TechSpot

"System Tool 2011" fake spyware program. cant run ANY mal/spyware programs

By NEWB023
Dec 11, 2010
  1. Hello
    Please help!

    my pc (vista home basic) has been utterly taken over!
    there is a new icon on my desktop "system tool 2011"
    my desktop wallpaper has been replaced with this fake warning screen
    wont let me run avg, spyware, or malware programs (id's them as "infected")
    wont let firefox onto the internet....
    HELP!!!
     
  2. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    maybe fixed? please advise...

    okay.. so i looked on the google and found some site (i dont have it handy cuz i was using my sister in laws laptop as my pc wouldnt access the internet OR run any programs.. this "system tool 2011" rouge is a nasty little piece of programming) with a 3 step removal that was basically:

    1) restart then (ctrl alt del) bring up the task manager (processes tab) before the "system tool" kicks in (u have about 30 seconds.. at least on my slow *** vista basic hahah) find the .exe with a random 10 digit name mine was something like Jx1gRts43o.exe but the task manager had it labeled as "System Tool" in the description field click it and "end process" act quickly.. i had to restart my pc twice before i could catch it LOL..

    2) TFC file cleaner

    3) MBAM quick scan

    since i have both those programs anyway (thanks to you guys!!!)
    i decided to try that "fix" and i am now back on my PC!.. on the interwebs and everything!!!!
    ive attached the hijack this log that i just did.. after the "fix"
    seems to be gone.. but am i in the clear?
    anything else on there i should be worried about?
    thanks in advance and sorry if i broke any protocols by posting a 3rd party "fix"...i am a newb after all and my wife is very impatient to watch scott pilgrim and our pc is our DVD player HAHHa

    [HJT log removed - Broni]
     
  3. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  4. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    Logs and a few questions...

    Malwarebytes' Anti-Malware 1.50
    www.malwarebytes.org

    Database version: 5302

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    12/12/2010 4:06:10 PM
    mbam-log-2010-12-12 (16-06-10).txt

    Scan type: Quick scan
    Objects scanned: 135467
    Time elapsed: 3 minute(s), 56 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ...
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-12-12 16:11:42
    Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 WDC_WD1600AAJS-00PSA0 rev.05.06H05
    Running: vzzu72tp.exe; Driver: C:\Users\RV\AppData\Local\Temp\pxldrpoc.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 60: copy of MBR

    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0x8B963B0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----

    ...
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by RV at 16:12:39.27 on Sun 12/12/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.300 [GMT -8:00]

    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Users\RV\Program Files\DNA\btdna.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\RV\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
    mURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
    BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
    TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
    uRun: [BitTorrent DNA] "c:\users\rv\program files\dna\btdna.exe"
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ContentTransferWMDetector.exe] c:\program files\sony\content transfer\ContentTransferWMDetector.exe
    mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
    mRun: [Linksys Wireless Manager] "c:\program files\linksys\linksys wireless manager\LinksysWirelessManager.exe" /cm /min /lcid 1033
    mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
    mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
    mRun: [RtHDVCpl] RtHDVCpl.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAA0ADcAMAA0ADAAMwA5ADcALQBLAFYAMwArADcALQBCAEEAKwAxAC0AWABMACsAMQAtAFQAMwAtAEYAUAA5ACsANgAtAFQAQgA5ACsAMgAtAEYATAArADkALQBGADkATQArADEALQBGADkATQA3AEEAKwA1AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwAzAA"&"prod=90"&"ver=9.0.872
    mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: igfxcui - igfxdev.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\rv\appdata\roaming\mozilla\firefox\profiles\3pjnb9is.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
    FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
    FF - component: c:\users\rv\appdata\roaming\mozilla\firefox\profiles\3pjnb9is.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
    FF - component: c:\users\rv\appdata\roaming\mozilla\firefox\profiles\3pjnb9is.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
    FF - plugin: c:\users\rv\appdata\roaming\mozilla\firefox\profiles\3pjnb9is.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\users\rv\program files\dna\plugins\npbtdna.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\checkpoint\zaforcefield\TrustChecker
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-4 64160]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-11 165584]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-11 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-12-11 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-2-18 1153368]
    R2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-9-26 37376]
    R3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\drivers\WUSB54GCv3.sys [2009-12-3 645120]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-7-25 136176]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-11 40384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-17 21504]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-6-17 21504]
    S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
    S3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\drivers\sustucam.sys [2009-9-22 47360]
    S3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\drivers\sustucap.sys [2009-9-22 47360]
    S3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\drivers\sustucau.sys [2009-9-22 28032]

    =============== Created Last 30 ================

    2010-12-11 12:54:40 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{18ac656c-f058-44a1-b046-358072d997b3}\mpengine.dll
    2010-12-11 11:48:42 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 11:38:22 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-11 11:34:56 -------- d-----w- c:\progra~2\Alwil Software
    2010-12-10 21:22:43 -------- d-----w- c:\progra~2\jJmHj05200

    ==================== Find3M ====================

    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 12:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll

    ============= FINISH: 16:14:07.19 ===============
    ...
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft® Windows Vista™ Home Basic
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/13/2007 7:53:06 PM
    System Uptime: 12/11/2010 9:27:39 AM (31 hours ago)

    Motherboard: ELITEGROUP | | 945GCT-M3
    Processor: Intel(R) Celeron(R) CPU 430 @ 1.80GHz | Socket 775 | 1799/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 139 GiB total, 6.761 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 4.553 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP1180: 12/11/2010 8:30:22 PM - Scheduled Checkpoint

    ==== Installed Programs ======================

    Ad-Aware
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 9 ActiveX
    Adobe Reader 8
    Adobe Shockwave Player 11.5
    Advertising Center
    AutoUpdate
    avast! Free Antivirus
    BitTorrent
    Browser Address Error Redirector
    CCleaner
    Chess-7 3.4
    Comical 0.8
    Content Transfer
    DataPilot
    Defraggler
    DivX Codec
    DivX Version Checker
    DivX Web Player
    DNA
    DolbyFiles
    DVD Suite
    eMachines Connect
    eMachines Recovery Center Installer
    FreeRIP v3.42
    Full Tilt Poker
    Google Earth Plug-in
    Google Update Helper
    HijackThis 2.0.2
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    ImagXpress
    Intel(R) Graphics Media Accelerator Driver
    Java Auto Updater
    Java(TM) 6 Update 22
    Linksys Wireless Manager
    Magic DVD Ripper V5.2.1 build 8
    Malwarebytes' Anti-Malware
    Menu Templates - Starter Kit
    Microsoft .NET Framework 3.5 SP1
    Microsoft Reader
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    Movie Templates - Starter Kit
    Mozilla Firefox (3.6.13)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero 9 Trial
    Nero BurnRights
    Nero ControlCenter
    Nero CoverDesigner
    Nero Disc Copy Gadget
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero PhotoSnap
    Nero Recode
    Nero Rescue Agent
    Nero ShowTime
    Nero StartSmart
    Nero Vision
    Nero WaveEditor
    NeroBurningROM
    NeroExpress
    neroxml
    NWZ-S540 WALKMAN Guide
    OGA Notifier 2.0.0048.0
    OpenOffice.org 3.1
    Peggle Deluxe
    Power2Go 5.0
    PowerDVD
    Pure Networks Platform
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Soft Data Fax Modem with SmartCP
    SoundTrax
    Spybot - Search & Destroy
    SUPERAntiSpyware Free Edition
    Susteen Launcher
    TuxGuitar
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC 9.0 Runtime
    VC80CRTRedist - 8.0.50727.4053
    VideoLAN VLC media player 0.8.6d
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    VUPlayer
    Windows Media Player Firefox Plugin
    WinMount V3.2.0624
    WinRAR archiver
    yBook
    ZoneAlarm
    ZoneAlarm Toolbar
    Zuma's Revenge!

    ==== Event Viewer Messages From Past Week ========

    12/7/2010 5:29:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
    12/6/2010 7:16:23 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
    12/6/2010 2:42:38 AM, Error: Service Control Manager [7022] - The Background Intelligent Transfer Service service hung on starting.
    12/11/2010 3:59:48 AM, Error: Service Control Manager [7022] - The TPM Base Services service hung on starting.
    12/11/2010 3:57:41 AM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
    12/11/2010 3:52:47 AM, Error: Service Control Manager [7000] - The MCSTRM service failed to start due to the following error: The system cannot find the file specified.
    12/11/2010 1:19:41 AM, Error: Service Control Manager [7000] - The Windows Media Player Network Sharing Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    12/11/2010 1:19:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Media Player Network Sharing Service service to connect.
    12/11/2010 1:14:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the CryptSvc service.
    12/11/2010 1:09:38 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    12/10/2010 8:41:31 PM, Error: Service Control Manager [7022] - The Google Update Service (gupdate) service hung on starting.
    12/10/2010 11:00:17 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 11:00:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    12/10/2010 11:00:14 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    12/10/2010 10:59:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    12/10/2010 10:59:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    12/10/2010 10:59:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    12/10/2010 10:59:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AvgLdx86 AvgMfx86 AvgTdiX DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Vsdatant Wanarpv6
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the Zone Alarm Firewall Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    12/10/2010 10:59:08 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

    ==== End Of File ===========================
    ...
    ok there is all 4 logs in order. first off... THANK YOU VERY VERY MUCH!!!!~!~!
    that you people do this to help newbs like me is just amazing!
    ok so a couple ?'s...
    in poking around here ive read a few posts that have made me question the freware programs i'm using... ive recently (just after my 'bug') switched from avg free to avast free.. was that wise? also, broni.. youve posted that spybot snd is out of date... here is a list of all the programs im using...
    zone alarm firewall
    avast anti virus
    mbam
    ad aware
    spybot
    super anti spyware
    and i use Ccleaner regularly b/c it makes my uber crappy vista basic run faster..
    what should i be using?
    obv.... i need to keep avast and zone alarm..
    but what other freewares should i be running periodically? and how often?
    any other tips?
    THANK YOU SO VERY VERY MUCH AGAIN !~!~!~!
    rob
     
  5. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're very welcome :)

    I'm not a big fan of AVG, so you made a good move by switching to Avast, which I actually use personally.

    Spybot and Ad-aware are tools of the past, so you can safely uninstall them.
    MBAM and Superantispyware are the current tools to use.
    CCleaner is fine, as long, as you don't touch registry part.

    Now....back to work :)

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ====================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AVG Remover to uninstall it: http://www.avg.com/us-en/download-tools
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  6. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    logs & a few questions... again!

    firstly.. thank you again!
    ok... i ran the mbr check.. then when i ran the combofix.. it ran mbr again..generated a second mbr log...also, when combofix was done there is now an internet explorer icon (the swirly blue "e") on my desktop... i dont usually use IE but i do have it for the odd website that doesnt work with firefox...also, when i tried to move the mbr and combo fix icons from my desktop to my "security" folder.. the combo fix icon wont move? should i delete?
    here is both mbr logs and the CF log:
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Basic Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: ELITEGROUP
    BIOS Manufacturer: 945GCT-M3
    System Manufacturer: EMACHINES
    System Product Name: T3640
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 152):
    0x82833000 \SystemRoot\system32\ntkrnlpa.exe
    0x82800000 \SystemRoot\system32\hal.dll
    0x80402000 \SystemRoot\system32\kdcom.dll
    0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80479000 \SystemRoot\system32\PSHED.dll
    0x8048A000 \SystemRoot\system32\BOOTVID.dll
    0x80492000 \SystemRoot\system32\CLFS.SYS
    0x804D3000 \SystemRoot\system32\CI.dll
    0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80691000 \SystemRoot\system32\drivers\acpi.sys
    0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E8000 \SystemRoot\system32\drivers\pci.sys
    0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
    0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
    0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80784000 \SystemRoot\system32\drivers\intelide.sys
    0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80799000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x807A0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807B0000 \SystemRoot\system32\drivers\atapi.sys
    0x807B8000 \SystemRoot\system32\drivers\ataport.SYS
    0x805B3000 \SystemRoot\system32\drivers\fltmgr.sys
    0x807D6000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82E02000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82E73000 \SystemRoot\system32\drivers\ndis.sys
    0x82F7E000 \SystemRoot\system32\drivers\msrpc.sys
    0x82FA9000 \SystemRoot\system32\drivers\NETIO.SYS
    0x86801000 \SystemRoot\System32\drivers\tcpip.sys
    0x868EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x86A08000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x86B18000 \SystemRoot\system32\drivers\volsnap.sys
    0x86B51000 \SystemRoot\System32\Drivers\spldr.sys
    0x86B59000 \SystemRoot\System32\Drivers\mup.sys
    0x86B68000 \SystemRoot\System32\drivers\ecache.sys
    0x86B8F000 \SystemRoot\system32\drivers\disk.sys
    0x86BA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x86BC1000 \SystemRoot\system32\drivers\crcdisk.sys
    0x86BEA000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x86909000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8A601000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8ACBC000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8AD5D000 \SystemRoot\System32\drivers\watchdog.sys
    0x8AD69000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x86BF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x86918000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x86956000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x86965000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0x869B1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8AE08000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8AF0B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8AFC0000 \SystemRoot\system32\drivers\modem.sys
    0x8AFCD000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0x8AFDE000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8ADF6000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x869DB000 \SystemRoot\system32\DRIVERS\parport.sys
    0x82FE4000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x869F3000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x807E6000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8B20F000 \SystemRoot\system32\DRIVERS\msiscsi.sys
    0x8B23E000 \SystemRoot\system32\DRIVERS\storport.sys
    0x8B27F000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8B28A000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8B2A1000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8B2AC000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8B2CF000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8B2DE000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8B2F2000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8B307000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8B317000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8B322000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8B324000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8B32E000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8B33B000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8B370000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8B406000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x8B5B5000 \SystemRoot\system32\drivers\portcls.sys
    0x8B381000 \SystemRoot\system32\drivers\drmk.sys
    0x8B5E2000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0x8B5EB000 \SystemRoot\System32\Drivers\Null.SYS
    0x8B5F2000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8B3A6000 \SystemRoot\System32\drivers\vga.sys
    0x8B3B2000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8B3D3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8B3DB000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8B3E3000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8B3EE000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8B200000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0x805E5000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8B601000 \SystemRoot\system32\DRIVERS\WUSB54GCv3.sys
    0x8B6A6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8B6A8000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x8B6B1000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8B6C1000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x8B6C8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x8B6D0000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x8B6DA000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8B70C000 \SystemRoot\system32\DRIVERS\smb.sys
    0x8B720000 \SystemRoot\system32\drivers\afd.sys
    0x8B768000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x8B76D000 \SystemRoot\system32\DRIVERS\vsdatant.sys
    0x8BA05000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8BA1B000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8BA29000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8BA3C000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
    0x8BA61000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
    0x8BA67000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8BAA3000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8BAAD000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8BAC4000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x8BAEB000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8BAF8000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8BB03000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x94CA0000 \SystemRoot\System32\win32k.sys
    0x8BB0B000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8BB15000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x94EC0000 \SystemRoot\System32\TSDDD.dll
    0x94EE0000 \SystemRoot\System32\cdd.dll
    0x8BB24000 \SystemRoot\system32\drivers\luafv.sys
    0x8BB3F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x8BB76000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x8BB81000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8BB91000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8BBBB000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8BBC5000 \SystemRoot\system32\DRIVERS\pnarp.sys
    0x8BBCF000 \SystemRoot\system32\DRIVERS\purendis.sys
    0x8BBD9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0xA760D000 \SystemRoot\system32\drivers\spsys.sys
    0xA76BD000 \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
    0xA76C5000 \SystemRoot\system32\drivers\HTTP.sys
    0xA7732000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0xA774F000 \SystemRoot\system32\DRIVERS\bowser.sys
    0xA7768000 \SystemRoot\System32\drivers\mpsdrv.sys
    0xA777D000 \SystemRoot\system32\drivers\mrxdav.sys
    0xA779E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA77BD000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x86BCA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0xAEA02000 \SystemRoot\System32\DRIVERS\srv2.sys
    0xAEA2A000 \SystemRoot\System32\DRIVERS\srv.sys
    0xAEA78000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0xAEA7F000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xAEA83000 \SystemRoot\system32\drivers\peauth.sys
    0xAEB61000 \SystemRoot\System32\Drivers\secdrv.SYS
    0xAEB6B000 \SystemRoot\System32\drivers\tcpipreg.sys
    0xAEB77000 \??\C:\Windows\system32\drivers\WMDrive.sys
    0xAEB81000 \SystemRoot\system32\DRIVERS\udfs.sys
    0xAEBBC000 \SystemRoot\system32\DRIVERS\xaudio.sys
    0xAEBC4000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x77CF0000 \Windows\System32\ntdll.dll

    Processes (total 59):
    0 System Idle Process
    4 System
    436 C:\Windows\System32\smss.exe
    504 csrss.exe
    548 C:\Windows\System32\wininit.exe
    556 csrss.exe
    604 C:\Windows\System32\winlogon.exe
    632 C:\Windows\System32\services.exe
    652 C:\Windows\System32\lsass.exe
    660 C:\Windows\System32\lsm.exe
    812 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    1044 C:\Windows\System32\svchost.exe
    1080 C:\Windows\System32\svchost.exe
    1096 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\audiodg.exe
    1188 C:\Windows\System32\svchost.exe
    1208 C:\Windows\System32\SLsvc.exe
    1232 C:\Windows\System32\svchost.exe
    1408 C:\Windows\System32\svchost.exe
    1512 C:\Windows\System32\ZoneLabs\vsmon.exe
    1848 C:\Windows\System32\dwm.exe
    1872 C:\Windows\explorer.exe
    1996 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    2016 C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    712 C:\Windows\System32\spoolsv.exe
    1800 C:\Windows\System32\svchost.exe
    304 C:\Windows\System32\taskeng.exe
    804 C:\Windows\System32\taskeng.exe
    2240 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    2392 C:\Windows\System32\svchost.exe
    2432 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    2452 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    2492 C:\Windows\System32\svchost.exe
    2536 C:\Windows\System32\svchost.exe
    2608 C:\Windows\System32\SearchIndexer.exe
    2656 C:\Windows\System32\drivers\XAudio.exe
    2688 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    3788 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    3796 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    3812 C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    3848 C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    3856 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    3876 C:\Windows\System32\igfxpers.exe
    3884 C:\Windows\System32\hkcmd.exe
    3920 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    3928 C:\Windows\RtHDVCpl.exe
    3936 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3952 C:\Users\RV\Program Files\DNA\btdna.exe
    4004 C:\Windows\System32\igfxsrvc.exe
    2056 C:\Program Files\Windows Media Player\wmpnscfg.exe
    2160 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2076 C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    3472 C:\Windows\servicing\TrustedInstaller.exe
    1144 C:\Windows\System32\SearchProtocolHost.exe
    2100 C:\Windows\System32\SearchFilterHost.exe
    3716 C:\Users\RV\Desktop\MBRCheck.exe
    3348 C:\Windows\System32\consent.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`97d19400 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600AAJS-00PSA0, Rev: 05.06H05

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
    SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


    Done!
    ...
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows Vista Home Basic Edition
    Windows Information: Service Pack 2 (build 6002), 32-bit
    Base Board Manufacturer: ELITEGROUP
    BIOS Manufacturer: 945GCT-M3
    System Manufacturer: EMACHINES
    System Product Name: T3640
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 152):
    0x82833000 \SystemRoot\system32\ntkrnlpa.exe
    0x82800000 \SystemRoot\system32\hal.dll
    0x80402000 \SystemRoot\system32\kdcom.dll
    0x80409000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x80479000 \SystemRoot\system32\PSHED.dll
    0x8048A000 \SystemRoot\system32\BOOTVID.dll
    0x80492000 \SystemRoot\system32\CLFS.SYS
    0x804D3000 \SystemRoot\system32\CI.dll
    0x80608000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x80684000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x80691000 \SystemRoot\system32\drivers\acpi.sys
    0x806D7000 \SystemRoot\system32\drivers\WMILIB.SYS
    0x806E0000 \SystemRoot\system32\drivers\msisadrv.sys
    0x806E8000 \SystemRoot\system32\drivers\pci.sys
    0x8070F000 \SystemRoot\System32\drivers\partmgr.sys
    0x8071E000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x80721000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x8072B000 \SystemRoot\system32\drivers\volmgr.sys
    0x8073A000 \SystemRoot\System32\drivers\volmgrx.sys
    0x80784000 \SystemRoot\system32\drivers\intelide.sys
    0x8078B000 \SystemRoot\system32\drivers\PCIIDEX.SYS
    0x80799000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x807A0000 \SystemRoot\System32\drivers\mountmgr.sys
    0x807B0000 \SystemRoot\system32\drivers\atapi.sys
    0x807B8000 \SystemRoot\system32\drivers\ataport.SYS
    0x805B3000 \SystemRoot\system32\drivers\fltmgr.sys
    0x807D6000 \SystemRoot\system32\drivers\fileinfo.sys
    0x82E02000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x82E73000 \SystemRoot\system32\drivers\ndis.sys
    0x82F7E000 \SystemRoot\system32\drivers\msrpc.sys
    0x82FA9000 \SystemRoot\system32\drivers\NETIO.SYS
    0x86801000 \SystemRoot\System32\drivers\tcpip.sys
    0x868EE000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x86A08000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x86B18000 \SystemRoot\system32\drivers\volsnap.sys
    0x86B51000 \SystemRoot\System32\Drivers\spldr.sys
    0x86B59000 \SystemRoot\System32\Drivers\mup.sys
    0x86B68000 \SystemRoot\System32\drivers\ecache.sys
    0x86B8F000 \SystemRoot\system32\drivers\disk.sys
    0x86BA0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x86BC1000 \SystemRoot\system32\drivers\crcdisk.sys
    0x86BEA000 \SystemRoot\system32\DRIVERS\tunmp.sys
    0x86909000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8A601000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
    0x8ACBC000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x8AD5D000 \SystemRoot\System32\drivers\watchdog.sys
    0x8AD69000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x86BF3000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x86918000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x86956000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x86965000 \SystemRoot\system32\DRIVERS\HSXHWBS2.sys
    0x869B1000 \SystemRoot\system32\DRIVERS\ks.sys
    0x8AE08000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
    0x8AF0B000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
    0x8AFC0000 \SystemRoot\system32\drivers\modem.sys
    0x8AFCD000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0x8AFDE000

    note: this is the second mbr log that popped up when i ran combofix..seems incomplete?

    ...
    ComboFix 10-12-12.03 - RV 12/13/2010 4:16.1.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.317 [GMT -8:00]
    Running from: c:\users\RV\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\RV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
    c:\windows\system32\Chip.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-13 to 2010-12-13 )))))))))))))))))))))))))))))))
    .

    2010-12-13 12:27 . 2010-12-13 12:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-11 12:54 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18AC656C-F058-44A1-B046-358072D997B3}\mpengine.dll
    2010-12-11 11:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 11:38 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-11 11:38 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-11 11:38 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-11 11:38 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-11 11:38 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-11 11:35 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-11 11:34 . 2010-12-11 11:34 -------- d-----w- c:\programdata\Alwil Software
    2010-12-11 11:34 . 2010-12-11 11:34 -------- d-----w- c:\program files\Alwil Software
    2010-12-10 21:22 . 2010-12-11 13:41 -------- d-----w- c:\programdata\jJmHj05200

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:42 . 2009-06-23 06:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-30 01:42 . 2009-06-23 06:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 18:41 . 2009-10-02 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 12:50 . 2010-09-05 21:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    2010-05-09 18:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\users\RV\Program Files\DNA\btdna.exe" [2009-10-06 323392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http:" [X]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-11-30 01:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-11-30 01:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 136176]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
    R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [2009-11-25 47360]
    R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys [2009-11-25 47360]
    R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys [2009-11-25 28032]
    R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
    S2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-09-27 37376]
    S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 645120]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 19:36]

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 19:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    FF - ProfilePath - c:\users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-13 04:27
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3873a1a9-b85d-429b-983e-e26abdac5af9}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0e020054
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{71559047-6a70-463d-9522-27b917a40819}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c001921
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8063b8bf-e98a-4896-b59a-0ac70752649b}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:07001422
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba9e677f-0ef8-4bb2-a3e5-3ba5c63d1e87}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:06001422
    "Dhcpv6State"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{d2435eb7-8f90-4b4c-8879-4b6f18fffb22}]
    @DACL=(02 0000)
    "Dhcpv6Iaid"=dword:0c00e0b8
    "Dhcpv6State"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(652)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2010-12-13 04:32:46
    ComboFix-quarantined-files.txt 2010-12-13 12:32

    Pre-Run: 7,817,650,176 bytes free
    Post-Run: 7,652,052,992 bytes free

    - - End Of File - - EEDD7607C908E0A0A66AD7E0FC46701B
    ...
    thank you oh wise mountaintop master!
    ~rob
     
  7. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    oh and.....

    one thing you mentioned earlier...
    ive ran the registry cleaner on Ccleaner several times and had it "fix" all the reg errors it found.... i assume i should not do this any more?
    thanks again!~!
    r
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's correct.

    1st MBRCheck log is complete and it looks fine :)

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    Folder::
    c:\programdata\jJmHj05200
    
    Registry::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=-
    "FirewallOverride"=-
    
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  9. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    new CF log

    ComboFix 10-12-13.02 - RV 12/13/2010 17:00:59.2.1 - x86
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1015.367 [GMT -8:00]
    Running from: c:\users\RV\Desktop\ComboFix.exe
    Command switches used :: c:\users\RV\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
    FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
    SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\programdata\jJmHj05200
    c:\programdata\jJmHj05200\jJmHj05200

    .
    ((((((((((((((((((((((((( Files Created from 2010-11-14 to 2010-12-14 )))))))))))))))))))))))))))))))
    .

    2010-12-14 01:12 . 2010-12-14 01:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-12-11 12:54 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{18AC656C-F058-44A1-B046-358072D997B3}\mpengine.dll
    2010-12-11 11:48 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
    2010-12-11 11:38 . 2010-09-07 15:52 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-12-11 11:38 . 2010-09-07 15:47 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-12-11 11:38 . 2010-09-07 15:47 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-12-11 11:38 . 2010-09-07 15:52 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-12-11 11:38 . 2010-09-07 15:47 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-12-11 11:35 . 2010-09-07 16:11 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-12-11 11:34 . 2010-12-11 11:34 -------- d-----w- c:\programdata\Alwil Software
    2010-12-11 11:34 . 2010-12-11 11:34 -------- d-----w- c:\program files\Alwil Software

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-30 01:42 . 2009-06-23 06:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-11-30 01:42 . 2009-06-23 06:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 18:41 . 2009-10-02 16:45 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-09-15 12:50 . 2010-09-05 21:28 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]
    2010-05-09 18:50 2517088 ----a-w- c:\program files\ZoneAlarm\tbZone.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD}"= "c:\program files\ZoneAlarm\tbZone.dll" [2010-05-09 2517088]

    [HKEY_CLASSES_ROOT\clsid\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"="c:\users\RV\Program Files\DNA\btdna.exe" [2009-10-06 323392]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "ContentTransferWMDetector.exe"="c:\program files\Sony\Content Transfer\ContentTransferWMDetector.exe" [2009-07-30 497000]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-05-26 730600]
    "Linksys Wireless Manager"="c:\program files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-02-16 1358384]
    "nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-13 642856]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
    "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-06 54832]
    "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-07 69216]
    "RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2010-11-30 01:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]
    2010-11-30 01:42 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 136176]
    R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2008-01-19 21504]
    R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-05-26 7408]
    R3 SUSTUCAM;Susteen USB Cable Modem Driver;c:\windows\system32\DRIVERS\sustucam.sys [2009-11-25 47360]
    R3 SUSTUCAP;Susteen USB Cable Port Driver;c:\windows\system32\DRIVERS\sustucap.sys [2009-11-25 47360]
    R3 SUSTUCAU;Susteen USB Cable USB Driver;c:\windows\system32\DRIVERS\sustucau.sys [2009-11-25 28032]
    R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
    S1 aswSP;aswSP; [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-05-26 9968]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-05-26 72944]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-05-26 26352]
    S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-05-26 493032]
    S2 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2009-09-27 37376]
    S3 WUSB54GCv3;Compact Wireless-G USB Network Adapter;c:\windows\system32\DRIVERS\WUSB54GCv3.sys [2008-12-04 645120]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-12-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 19:36]

    2010-12-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-25 19:36]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    FF - ProfilePath - c:\users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: ZoneAlarm Security Engine: {FFB96CC1-7EB3-449D-B827-DB661701C6BB} - c:\program files\CheckPoint\ZAForceField\TrustChecker
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - %profile%\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-12-13 17:12
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(628)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    .
    Completion time: 2010-12-13 17:17:11
    ComboFix-quarantined-files.txt 2010-12-14 01:17
    ComboFix2.txt 2010-12-13 12:32

    Pre-Run: 8,230,068,224 bytes free
    Post-Run: 8,189,943,808 bytes free

    - - End Of File - - AF4D171E60E4FA91E233D85B8A4D8741

    thanks yet again!
    R :)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Looks good :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    another "oh and..."

    so i was wondering... i had ad aware and spybot s/d running.. i dunno 'real time' protection? well anyway they were running in the toolbar like down by the clock... so i uninstalled them per your suggestion... so i reconfigure or redownload mbam or superantispyware to be running so called 'real time' style? right now all i have running in my toolbar is zone alarm and avast (which is nice my vista is loading MUCH faster now) is that ok?
    and.. im sure you planned on covering this but since im on the subject...
    i should be updating and running a full scan with avast, mbam, and super anti/spy like what.... weekly...?
    thanks again for all youve done/are doing!
    r
     
  12. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're welcome :)
    Avast and ZA are good enough.
    Basically, there is no reason to run Avast full scan, since it runs in real time, unless, you feel like there is something wrong with your computer.
    MBAM and Super don't run in real time (free versions), so run MBAM "Quick scan" weekly and Super, when you have more time. MBAM only should be good enough.
     
  13. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    otl logs pt 1

    ok i ran OTL once and the window froze and said "not responding" so i closed it and pasted the thingy(script?) in the custom window and ran it again... it seemed to hang again but i jsut waited and after it said 'not responding for about 10 mins it kicked over and finished and popped out the two logs... dunno if this is significant or just wonderfull wonderfull vista basic.
    but since you asked earlier the PC is actually running really well.
    startup is much easier with 2 less programs running... will def not touch the registry cleaner function on cclnr... seemed a no brainer tho.. ya know? "registry errors" why wouldnt i "fix" them? LOL! but.. i defer to those in the know!
    thanks!~!
    r




    OTL logfile created on: 12/13/2010 5:57:15 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\RV\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.68 Gb Total Space | 7.35 Gb Free Space | 5.30% Space Free | Partition Type: NTFS
    Drive D: | 10.37 Gb Total Space | 4.55 Gb Free Space | 43.89% Space Free | Partition Type: NTFS

    Computer Name: RV-PC | User Name: RV | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/12/13 17:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\RV\Desktop\OTL.exe
    PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
    PRC - [2010/06/23 12:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/05/26 05:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2010/05/26 05:35:14 | 000,730,600 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2009/10/06 13:41:50 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Users\RV\Program Files\DNA\btdna.exe
    PRC - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/07/30 15:05:58 | 000,497,000 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe
    PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/16 01:44:55 | 001,358,384 | R--- | M] (Linksys, LLC) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2007/12/13 21:59:57 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2007/04/23 13:51:42 | 004,435,968 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/12/13 17:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\RV\Desktop\OTL.exe
    MOD - [2010/08/31 07:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
    MOD - [2010/05/26 05:35:24 | 000,640,488 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    MOD - [2009/10/23 16:46:41 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
    MOD - [2009/10/23 16:46:41 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcp80.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/09/01 14:52:56 | 000,066,112 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/06/23 12:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/05/26 05:35:18 | 000,493,032 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
    SRV - [2009/09/24 17:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/09/23 12:38:18 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2008/12/12 18:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2008/01/18 23:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/12/13 21:59:57 | 000,065,536 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2005/11/14 00:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsdatant.win7.sys -- (vsdatant7)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIMMP)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\SymIM.sys -- (SymIM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lvuvc.sys -- (LVUVC) QuickCam Orbit/Sphere AF(UVC)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lvselsus.sys -- (lvselsus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lvrs.sys -- (LVRS)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\lvpopflt.sys -- (lvpopflt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\RV\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/09/07 07:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 07:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 07:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 07:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 07:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/05/26 05:35:10 | 000,026,352 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
    DRV - [2010/05/15 15:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
    DRV - [2009/11/25 10:06:44 | 000,028,032 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucau.sys -- (SUSTUCAU)
    DRV - [2009/11/25 10:06:43 | 000,047,360 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucap.sys -- (SUSTUCAP)
    DRV - [2009/11/25 10:06:43 | 000,047,360 | ---- | M] (Susteen, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sustucam.sys -- (SUSTUCAM)
    DRV - [2009/09/26 18:54:49 | 000,037,376 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\WMDrive.sys -- (WMDrive)
    DRV - [2009/05/26 09:05:56 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
    DRV - [2009/05/26 09:05:54 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
    DRV - [2009/05/26 09:05:52 | 000,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2008/12/12 18:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2008/12/12 18:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2008/12/04 05:17:15 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WUSB54GCv3.sys -- (WUSB54GCv3)
    DRV - [2008/06/18 07:49:16 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
    DRV - [2008/02/13 04:04:12 | 000,051,200 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2008/02/11 18:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
    DRV - [2008/01/18 21:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2007/06/29 09:11:02 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2007/06/20 03:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
    DRV - [2007/06/20 03:28:38 | 000,267,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
    DRV - [2007/06/20 03:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
    DRV - [2007/04/23 16:13:22 | 001,769,952 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2006/11/02 01:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 01:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 01:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 01:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 01:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 01:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 01:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 01:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 01:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 01:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 01:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 01:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 01:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 01:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 01:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 01:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 01:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 01:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 01:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 01:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 01:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 01:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 01:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 01:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 01:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 01:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 01:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 01:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 01:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 01:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 01:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 01:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 01:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 01:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 00:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 00:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 00:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 00:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 00:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 00:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/01 23:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/01 23:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/01 23:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
    DRV - [2006/11/01 23:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKLM\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
    FF - prefs.js..extensions.enabledItems: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd}:2.7.2.0
    FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.227.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="

    FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/22 15:35:46 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/10 09:43:42 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/10 09:43:42 | 000,000,000 | ---D | M]

    [2009/02/01 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\Mozilla\Extensions
    [2009/02/01 20:23:36 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/12/13 08:42:46 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\extensions
    [2010/04/26 23:26:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/08/19 01:33:42 | 000,000,000 | ---D | M] (ZoneAlarm Toolbar) -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}
    [2010/09/17 12:41:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2010/12/09 04:52:57 | 000,000,950 | ---- | M] () -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\searchplugins\icqplugin-1.xml
    [2008/11/16 01:52:21 | 000,000,950 | ---- | M] () -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\searchplugins\icqplugin-2.xml
    [2009/02/01 21:35:11 | 000,000,950 | ---- | M] () -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\searchplugins\icqplugin-3.xml
    [2008/07/10 12:58:44 | 000,000,944 | ---- | M] () -- C:\Users\RV\AppData\Roaming\Mozilla\Firefox\Profiles\3pjnb9is.default\searchplugins\icqplugin.xml
    [2010/11/09 06:19:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/10/03 16:17:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2010/09/05 13:28:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/11/09 06:19:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2008/09/03 16:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2010/12/13 17:12:04 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {66F2E20D-0DA8-4C11-A9C8-DD8477B88ACD} - C:\Program Files\ZoneAlarm\tbZone.dll (Conduit Ltd.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()
    O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Linksys, LLC)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\RV\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
    O4 - HKLM..\RunOnce: [Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\RV\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\RV\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: vidc.i420 - lvcodec2.dll File not found
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/12/13 17:39:06 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\RV\Desktop\OTL.exe
    [2010/12/13 17:17:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/12/13 16:56:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/12/13 04:12:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/12/13 04:12:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/12/13 04:12:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/12/13 04:12:37 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/12/13 04:11:03 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/12/11 03:48:42 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/12/11 03:38:30 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/12/11 03:38:30 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/12/11 03:38:27 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/12/11 03:38:25 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/12/11 03:38:22 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/12/11 03:35:21 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/12/11 03:34:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
    [2010/12/11 03:34:56 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software

    ========== Files - Modified Within 30 Days ==========

    [2010/12/13 17:50:10 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/12/13 17:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\RV\Desktop\OTL.exe
    [2010/12/13 17:21:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/12/13 17:21:29 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/12/13 17:21:27 | 000,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/12/13 17:21:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/12/13 17:20:59 | 1064,886,272 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/13 17:12:04 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/12/13 16:56:16 | 003,989,182 | R--- | M] () -- C:\Users\RV\Desktop\ComboFix.exe
    [2010/12/11 06:09:05 | 000,190,464 | ---- | M] () -- C:\Users\RV\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/12/11 03:48:43 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/12/11 03:14:46 | 000,000,000 | ---- | M] () -- C:\Users\RV\AppData\Local\prvlcl.dat
    [2010/12/06 14:06:35 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
    [2010/12/06 14:06:35 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
    [2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/11/26 19:32:58 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/26 19:32:58 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat

    ========== Files Created - No Company Name ==========

    [2010/12/13 04:12:59 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/12/13 04:12:59 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/12/13 04:12:59 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/12/13 04:12:59 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/12/13 04:12:59 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/12/13 04:04:32 | 003,989,182 | R--- | C] () -- C:\Users\RV\Desktop\ComboFix.exe
    [2010/12/11 01:09:31 | 1064,886,272 | -HS- | C] () -- C:\hiberfil.sys
    [2010/07/02 23:57:16 | 000,000,059 | ---- | C] () -- C:\Windows\LTDLG13N.INI
    [2010/04/30 13:19:26 | 000,000,204 | ---- | C] () -- C:\Users\RV\AppData\Roaming\default.rss
    [2010/04/09 19:00:02 | 000,870,128 | ---- | C] () -- C:\Users\RV\AppData\Roaming\mcs.rma
    [2010/04/09 19:00:02 | 000,000,004 | ---- | C] () -- C:\Users\RV\AppData\Roaming\769B2F
    [2010/01/25 07:31:53 | 000,000,000 | ---- | C] () -- C:\Users\RV\AppData\Local\prvlcl.dat
    [2009/10/20 14:51:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/09/26 18:54:49 | 000,037,376 | ---- | C] () -- C:\Windows\System32\drivers\WMDrive.sys
    [2009/09/16 17:31:30 | 000,000,052 | ---- | C] () -- C:\Windows\Blink.ini
    [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
    [2008/10/07 19:44:58 | 000,000,150 | ---- | C] () -- C:\Windows\Irremote.ini
    [2008/09/20 15:33:12 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2008/09/19 13:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
    [2008/07/31 08:16:34 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/06/16 21:54:10 | 000,408,576 | ---- | C] () -- C:\Windows\System32\Smab.dll
    [2008/06/16 21:54:09 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
    [2008/03/18 21:33:28 | 000,190,464 | ---- | C] () -- C:\Users\RV\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2007/12/13 19:37:03 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
    [2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2001/12/03 15:50:58 | 000,147,456 | R--- | C] () -- C:\Windows\System32\LTTLS13N.DLL
    [2001/12/03 15:50:20 | 000,708,608 | R--- | C] () -- C:\Windows\System32\LTCRY13N.DLL
    [2000/07/07 05:49:30 | 000,069,120 | R--- | C] () -- C:\Windows\System32\LTDLL.DLL
    [2000/04/12 15:28:12 | 000,118,784 | R--- | C] () -- C:\Windows\System32\LFKODAK.DLL
    [2000/04/12 15:24:10 | 000,338,944 | R--- | C] () -- C:\Windows\System32\LFFPX7.DLL

    ========== LOP Check ==========

    [2010/12/12 15:13:36 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\BitTorrent
    [2010/07/01 20:33:40 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\CheckPoint
    [2010/12/13 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\DNA
    [2008/02/24 12:35:22 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\funkitron
    [2008/08/29 17:54:27 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\ICQ
    [2010/01/25 00:07:06 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\OpenOffice.org
    [2008/11/02 13:49:17 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\Sony
    [2008/11/11 17:29:51 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\Template
    [2010/12/06 06:26:38 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\VUPlayer
    [2010/10/21 19:39:15 | 000,000,000 | ---D | M] -- C:\Users\RV\AppData\Roaming\WinMount
    [2010/12/13 17:19:55 | 000,032,574 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/12/12 16:18:07 | 000,114,394 | ---- | M] () -- C:\aaw7boot.log
    [2006/09/18 13:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2009/04/10 22:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2006/11/17 10:22:15 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2010/12/13 17:17:12 | 000,012,761 | ---- | M] () -- C:\ComboFix.txt
    [2006/09/18 13:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/12/13 17:20:59 | 1064,886,272 | -HS- | M] () -- C:\hiberfil.sys
    [2009/12/20 05:48:26 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/07/04 19:47:13 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
    [2009/12/20 05:48:26 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2008/02/18 17:18:09 | 000,000,763 | ---- | M] () -- C:\net_save.dna
    [2010/12/13 17:20:57 | 1378,697,216 | -HS- | M] () -- C:\pagefile.sys
    [2007/12/13 20:10:43 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
    [2007/12/13 20:05:34 | 000,000,420 | ---- | M] () -- C:\RHDSetup.log

    < %systemroot%\Fonts\*.com >
    [2006/11/02 04:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 04:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 04:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/10/20 15:26:34 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 13:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 08:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/08/05 11:30:07 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 02:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 02:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 02:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 02:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2008/02/28 13:01:24 | 000,774,144 | ---- | M] () -- C:\Windows\System32\NEROINSTAEC43759.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/05/28 22:12:19 | 000,000,286 | -HS- | M] () -- C:\Users\RV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/12/13 16:56:16 | 003,989,182 | R--- | M] () -- C:\Users\RV\Desktop\ComboFix.exe
    [2010/12/13 17:39:11 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\RV\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2009/10/20 15:48:01 | 000,008,192 | ---- | M] () -- C:\Windows\security\database\edb.chk
    [2009/10/20 15:47:30 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edb.log
    [2008/08/05 11:23:53 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00001.jrs
    [2008/08/05 11:23:53 | 001,048,576 | ---- | M] () -- C:\Windows\security\database\edbres00002.jrs
    [2009/10/20 15:47:30 | 001,056,768 | ---- | M] () -- C:\Windows\security\database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  14. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    otl extras log

    ...
    OTL Extras logfile created on: 12/13/2010 5:57:15 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\RV\Desktop
    Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18975)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,015.00 Mb Total Physical Memory | 247.00 Mb Available Physical Memory | 24.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 58.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 138.68 Gb Total Space | 7.35 Gb Free Space | 5.30% Space Free | Partition Type: NTFS
    Drive D: | 10.37 Gb Total Space | 4.55 Gb Free Space | 43.89% Space Free | Partition Type: NTFS

    Computer Name: RV-PC | User Name: RV | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 1
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 1
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "VistaSp2" = Reg Error: Unknown registry data type -- File not found

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0088A9CC-C754-4516-9189-BBBF10458DFB}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "{036A7CE9-F758-472D-841E-F476246E4700}" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{248C63FB-C5D7-45CF-A924-37DD237B4ED9}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{274E16C3-313A-4B9B-B489-525704D543CA}" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{2A6C8295-21BA-44AF-A860-0B3CBAAC6B38}" = protocol=17 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{2ABBC278-EC54-4DD5-89DC-7A1314D5A0CF}" = protocol=6 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{2C00C199-F916-4E41-9096-0C6C1C2E90AF}" = protocol=6 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
    "{2E0AEDCA-27D1-4FDE-A9FA-ADA0874B2CA1}" = protocol=6 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{5B94D2BF-5592-47F6-9338-2CC7EC49CD96}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{5E266D0B-9D4B-4FFF-9F8E-34059F79DA32}" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
    "{83BF1B82-E153-4250-9E48-C2AB5E5ACD38}" = dir=in | app=c:\program files\avg\avg8\avgemc.exe |
    "{855CC5E3-E2D9-4C59-882A-7B60C86778D8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{8B738372-ECEC-4A32-A416-B61C73A8C1B8}" = protocol=17 | dir=in | app=c:\program files\spybot - search & destroy\spybotsd.exe |
    "{A68DE6A9-F619-45BB-ABA1-DE37C509BE37}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe |
    "{D10F5526-77BD-483C-A887-EA821FE59012}" = dir=in | app=c:\program files\avg\avg8\avgnsx.exe |
    "{D2F2B17B-C01B-4C5C-B96F-AEEDD097E532}" = protocol=17 | dir=in | app=c:\program files\pokerstars\pokerstarsupdate.exe |
    "{D503E859-8CA9-4962-AE12-38F5334207F3}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
    "{DD7AE5BD-FA31-4831-A493-38B64BF1B1D8}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
    "{F064E149-7375-42EF-B855-EDEF277D406D}" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
    "{FBB738AE-C51C-448A-AA43-65F7B4EA7C56}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "TCP Query User{0BB09FFE-AF76-4BBB-BCC4-C24B29FB4BC1}C:\users\rv\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\rv\program files\dna\btdna.exe |
    "UDP Query User{CDB93844-4627-4027-8D8B-8A9BFECD7BB0}C:\users\rv\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\rv\program files\dna\btdna.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
    "{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
    "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
    "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
    "{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
    "{4755da93-7a40-475c-a2ef-bd3aa33c9bfe}" = Nero 9 Trial
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.42
    "{54F6C98F-94A0-421C-B90E-0B6A2A96A9CF}" = Pure Networks Platform
    "{55B1E4FA-F2E0-45DF-9B36-0B30A7949984}" = NWZ-S540 WALKMAN Guide
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
    "{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = eMachines Recovery Center Installer
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
    "{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
    "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8
    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
    "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
    "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
    "{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
    "{DF86A72C-4585-4D75-B592-968C8C6604A1}" = eMachines Connect
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast5" = avast! Free Antivirus
    "CCleaner" = CCleaner
    "Chess - 7_is1" = Chess-7 3.4
    "CNXT_MODEM_PCI_HSF" = Soft Data Fax Modem with SmartCP
    "Comical_is1" = Comical 0.8
    "Defraggler" = Defraggler
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{99ED894F-60CF-4D71-A645-442CD041D595}" = Susteen Launcher
    "InstallShield_{AB6E9CF7-7A9B-4973-9A1D-96FB27F4B6AC}" = DataPilot
    "Linksys Wireless Manager" = Linksys Wireless Manager
    "Magic DVD Ripper_is1" = Magic DVD Ripper V5.2.1 build 8
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "Peggle Deluxe1.0" = Peggle Deluxe
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "VLC media player" = VideoLAN VLC media player 0.8.6d
    "VUPlayer" = VUPlayer
    "WinMount3_is1" = WinMount V3.2.0624
    "WinRAR archiver" = WinRAR archiver
    "yBook_is1" = yBook
    "ZoneAlarm" = ZoneAlarm
    "ZoneAlarm Toolbar" = ZoneAlarm Toolbar
    "Zuma's Revenge!1.0" = Zuma's Revenge!

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "BitTorrent DNA" = DNA

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/1/2010 1:18:43 AM | Computer Name = RV-PC | Source = Application Error | ID = 1000
    Description = Faulting application WinMount3.exe, version 3.2.0.1, time stamp 0x4a419474,
    faulting module MountPlug.dll, version 3.1.0.1, time stamp 0x4a419466, exception
    code 0xc0000005, fault offset 0x00004765, process id 0x828, application start time
    0x01cae8edab3403e9.

    Error - 5/3/2010 4:51:31 PM | Computer Name = RV-PC | Source = Application Error | ID = 1000
    Description = Faulting application wmprph.exe, version 11.0.6001.7000, time stamp
    0x47919365, faulting module ntdll.dll, version 6.0.6002.18005, time stamp 0x49e03821,
    exception code 0xc0000005, fault offset 0x0003e13d, process id 0x864, application
    start time 0x01caeaf93ab5526f.

    Error - 5/5/2010 1:33:25 AM | Computer Name = RV-PC | Source = Windows Search Service | ID = 3013
    Description =

    Error - 5/6/2010 6:19:10 PM | Computer Name = RV-PC | Source = VSS | ID = 8194
    Description =

    Error - 5/6/2010 6:21:44 PM | Computer Name = RV-PC | Source = ESENT | ID = 490
    Description = Catalog Database (1672) Catalog Database: An attempt to open the file
    "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
    read / write access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 5/6/2010 6:21:44 PM | Computer Name = RV-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
    Description =

    Error - 5/6/2010 6:22:02 PM | Computer Name = RV-PC | Source = ESENT | ID = 490
    Description = Catalog Database (1672) Catalog Database: An attempt to open the file
    "C:\Windows\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for
    read / write access failed with system error 32 (0x00000020): "The process cannot
    access the file because it is being used by another process. ". The open file
    operation will fail with error -1032 (0xfffffbf8).

    Error - 5/6/2010 6:22:02 PM | Computer Name = RV-PC | Source = Microsoft-Windows-CAPI2 | ID = 131329
    Description =

    Error - 5/10/2010 9:45:34 PM | Computer Name = RV-PC | Source = Application Error | ID = 1000
    Description = Faulting application WinMount3.exe, version 3.2.0.1, time stamp 0x4a419474,
    faulting module MountPlug.dll, version 3.1.0.1, time stamp 0x4a419466, exception
    code 0xc0000005, fault offset 0x0000470d, process id 0x1094, application start time
    0x01caf0ab5eb4a8c0.

    Error - 5/11/2010 8:50:48 PM | Computer Name = RV-PC | Source = Application Error | ID = 1000
    Description = Faulting application Explorer.EXE, version 6.0.6002.18005, time stamp
    0x49e01da5, faulting module 7z.dll, version 4.62.0.0, time stamp 0x4a406d66, exception
    code 0xc0000005, fault offset 0x0004f10d, process id 0x7d4, application start time
    0x01caf0c9a5965e35.

    [ System Events ]
    Error - 12/13/2010 7:51:09 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2010 7:59:48 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2010 8:15:30 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 12/13/2010 8:16:00 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/13/2010 8:27:48 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/13/2010 8:37:29 AM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7000
    Description =

    Error - 12/13/2010 8:55:12 PM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7034
    Description =

    Error - 12/13/2010 9:00:19 PM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/13/2010 9:12:08 PM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7030
    Description =

    Error - 12/13/2010 9:22:42 PM | Computer Name = RV-PC | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    I'm glad to see your computer more happy :)

    Your computer would run much better with another 1GB of RAM installed.

    You're running low on C drive free space.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    otl fix result log

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: RV
    ->Temp folder emptied: 1140923 bytes
    ->Temporary Internet Files folder emptied: 89849 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 91868183 bytes
    ->Flash cache emptied: 10486 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 929316 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 94340 bytes

    Total Files Cleaned = 90.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: RV
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 12132010_190713

    Files\Folders moved on Reboot...
    C:\Users\RV\AppData\Local\Temp\~DFC862.tmp moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
    File\Folder C:\Windows\temp\ZLT03959.TMP not found!

    Registry entries deleted on Reboot...
     
  17. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    security check log

    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    ZoneAlarm
    ZoneAlarm Toolbar
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player 10.1.85.3
    Adobe Reader 8
    Out of date Adobe Reader installed!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    Zone Labs ZoneAlarm zlclient.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Update Adobe Flash Player.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  19. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    ok?

    ok so it took like 3 hours but eset same back clean... no threats
    switching to foxit reader now....
    are we in the clear?
     
  20. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    !

    ok i got switched to foxit... updated flash...
    any further instructions?
    i assume i can just delete combo fix from my desktop as it will not allow itself to be moved?
    ill wait for the official 'go ahead'
    ....
    now, i know ive said this a few times already...
    but really thanks very very much....
    my pc is working much better and youve instructed me as to how best keep myself safe online...
    WOW!
    youre a hero! a modern day saint!
    fighting the good fight for all us clueless users who can just barely conceive that the internets arent just a big truck.... more like a series of tubes! LOL
    thanks again!
    rob
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're most welcome :)

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  22. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    otl log

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: RV
    ->Temp folder emptied: 1088883 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 13740851 bytes
    ->Flash cache emptied: 456 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 948612 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 15.00 mb


    [EMPTYFLASH]

    User: All Users
     
  23. NEWB023

    NEWB023 TS Rookie Topic Starter Posts: 21

    last minute hiccup?

    ok i think this isnt a big deal but
    when i ran Secunia Personal Software Inspector (PSI):
    it found identified 4 level 4 threats... but the programs it lists are:
    apple quick time, open office, vlc player and winrar....
    i assume i can disregard this?
    either way.. in case this is my last post......(can u guess?)
    THANKS!
    THANKS VERY MUCH!
    ...oh,, and
    THANKS AGAIN!
    i honestly can barely fathom all youve done to help me for nothing beyond my gratitude,,,, and, sire, i assure you that i am very grateful...!
     
  24. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)

    As for Secunia, it's not always easy to make it 100% happy, so if you did, what you could, you're fine.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...