While attempting to re-install HP printer s/w (Officejet Pro L7590), I rec'd a msg saying that services.exe had failed with the status code 1073741819.
I was attempting to restore scan capability (worked well at one point).
Other than that, system performs normally.
From what I've observed surfing around, there seems to be a history of this malware showing up.
I've done the 8 step procedure and pasted in the four log files.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5420
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/29/2010 10:12:39 PM
mbam-log-2010-12-29 (22-12-39).txt
Scan type: Quick scan
Objects scanned: 152368
Time elapsed: 7 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-29 22:34:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 ST316081 rev.4.AA
Running: dbb4kbc6.exe; Driver: C:\DOCUME~1\DICKKU~1\LOCALS~1\Temp\fwtirpob.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2009 2:52:55 PM
System Uptime: 12/29/2010 9:46:27 PM (1 hours ago)
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 69 GiB total, 47.292 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 70 GiB total, 59.679 GiB free.
F: is Removable
G: is FIXED (NTFS) - 596 GiB total, 504.757 GiB free.
H: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP280: 12/21/2010 3:53:03 PM - Software Distribution Service 3.0
RP281: 12/22/2010 11:28:46 PM - System Checkpoint
RP282: 12/23/2010 12:53:37 AM - Installed QuickTime
RP283: 12/23/2010 9:13:24 AM - Software Distribution Service 3.0
RP284: 12/23/2010 10:19:46 PM - Paint.NET v3.5.6
RP285: 12/24/2010 9:48:59 AM - Software Distribution Service 3.0
RP286: 12/25/2010 6:42:41 PM - Removed MPM
RP287: 12/25/2010 6:56:09 PM - Software Distribution Service 3.0
RP288: 12/25/2010 7:09:25 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
RP289: 12/25/2010 7:10:11 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
RP290: 12/25/2010 8:42:47 PM - Revo Uninstaller's restore point - HP Customer Participation Program 7.0
RP291: 12/25/2010 8:47:22 PM - Revo Uninstaller's restore point - HP Imaging Device Functions 7.0
RP292: 12/25/2010 8:55:00 PM - Revo Uninstaller's restore point - HP Officejet Pro All-In-One Series
RP293: 12/25/2010 9:00:43 PM - Revo Uninstaller's restore point - HP Photosmart Essential
RP294: 12/25/2010 9:01:40 PM - Removed HP Photosmart Essential
RP295: 12/25/2010 9:05:16 PM - Revo Uninstaller's restore point - HP Solution Center 7.0
RP296: 12/25/2010 9:16:51 PM - Revo Uninstaller's restore point - HP Update
RP297: 12/25/2010 9:17:25 PM - Removed HP Update.
RP298: 12/25/2010 9:20:33 PM - Revo Uninstaller's restore point - HPSSupply
RP299: 12/25/2010 9:20:53 PM - Removed HPSSupply
RP300: 12/25/2010 10:01:28 PM - Installed HPSU306Stub
RP301: 12/25/2010 10:54:29 PM - Installed HP Product Detection.
RP302: 12/27/2010 9:17:49 AM - Software Distribution Service 3.0
RP303: 12/28/2010 10:36:41 AM - System Checkpoint
RP304: 12/28/2010 2:25:43 PM - Software Distribution Service 3.0
RP305: 12/28/2010 9:35:56 PM - Software Distribution Service 3.0
RP306: 12/29/2010 2:01:23 AM - Software Distribution Service 3.0
==== Installed Programs ======================
32 Bit HP CIO Components Installer
3D Text Commander 3.0.1 by Insofta Development
7-Zip 4.65
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Agere Systems PCI-SV92EX Soft Modem
Alleycode HTML Editor 2.2.1
AllMySongs Database
AM-DeadLink 3.3
AnalogX Capture
Aneesoft 3D Flash Gallery GOTD Edition
Apple Application Support
Apple Software Update
Artensoft Photo Mosaic Wizard
Ashampoo Burning Studio 2010 Advanced
Ashampoo MyAutoplay Menu 1.0.3
Ashampoo Photo Commander 7.21
Ashampoo WinOptimizer 6.60
Ask Toolbar
Autoplay Menu Designer 3.4
AVG Anti-Rootkit Free
BPD_Scan
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Celestia 1.6.0
Coupon Printer for Windows
CRON-O-METER 0.9.7
Definition update for Microsoft Office 2010 (KB982726)
Dell Driver Download Manager
Ditto
DS Clock
e-Sword
EASEUS Partition Master 4.0 Home Edition
Easy Family Tree Deluxe®
Easy Macro Recorder 3.75
ERUNT 1.1j
Everything 1.2.1.371
ExifCleaner 1.2
FastStone Image Viewer 4.2
Fax
FileZilla Client 3.3.5.1
FolderIco 1.0
FolderSizes 3.6
FontFrenzy 1.51
Foxit PDF IFilter
Foxit Reader
gBurner
GIMP 2.6.8
Glary Utilities 2.30.0.1066
GnuCash 2.2.9
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Product Detection
HP Software Update
Hulu Desktop
IBM Lotus Symphony
Imagicon
Incomedia WebSite X5 Smart
Java Auto Updater
Java(TM) 6 Update 22
JGsoft EditPad Lite 5.3.0
jv16 PowerTools 2009
KeyScrambler
KLS Mail Backup 1.9.7.5
Kyodai Mahjongg
LEGO Digital Designer
LightScribe 1.4.136.1
Ma-Config.com
MailAlert
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync 4.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Publisher 2010
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Miro
Move Media Player
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Duplicate Remover 6.0
MyConnection PC Lite Edition
Nero 7 Essentials
Network
novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer)
NVIDIA Drivers
OpenDNS Updater 2.2.1
OpenOffice.org 3.2
Paint.NET v3.5.6
Panda Cloud Antivirus
Panda USB Vaccine 1.0.1.4
pdfFactory Pro
PDFZilla V1.2.7
Photo Pos Pro
PhotoWipe 1.0
PhotoWorks
Picasa 3
PowerISO
Q-Dir
QFolder
Quick PDF Tools 2.1.5.8
QuickTime
Rainlendar2 (remove only)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.90
Scan
SDFormatter
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Seesmic Look
Serif PagePlus Essentials
Setup IsoEdit
Shape Collage
SIW version 2010.03.11
Smart Defrag
SoftMaker Office 2010
SoftOrbits Html Web Gallery Generator 1.2
Software Informer 1.0 BETA
Soluto
Sophos Windows Shortcut Exploit Protection Tool
Speccy
Spybot - Search & Destroy
Spyware Terminator
Startup Defender 1.9.5
StartupRun
Static EMail Backup 2.9
SUPERAntiSpyware Free Edition
Titan Backup
Translate.Net
TreeSize Free V2.4
TuneUp Utilities 2009
Tux Paint 0.9.21b
Tux Paint Stamps 2009-06-28
Unity Web Player (All users)
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
USB Safely Remove 4.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinDirStat 1.1.2
Windows 7 Upgrade Advisor Beta
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinKey
WinPatrol 2009
WinPcap 4.0.2
WinSnap
WinUtilities 7.0
Wondershare PC Health Check 1.5.2
Wondershare Photo Collage Studio 4.2.10.7
Wondershare Streaming Audio Recorder(Build 1.0.8.52)
WordWeb
Xilisoft HD Video Converter 6
ZoneAlarm
ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
Zoner Photo Studio 12
==== Event Viewer Messages From Past Week ========
12/29/2010 9:44:55 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup WebManager service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The USB Safely Remove Assistant service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/28/2010 2:51:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
12/28/2010 2:50:51 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
12/28/2010 12:49:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCGenFAM
12/27/2010 11:30:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/27/2010 10:47:14 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/27/2010 10:43:52 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/26/2010 8:44:41 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/25/2010 8:08:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .
12/25/2010 7:09:49 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
12/25/2010 7:09:49 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL. Reference error message: The operation completed successfully. .
12/25/2010 7:09:49 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
12/23/2010 2:44:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by **** Kutz at 22:49:33.79 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.623 [GMT -7:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *Enabled*
============== Running Processes ===============
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DS Clock\DSClock.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\**** Kutz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\PROGRAM FILES\MAILALERT\MAILALERT.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\**** Kutz\Desktop\TechSpot\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DS Clock] "c:\program files\ds clock\DSClock.exe"
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Google Update] "c:\documents and settings\**** kutz\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [nwiz] nwiz.exe /install
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\firefox.exe.lnk - c:\program files\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\startup defender.lnk - c:\program files\zards software\startup defender\Startup Defender.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\disabled\calend~1.lnk - e:\my data\utilities,program installs\software by design\Calendar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secunia psi tray.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {C800F8A8-08F8-472D-ADF8-4B12E2F782BA} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dickku~1\applic~1\mozilla\firefox\profiles\1s9mnumo.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\**** kutz\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\**** kutz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\**** kutz\local settings\application data\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Get Mail Plus: getmail@webdesigns.ms11.net - %profile%\extensions\getmail@webdesigns.ms11.net
FF - Ext: App Tabs: apptabs@frankyan.com - %profile%\extensions\apptabs@frankyan.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: Consumer Input: ConsumerInput@Compete - %profile%\extensions\ConsumerInput@Compete
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-28 64288]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-12-29 3968]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-11 142592]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-11 532224]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1389400]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-11-1 331296]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2009-10-1 213776]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\program files\zonealarmbackup\ZABackupWebM.exe [2010-11-27 124432]
R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\zonealarmbackup\ZABackup Service.exe [2010-11-27 149008]
R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [2010-4-12 115312]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-19 16640]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-12-13 181704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-7 406016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-14 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-14 3072]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-13 15264]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-30 05:35:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{19da7bcb-804c-42d9-a298-07f4dd08fbe3}\mpengine.dll
2010-12-30 04:52:01 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-29 18:50:21 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-12-29 05:17:08 -------- d-----w- c:\windows\system32\jv16PTPortableBackup
2010-12-24 05:19:47 -------- d-----w- c:\program files\Paint.NET
2010-12-24 05:19:26 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Paint.NET
2010-12-23 07:58:38 75208 ----a-w- c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
2010-12-23 07:48:47 -------- d-----w- C:\My Music
2010-12-23 07:48:03 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-12-23 07:47:40 -------- d-----w- c:\program files\common files\xing shared
2010-12-23 07:47:18 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-12-23 07:46:57 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-12-23 06:37:28 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Secunia PSI
2010-12-23 06:36:52 -------- d-----w- c:\program files\Secunia
2010-12-13 16:54:17 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-12-13 16:54:10 -------- d-----w- c:\program files\Soluto
2010-12-13 16:53:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Soluto
2010-12-11 22:03:36 -------- d-----w- c:\docume~1\dickku~1\applic~1\LEGO Company
2010-12-11 22:02:46 -------- d-----w- c:\program files\LEGO Company
2010-12-11 22:02:20 -------- d-----w- c:\program files\Unity
2010-12-10 17:12:54 -------- d-----w- c:\program files\Glary Utilities
==================== Find3M ====================
2010-12-29 05:45:58 134 -c--a-w- c:\windows\system32\_WDYSZYG.sys
2010-12-23 07:46:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-23 07:46:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-20 21:27:42 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 06:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 21:25:59 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51:33 222080 -c----w- c:\windows\system32\MpSigStub.exe
============= FINISH: 22:51:56.32 ===============
I was attempting to restore scan capability (worked well at one point).
Other than that, system performs normally.
From what I've observed surfing around, there seems to be a history of this malware showing up.
I've done the 8 step procedure and pasted in the four log files.
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 5420
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
12/29/2010 10:12:39 PM
mbam-log-2010-12-29 (22-12-39).txt
Scan type: Quick scan
Objects scanned: 152368
Time elapsed: 7 minute(s), 59 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-12-29 22:34:26
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path1Target1Lun0 ST316081 rev.4.AA
Running: dbb4kbc6.exe; Driver: C:\DOCUME~1\DICKKU~1\LOCALS~1\Temp\fwtirpob.sys
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device \Driver\Tcpip \Device\Ip vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
Device \Driver\Tcpip \Device\Udp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD)
---- EOF - GMER 1.0.15 ----
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_10-12-12.02)
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 9/9/2009 2:52:55 PM
System Uptime: 12/29/2010 9:46:27 PM (1 hours ago)
Motherboard: eMachines | | WMCP61M
Processor: AMD Athlon(tm) Processor 2650e | Socket AM2 | 1607/201mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 69 GiB total, 47.292 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 70 GiB total, 59.679 GiB free.
F: is Removable
G: is FIXED (NTFS) - 596 GiB total, 504.757 GiB free.
H: is Removable
==== Disabled Device Manager Items =============
==== System Restore Points ===================
RP280: 12/21/2010 3:53:03 PM - Software Distribution Service 3.0
RP281: 12/22/2010 11:28:46 PM - System Checkpoint
RP282: 12/23/2010 12:53:37 AM - Installed QuickTime
RP283: 12/23/2010 9:13:24 AM - Software Distribution Service 3.0
RP284: 12/23/2010 10:19:46 PM - Paint.NET v3.5.6
RP285: 12/24/2010 9:48:59 AM - Software Distribution Service 3.0
RP286: 12/25/2010 6:42:41 PM - Removed MPM
RP287: 12/25/2010 6:56:09 PM - Software Distribution Service 3.0
RP288: 12/25/2010 7:09:25 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
RP289: 12/25/2010 7:10:11 PM - Printer Driver HP Officejet Pro L7500 S... fax Installed
RP290: 12/25/2010 8:42:47 PM - Revo Uninstaller's restore point - HP Customer Participation Program 7.0
RP291: 12/25/2010 8:47:22 PM - Revo Uninstaller's restore point - HP Imaging Device Functions 7.0
RP292: 12/25/2010 8:55:00 PM - Revo Uninstaller's restore point - HP Officejet Pro All-In-One Series
RP293: 12/25/2010 9:00:43 PM - Revo Uninstaller's restore point - HP Photosmart Essential
RP294: 12/25/2010 9:01:40 PM - Removed HP Photosmart Essential
RP295: 12/25/2010 9:05:16 PM - Revo Uninstaller's restore point - HP Solution Center 7.0
RP296: 12/25/2010 9:16:51 PM - Revo Uninstaller's restore point - HP Update
RP297: 12/25/2010 9:17:25 PM - Removed HP Update.
RP298: 12/25/2010 9:20:33 PM - Revo Uninstaller's restore point - HPSSupply
RP299: 12/25/2010 9:20:53 PM - Removed HPSSupply
RP300: 12/25/2010 10:01:28 PM - Installed HPSU306Stub
RP301: 12/25/2010 10:54:29 PM - Installed HP Product Detection.
RP302: 12/27/2010 9:17:49 AM - Software Distribution Service 3.0
RP303: 12/28/2010 10:36:41 AM - System Checkpoint
RP304: 12/28/2010 2:25:43 PM - Software Distribution Service 3.0
RP305: 12/28/2010 9:35:56 PM - Software Distribution Service 3.0
RP306: 12/29/2010 2:01:23 AM - Software Distribution Service 3.0
==== Installed Programs ======================
32 Bit HP CIO Components Installer
3D Text Commander 3.0.1 by Insofta Development
7-Zip 4.65
Ad-Aware
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Shockwave Player 11.5
Advanced SystemCare 3
Agere Systems PCI-SV92EX Soft Modem
Alleycode HTML Editor 2.2.1
AllMySongs Database
AM-DeadLink 3.3
AnalogX Capture
Aneesoft 3D Flash Gallery GOTD Edition
Apple Application Support
Apple Software Update
Artensoft Photo Mosaic Wizard
Ashampoo Burning Studio 2010 Advanced
Ashampoo MyAutoplay Menu 1.0.3
Ashampoo Photo Commander 7.21
Ashampoo WinOptimizer 6.60
Ask Toolbar
Autoplay Menu Designer 3.4
AVG Anti-Rootkit Free
BPD_Scan
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Celestia 1.6.0
Coupon Printer for Windows
CRON-O-METER 0.9.7
Definition update for Microsoft Office 2010 (KB982726)
Dell Driver Download Manager
Ditto
DS Clock
e-Sword
EASEUS Partition Master 4.0 Home Edition
Easy Family Tree Deluxe®
Easy Macro Recorder 3.75
ERUNT 1.1j
Everything 1.2.1.371
ExifCleaner 1.2
FastStone Image Viewer 4.2
Fax
FileZilla Client 3.3.5.1
FolderIco 1.0
FolderSizes 3.6
FontFrenzy 1.51
Foxit PDF IFilter
Foxit Reader
gBurner
GIMP 2.6.8
Glary Utilities 2.30.0.1066
GnuCash 2.2.9
Google Chrome
Google Earth
Google SketchUp 8
Google Update Helper
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Product Detection
HP Software Update
Hulu Desktop
IBM Lotus Symphony
Imagicon
Incomedia WebSite X5 Smart
Java Auto Updater
Java(TM) 6 Update 22
JGsoft EditPad Lite 5.3.0
jv16 PowerTools 2009
KeyScrambler
KLS Mail Backup 1.9.7.5
Kyodai Mahjongg
LEGO Digital Designer
LightScribe 1.4.136.1
Ma-Config.com
MailAlert
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft ActiveSync 4.0
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Calculator Plus
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Publisher 2010
Microsoft Security Essentials
Microsoft Software Update for Web Folders (English) 14
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Miro
Move Media Player
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Duplicate Remover 6.0
MyConnection PC Lite Edition
Nero 7 Essentials
Network
novaPDF Pro v5 (novaPDF Professional Desktop 5.5 printer)
NVIDIA Drivers
OpenDNS Updater 2.2.1
OpenOffice.org 3.2
Paint.NET v3.5.6
Panda Cloud Antivirus
Panda USB Vaccine 1.0.1.4
pdfFactory Pro
PDFZilla V1.2.7
Photo Pos Pro
PhotoWipe 1.0
PhotoWorks
Picasa 3
PowerISO
Q-Dir
QFolder
Quick PDF Tools 2.1.5.8
QuickTime
Rainlendar2 (remove only)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.90
Scan
SDFormatter
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office 2010 (KB2289078)
Security Update for Microsoft Office 2010 (KB2289161)
Security Update for Microsoft Publisher 2010 (KB2409055)
Security Update for Microsoft Word 2010 (KB2345000)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972260)
Seesmic Look
Serif PagePlus Essentials
Setup IsoEdit
Shape Collage
SIW version 2010.03.11
Smart Defrag
SoftMaker Office 2010
SoftOrbits Html Web Gallery Generator 1.2
Software Informer 1.0 BETA
Soluto
Sophos Windows Shortcut Exploit Protection Tool
Speccy
Spybot - Search & Destroy
Spyware Terminator
Startup Defender 1.9.5
StartupRun
Static EMail Backup 2.9
SUPERAntiSpyware Free Edition
Titan Backup
Translate.Net
TreeSize Free V2.4
TuneUp Utilities 2009
Tux Paint 0.9.21b
Tux Paint Stamps 2009-06-28
Unity Web Player (All users)
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2202188)
Update for Microsoft Office 2010 (KB2413186)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
USB Safely Remove 4.1
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WinDirStat 1.1.2
Windows 7 Upgrade Advisor Beta
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinKey
WinPatrol 2009
WinPcap 4.0.2
WinSnap
WinUtilities 7.0
Wondershare PC Health Check 1.5.2
Wondershare Photo Collage Studio 4.2.10.7
Wondershare Streaming Audio Recorder(Build 1.0.8.52)
WordWeb
Xilisoft HD Video Converter 6
ZoneAlarm
ZoneAlarm Backup Powered by IDrive version 1.0.5 March 11, 2010
Zoner Photo Studio 12
==== Event Viewer Messages From Past Week ========
12/29/2010 9:44:55 PM, error: Service Control Manager [7031] - The Panda Cloud Antivirus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup WebManager service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The ZoneAlarmBackup Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The USB Safely Remove Assistant service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Spyware Terminator Realtime Shield Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Soluto PCGenome Core Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Secunia PSI Agent service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The NLS Service service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7034] - The Agere Modem Call Progress Audio service terminated unexpectedly. It has done this 1 time(s).
12/29/2010 9:44:46 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/28/2010 2:51:27 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the NanoServiceMain service.
12/28/2010 2:50:51 PM, error: Service Control Manager [7022] - The Panda Cloud Antivirus Service service hung on starting.
12/28/2010 12:49:26 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCGenFAM
12/27/2010 11:30:49 PM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
12/27/2010 10:47:14 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/27/2010 10:43:52 PM, error: Service Control Manager [7031] - The Microsoft Antimalware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
12/26/2010 8:44:41 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/25/2010 8:08:00 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL. Reference error message: The operation completed successfully. .
12/25/2010 7:09:49 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC. Reference error message: The referenced assembly is not installed on your system. .
12/25/2010 7:09:49 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL. Reference error message: The operation completed successfully. .
12/25/2010 7:09:49 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.
12/23/2010 2:44:54 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
==== End Of File ===========================
DDS (Ver_10-12-12.02) - NTFSx86
Run by **** Kutz at 22:49:33.79 on Wed 12/29/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1790.623 [GMT -7:00]
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: Panda Cloud Antivirus *Enabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
AV: Microsoft Security Essentials *Enabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: ZoneAlarm Firewall *Enabled*
============== Running Processes ===============
C:\Program Files\USB Safely Remove\USBSRService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\NLSSRV32.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Secunia\PSI\PSIA.exe
C:\Program Files\Soluto\SolutoService.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\ZoneAlarmBackup\ZABackupWebM.exe
C:\Program Files\ZoneAlarmBackup\ZABackup Service.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DS Clock\DSClock.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\**** Kutz\Local Settings\Application Data\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\OpenDNS Updater\OpenDNSUpdater.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\Zards software\Startup Defender\Startup Defender.exe
C:\PROGRAM FILES\MAILALERT\MAILALERT.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\**** Kutz\Desktop\TechSpot\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://news.google.com/
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DS Clock] "c:\program files\ds clock\DSClock.exe"
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [Google Update] "c:\documents and settings\**** kutz\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [OpenDNS Updater] "c:\program files\opendns updater\OpenDNSUpdater.exe" /autostart
uRun: [Rainlendar2] c:\program files\rainlendar2\Rainlendar2.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [nwiz] nwiz.exe /install
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\firefox.exe.lnk - c:\program files\mozilla firefox\firefox.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\startup defender.lnk - c:\program files\zards software\startup defender\Startup Defender.exe
StartupFolder: c:\docume~1\dickku~1\startm~1\programs\startup\disabled\calend~1.lnk - e:\my data\utilities,program installs\software by design\Calendar.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secunia psi tray.lnk - c:\program files\secunia\psi\psi_tray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\disabled\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~2\INetRepl.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: {C800F8A8-08F8-472D-ADF8-4B12E2F782BA} = 208.67.222.222,208.67.220.220
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\dickku~1\applic~1\mozilla\firefox\profiles\1s9mnumo.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\**** kutz\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll
FF - plugin: c:\documents and settings\**** kutz\application data\mozilla\firefox\profiles\1s9mnumo.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\**** kutz\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\**** kutz\local settings\application data\huludesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: TinEye Reverse Image Search: tineye@ideeinc.com - %profile%\extensions\tineye@ideeinc.com
FF - Ext: Flash Video Downloader - Youtube Downloader: artur.dubovoy@gmail.com - %profile%\extensions\artur.dubovoy@gmail.com
FF - Ext: Get Mail Plus: getmail@webdesigns.ms11.net - %profile%\extensions\getmail@webdesigns.ms11.net
FF - Ext: App Tabs: apptabs@frankyan.com - %profile%\extensions\apptabs@frankyan.com
FF - Ext: BetterPrivacy: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3} - %profile%\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
FF - Ext: FEBE: {4BBDD651-70CF-4821-84F8-2B918CF89CA3} - %profile%\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
FF - Ext: Menu Editor: {EDA7B1D7-F793-4e03-B074-E6F303317FB0} - %profile%\extensions\{EDA7B1D7-F793-4e03-B074-E6F303317FB0}
FF - Ext: HP Detect: {ab91efd4-6975-4081-8552-1b3922ed79e2} - %profile%\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF - Ext: Consumer Input: ConsumerInput@Compete - %profile%\extensions\ConsumerInput@Compete
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
============= SERVICES / DRIVERS ===============
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-28 64288]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2010-12-29 3968]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 151216]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2010-6-17 129992]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 67656]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-9-11 142592]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-12-11 532224]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-7-6 1389400]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2010-8-9 140608]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2010-7-9 65856]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2010-5-27 141384]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2010-7-21 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2010-4-30 111624]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [2010-7-21 112456]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2010-12-21 987704]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\soluto\SolutoService.exe [2010-11-1 331296]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;c:\program files\usb safely remove\USBSRService.exe [2009-10-1 213776]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 ZABackupWebM;ZoneAlarmBackup WebManager;c:\program files\zonealarmbackup\ZABackupWebM.exe [2010-11-27 124432]
R2 ZoneAlarmBackup Service;ZoneAlarmBackup Service;c:\program files\zonealarmbackup\ZABackup Service.exe [2010-11-27 149008]
R3 KeyScramblerDrv;KeyScramblerDrv;c:\windows\system32\drivers\keyscrambler.sys [2010-4-12 115312]
R3 WsAudioDevice_383;WsAudioDevice_383;c:\windows\system32\drivers\WsAudioDevice_383.sys [2009-9-19 16640]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-12-13 181704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2010-12-21 399416]
S3 DfSdkS;Defragmentation-Service;c:\program files\ashampoo\ashampoo winoptimizer 6\DfSdkS.exe [2010-9-7 406016]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-9-14 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-9-14 3072]
S3 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-13 15264]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [2010-7-19 259440]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-4 14336]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasusb.sys --> c:\windows\system32\drivers\SynasUSB.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-12-30 05:35:05 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{19da7bcb-804c-42d9-a298-07f4dd08fbe3}\mpengine.dll
2010-12-30 04:52:01 7232 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-29 18:50:21 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
2010-12-29 05:17:08 -------- d-----w- c:\windows\system32\jv16PTPortableBackup
2010-12-24 05:19:47 -------- d-----w- c:\program files\Paint.NET
2010-12-24 05:19:26 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Paint.NET
2010-12-23 07:58:38 75208 ----a-w- c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
2010-12-23 07:48:47 -------- d-----w- C:\My Music
2010-12-23 07:48:03 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2010-12-23 07:47:40 -------- d-----w- c:\program files\common files\xing shared
2010-12-23 07:47:18 151776 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2010-12-23 07:46:57 100352 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2010-12-23 06:37:28 -------- d-----w- c:\docume~1\dickku~1\locals~1\applic~1\Secunia PSI
2010-12-23 06:36:52 -------- d-----w- c:\program files\Secunia
2010-12-13 16:54:17 181704 ----a-w- c:\windows\system32\drivers\PCGenFAM.sys
2010-12-13 16:54:10 -------- d-----w- c:\program files\Soluto
2010-12-13 16:53:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Soluto
2010-12-11 22:03:36 -------- d-----w- c:\docume~1\dickku~1\applic~1\LEGO Company
2010-12-11 22:02:46 -------- d-----w- c:\program files\LEGO Company
2010-12-11 22:02:20 -------- d-----w- c:\program files\Unity
2010-12-10 17:12:54 -------- d-----w- c:\program files\Glary Utilities
==================== Find3M ====================
2010-12-29 05:45:58 134 -c--a-w- c:\windows\system32\_WDYSZYG.sys
2010-12-23 07:46:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-12-23 07:46:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-12-20 21:27:42 15880 -c--a-w- c:\windows\system32\lsdelete.exe
2010-11-30 00:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 00:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-17 06:41:00 323624 ----a-w- c:\windows\system32\wiaaut.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 21:25:59 398744 -c--a-r- c:\windows\system32\cpnprt2.cid
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51:33 222080 -c----w- c:\windows\system32\MpSigStub.exe
============= FINISH: 22:51:56.32 ===============