09/25 08:25:46 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
    [2007/09/21 13:56:43 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
    [2006/11/17 11:26:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2006/11/17 11:26:06 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2006/11/17 11:25:36 | 000,003,278 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2006/11/17 11:25:36 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2006/11/17 11:25:35 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2006/11/17 11:25:35 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2006/11/16 10:28:22 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\cwbrw.dll
    [2006/11/16 10:28:22 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\cwbsv.dll
    [2006/11/16 10:28:22 | 000,020,529 | ---- | C] () -- C:\WINDOWS\System32\cwbwiz.dll
    [2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbsy.dll
    [2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbnl.dll
    [2006/11/16 10:28:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\cwbco.dll
    [2006/11/16 10:28:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbnldlg.dll
    [2006/11/16 10:28:22 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\cwbad.dll
    [2006/11/16 10:18:03 | 000,000,291 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2006/11/16 09:37:10 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/11/16 08:58:15 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\GAMSWrap.dll
    [2006/11/16 08:45:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
    [2006/11/16 08:45:59 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll
    [2006/11/16 08:45:56 | 000,225,356 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
    [2006/11/16 08:45:46 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
    [2006/11/16 08:45:30 | 000,065,619 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
    [2006/11/16 08:45:28 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
    [2006/11/16 08:45:25 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
    [2006/11/16 08:45:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
    [2006/11/09 15:07:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2006/09/16 22:36:50 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
    [2006/09/16 22:36:50 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
    [2004/03/17 03:39:12 | 000,454,761 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-1_31.dll
    [2004/03/17 03:38:26 | 000,467,052 | ---- | C] () -- C:\WINDOWS\System32\boost_regex-vc6-mt-gd-1_31.dll

    ========== LOP Check ==========

    [2009/09/25 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileOpen
    [2010/08/02 19:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
    [2010/07/30 21:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Identity Finder
    [2009/04/30 09:21:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ProjectEngine
    [2009/09/17 14:54:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
    [2010/08/04 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
    [2010/08/04 09:37:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
    [2010/08/04 15:12:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/07/09 11:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trivantis
    [2010/08/03 23:30:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\.oit
    [2010/01/21 14:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Canon
    [2010/03/29 10:07:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Centra
    [2010/05/17 08:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Facebook
    [2009/09/25 14:23:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\FileOpen
    [2009/12/14 15:43:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\funkitron
    [2010/08/03 23:05:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\IObit
    [2009/11/07 11:16:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Leadertech
    [2010/07/09 23:05:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\LimeWire
    [2010/02/11 17:30:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\mjusbsp
    [2009/08/03 14:57:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Research In Motion
    [2009/04/28 08:37:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Saba
    [2010/01/16 10:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\SecondLife
    [2010/08/04 15:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Simply Super Software
    [2010/08/03 23:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Spyware Terminator
    [2009/04/26 11:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\Thinstall
    [2010/08/04 09:36:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\esti\Application Data\uTorrent
    [2010/08/06 20:21:36 | 000,000,430 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job
    [2010/08/06 20:21:31 | 000,000,406 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
    [2010/08/06 20:21:37 | 000,000,412 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Signature Update.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/08/05 15:52:30 | 000,028,121 | ---- | M] () -- C:\aaw7boot.log
    [2010/07/21 14:11:31 | 000,047,166 | ---- | M] () -- C:\artpdbg.log
    [2006/11/15 14:30:19 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/08/04 12:16:31 | 000,000,211 | ---- | M] () -- C:\Boot.bak
    [2010/08/06 15:05:52 | 000,000,281 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/06 16:36:29 | 000,026,848 | ---- | M] () -- C:\ComboFix.txt
    [2006/11/15 14:30:19 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2009/09/25 14:23:37 | 000,017,552 | ---- | M] () -- C:\install.log
    [2006/11/15 14:30:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2006/11/15 14:30:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2008/05/08 10:55:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/08/06 20:18:07 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/11 15:48:13 | 000,000,256 | ---- | M] () -- C:\pool.bin
    [2007/06/04 08:28:54 | 000,000,093 | ---- | M] () -- C:\register.txt
    [2006/11/16 09:57:53 | 000,000,501 | ---- | M] () -- C:\RHDSetup.log
    [2010/08/01 22:09:35 | 000,048,914 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_01.08.2010_19.54.13_log.txt
    [2010/08/02 07:42:40 | 000,045,600 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_02.08.2010_07.42.14_log.txt
    [2010/08/03 07:46:34 | 000,045,296 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_07.46.11_log.txt
    [2010/08/03 12:29:26 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_12.29.04_log.txt
    [2010/08/03 22:55:06 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_03.08.2010_22.53.05_log.txt
    [2010/08/04 07:54:31 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_04.08.2010_07.54.00_log.txt
    [2010/08/04 07:55:52 | 000,045,792 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_04.08.2010_07.55.39_log.txt
    [2010/08/05 11:38:38 | 000,046,492 | ---- | M] () -- C:\TDSSKiller.2.4.0.0_05.08.2010_11.38.05_log.txt
    [2009/09/25 14:23:22 | 000,000,438 | ---- | M] () -- C:\uninstall.log
    [2010/08/06 09:44:25 | 000,061,588 | ---- | M] () -- C:\ziswin.hst

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 06:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2006/10/26 18:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2006/11/15 08:15:43 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/11/15 08:15:43 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/11/15 08:15:42 | 000,905,216 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 18:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 18:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 18:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
    "UseWUServer" = 1
    "NoAUShutdownOption" = 1
    "NoAUAsDefaultShutdownOption" = 1
    "NoAutoUpdate" = 0
    "AUOptions" = 4
    "ScheduledInstallDay" = 0
    "ScheduledInstallTime" = 11
    "NoAutoRebootWithLoggedOnUsers" = 1
    "DetectionFrequencyEnabled" = 1
    "DetectionFrequency" = 22
    "AutoInstallMinorUpdates" = 1

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
  16. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the 1st part of the extra's log

    OTL Extras logfile created on: 8/6/2010 8:31:20 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\esti\Desktop
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 61.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 83.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.45 Gb Total Space | 42.22 Gb Free Space | 56.71% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive J: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
    Drive R: | 4.77 Gb Total Space | 4.31 Gb Free Space | 90.29% Space Free | Partition Type: NWFS
    Drive S: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
    Drive T: | 697.93 Gb Total Space | 135.11 Gb Free Space | 19.36% Space Free | Partition Type: NWFS
    Drive U: | 488.28 Mb Total Space | 498.96 Mb Free Space | 102.19% Space Free | Partition Type: NWFS
    Drive Z: | 19.47 Gb Total Space | 4.42 Gb Free Space | 22.68% Space Free | Partition Type: NWFS

    Computer Name: T7166417
    Current User Name: esti
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "FirewallOverride" = 0
    "AntiVirusOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
    "C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
    "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
    "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
    "C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Documents and Settings\esti\Application Data\mjusbsp\magicJack.exe" = C:\Documents and Settings\esti\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack -- (magicJack L.P.)
    "C:\Program Files\Logitech\Logitech Vid\Vid.exe" = C:\Program Files\Logitech\Logitech Vid\Vid.exe:*:Enabled:Logitech Vid -- (Logitech Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
    "{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1B2DBF55-05D4-4072-87D8-689141E262BD}" = Creative ZEN
    "{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
    "{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "{2CA41BA1-9842-4819-8ABB-76FDC14AB9EA}" = ATI Catalyst Control Center
    "{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{328C3AB0-0506-46C2-83BF-B517F4FF8D7F}" = GroupWise - VC8
    "{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
    "{39468292-5D68-4E93-9E09-5D9D5CA00E7A}" = FileOpen Client Installer
    "{3FC0833E-073C-4D5D-A046-74BC32358CB3}" = GroupWise Messenger
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
    "{51BA0AFE-6AA5-4B8C-8BA9-FA6AE5B1EEE0}" = Roxio Media Manager
    "{552DF2FD-B58A-4C4B-9E43-8C7AB944E788}" = ZENworks Desktop Management Agent
    "{56F3E1FF-54FE-4384-A153-6CCABA097814}" = Creative MediaSource
    "{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7E369B27-13E2-41A5-9879-358EE1C8B5AD}" = Broadcom Gigabit Integrated Controller
    "{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
  17. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the last part of the Extras log

    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
    "{8C4FAB89-43D3-4ECA-BE3F-AEEB9DE6ABFB}" = GroupWise
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{86BEE1F7-80E4-4046-BDAF-479E2C586CFC}" =
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_PROPLUS_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_PROPLUS_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_PROPLUS_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
    "{9B427732-573E-4E78-B6FA-AC3E5A218BA2}" = NMAS Client
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A7091E1D-36A4-47F1-A739-173CC341414F}" = Cisco Systems VPN Client 5.0.03.0560
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
    "{AC76BA86-1033-0000-7760-000000000004}{AC76BA86-1033-0000-7760-000000000004}" = Adobe Acrobat 9 Pro
    "{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
    "{AC96671C-2001-432C-9826-5266D84EF1DC}" = Logitech Webcam Software
    "{AF0821A0-D5D1-4F84-99DE-13777540EAE1}" = CounterSpy
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B9A5A789-D491-49FB-958C-BFEC2C11BB1D}" = NMAS Challenge Response Method
    "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
    "{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon Camera WIA Driver
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Live! 24-bit
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{DDCD95B5-7230-462F-9889-7EBBEE74123C}" = Microsoft Forefront Client Security Antimalware Service
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E6DE9A54-8514-446E-9D11-530DC599C355}" = Microsoft SharedView
    "{E8B56B38-A826-11DB-8C83-0011430C73A4}" = Microsoft Forefront Client Security State Assessment Service
    "{EFD2D476-2334-4AE3-90D0-A1179F2B58FF}" = Lectora Professional Publishing Suite
    "{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.3-1)
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F4134E7B-1C9D-46CB-867E-F73219C7AA4D}" = Identity Finder
    "{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Photoshop 7.0" = Adobe Photoshop 7.0
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Advanced SystemCare 3_is1" = Advanced SystemCare 3
    "All ATI Software" = ATI - Software Uninstall Utility
    "ATI Display Driver" = ATI Display Driver
    "AviSynth" = AviSynth 2.5
    "BlackBerry_{98DC111A-7C22-4C26-B2A1-E654264DAC1E}" = BlackBerry Desktop Software 4.7
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
    "CameraWindowLauncher" = Canon Utilities CameraWindow
    "CD Wave Editor_is1" = CD Wave Editor 1.98
    "CentraClient" = Centra Client
    "ClientAccessExpress" = IBM iSeries Access for Windows
    "Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)
    "CSCLIB" = Canon Camera Support Core Library
    "dBpoweramp Music Converter" = dBpoweramp Music Converter
    "DPP" = Canon Utilities Digital Photo Professional 3.4
    "EOS Utility" = Canon Utilities EOS Utility
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HitmanPro35" = Hitman Pro 3.5
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "ie8" = Windows Internet Explorer 8
    "InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
    "InstallShield_{BB3AB664-D92B-4CB5-8B3E-D841841F4E68}" = Canon EOS 5D WIA Driver
    "Lectora Enterprise Edition" = Lectora Enterprise Edition
    "LimeWire" = LimeWire PRO 5.1.1
    "lvdrivers_12.0" = Logitech Webcam Software Driver Package
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
    "MP3 To Ringtone Gold_is1" = MP3 To Ringtone Gold 8.0
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MyCamera" = Canon Utilities MyCamera
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "Novell Client for Windows" = Novell Client for Windows
    "Original Data Security Tools" = Canon Utilities Original Data Security Tools
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picture Style Editor" = Canon Utilities Picture Style Editor
    "Project Engine Personal_is1" = Project Engine Personal 2009:3
    "PROPLUS" = Microsoft Office Professional Plus 2007
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
    "SecondLife" = SecondLife (remove only)
    "Spyware Terminator_is1" = Spyware Terminator
    "SysInfo" = Creative System Information
    "Trojan Remover_is1" = Trojan Remover 6.8.2
    "uTorrent" = µTorrent
    "VLC media player" = VideoLAN VLC media player 0.8.5
    "WFTK" = Canon Utilities WFT-E1/E2/E3 Utility
    "WIC" = Windows Imaging Component
    "Winamp" = Winamp
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "WMS" = Windows NT Messaging
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
    "Yahoo! Messenger" = Yahoo! Messenger
    "ZENcast Organizer" = ZENcast Organizer
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
    "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "f031ef6ac137efc5" = Dell Driver Download Manager
    "Facebook Plug-In" = Facebook Plug-In
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 8/1/2010 4:50:36 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
    Description = Hanging application uTorrent.exe, version 2.0.2.19648, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 8/1/2010 8:00:32 PM | Computer Name = T7166417 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 8/1/2010 8:05:28 PM | Computer Name = T7166417 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The connection with the server was terminated abnormally

    Error - 8/3/2010 8:11:28 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
    Description = Hanging application Photoshop.exe, version 7.0.0.0, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/3/2010 10:04:14 PM | Computer Name = T7166417 | Source = Application Hang | ID = 1002
    Description = Hanging application grpwise.exe, version 7.0.3.1294, hang module hungapp,
    version 0.0.0.0, hang address 0x00000000.

    Error - 8/4/2010 11:44:23 AM | Computer Name = T7166417 | Source = Application Error | ID = 1000
    Description = Faulting application skype.exe, version 4.2.0.152, faulting module
    mrsystem.dll, version 12.0.1280.0, fault address 0x0011aba7.

    Error - 8/6/2010 5:21:05 PM | Computer Name = T7166417 | Source = FCSAMRtp | ID = 3003
    Description = %%830 Real-Time Protection checkpoint has encountered an error and
    failed. User: T7166417\esti Checkpoint ID: 1 Error Code: 0x80070005 Error description:
    Access is denied.

    Error - 8/6/2010 5:21:05 PM | Computer Name = T7166417 | Source = FCSAMRtp | ID = 3003
    Description = %%830 Real-Time Protection checkpoint has encountered an error and
    failed. User: T7166417\esti Checkpoint ID: 1 Error Code: 0x8000ffff Error description:
    Catastrophic failure

    [ OSession Events ]
    Error - 9/4/2009 5:36:28 PM | Computer Name = T7166417 | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
    12.0.6504.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 179363
    seconds with 2820 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 8/6/2010 5:02:46 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 8/6/2010 5:15:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 8/6/2010 5:15:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 8/6/2010 5:17:18 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 8/6/2010 5:19:23 PM | Computer Name = T7166417 | Source = FcsSas | ID = 141078
    Description = Forefront Client Security State Assessment Service policy applied
    with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter

    Error - 8/6/2010 6:24:58 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7034
    Description = The Process Monitor service terminated unexpectedly. It has done
    this 1 time(s).

    Error - 8/6/2010 10:19:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 8/6/2010 10:19:41 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher
    9 service to connect.

    Error - 8/6/2010 10:21:17 PM | Computer Name = T7166417 | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    Lbd

    Error - 8/6/2010 10:23:31 PM | Computer Name = T7166417 | Source = FcsSas | ID = 141078
    Description = Forefront Client Security State Assessment Service policy applied
    with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter


    < End of report >
  18. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    OTL logs look perfectly clean :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
  19. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Here is the security check

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 17
    Out of date Java installed!
    Adobe Flash Player 10.0.45.2
    Mozilla Firefox (3.6.8)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Windows Defender MSASCui.exe
    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Microsoft Forefront Client Security Client Antimalware\MsMpEng.exe
    Microsoft Forefront Client Security Client Antimalware\MSASCui.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  20. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    Someone is not following all of my instructions....hmmmm
    My previous reply asked for Java update and removal of old Javas.
  21. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    ooops sorry I missed that, will do that now
  22. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    I updated the java, and removed the old. Do I need another security check scan? I am currently doing the Kaspersky scan, will post shortly
  23. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    I believe you :)
  24. rockndad38

    rockndad38 Newcomer, in training Topic Starter Posts: 21

    Thanks, the Kaspersky scan is taking a while, I will post once it is done.
  25. Broni

    Broni Malware Annihilator Posts: 45,226   +243

    No worries :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.