Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

only IE can access internet

Started by rosejo , May 10 2010 12:48 AM

  • Please log in to reply

#1
rosejo
Posted 10 May 2010 - 12:48 AM

rosejo

    Member

  • Member
  • PipPip
  • 72 posts
OTL logfile created on: 5/10/2010 2:06:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
PRC - [2010/04/29 15:39:32 | 001,090,952 | ---- | M] (Malwarebytes Corporation) -- D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/04/22 17:26:14 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 17:26:08 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/22 17:21:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/12 15:03:28 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 15:01:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/06/10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/02/13 19:55:40 | 000,241,664 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
PRC - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
PRC - [2007/10/26 05:07:56 | 000,417,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
PRC - [2007/10/05 16:55:12 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/27 14:55:32 | 001,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/08/15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/08/08 12:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/12/05 18:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/11/24 21:20:36 | 000,622,592 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/11/22 05:31:25 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/05/08 19:52:04 | 000,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2006/02/26 11:07:12 | 002,502,656 | ---- | M] (Lenovo(beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\utilty.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
MOD - [2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ac.sharedstore)
SRV - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2006/12/04 15:32:10 | 000,632,456 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- D:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 09:23:29 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/30 09:23:29 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/30 09:23:11 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/04/30 09:22:37 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/12/02 09:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (vsdatant)
DRV - [2009/05/19 06:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/02/13 19:30:44 | 000,018,048 | ---- | M] (ensurebit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt)
DRV - [2008/02/11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/19 01:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/19 00:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/14 17:24:18 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/02 17:29:02 | 000,828,328 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/07/22 16:00:44 | 000,180,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/06/21 05:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/25 00:17:35 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/22 05:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.14
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files\Mozilla Firefox 3.6 Beta 5\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/30 17:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/04/30 17:04:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010/04/30 18:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins

[2009/12/23 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions
[2009/12/23 10:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/04 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions
[2010/02/05 19:28:54 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 21:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 08:02:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 23:12:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/08 15:06:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/07 17:54:34 | 000,000,000 | ---D | M] (DoD Configuration) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2010/04/22 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\[email protected]

O1 HOSTS File: ([2010/04/22 20:50:50 | 000,393,305 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 13584 more lines...
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EnergyCut] D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] D:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [masqform.exe] D:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmcac.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmlogin.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O24 - Desktop BackupWallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/07/26 09:36:59 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/05/10 02:05:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/10 01:26:33 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Malwarebytes
[2010/05/10 01:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 01:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 01:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/01 16:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DVDneXtCOPY
[2010/04/30 09:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/04/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/04/29 23:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Apple Computer
[2010/04/28 07:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\Spark
[2010/04/27 07:55:04 | 000,000,000 | -H-D | C] -- C:\VirtualStore
[2010/04/24 08:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/22 18:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/22 16:34:52 | 000,000,000 | ---D | C] -- D:\Users\Ray E. Osejo\Documents\RootKit Scan Log Files
[2010/03/30 14:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010/03/30 14:42:39 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2010/03/30 13:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Symantec
[2010/03/17 15:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Config
[2010/03/17 11:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer Platform Preview
[2010/03/16 09:41:24 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2010/03/12 15:03:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/07 18:32:23 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Move Networks
[2010/02/25 22:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Machinist2DLL
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/10 02:07:40 | 008,126,464 | -HS- | M] () -- C:\Users\Ray E. Osejo\ntuser.dat
[2010/05/10 01:41:17 | 000,293,376 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\gmer.exe
[2010/05/10 01:26:28 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/10 00:41:49 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/10 00:40:46 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/05/10 00:39:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/10 00:39:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 00:39:54 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 00:39:47 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 00:37:41 | 000,524,288 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 00:37:41 | 000,065,536 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/10 00:37:38 | 004,042,227 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\IconCache.db
[2010/05/10 00:02:53 | 000,062,720 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Roaming\Ray E. Osejo.idx
[2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/01 16:26:57 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/05/01 10:13:11 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 10:13:11 | 000,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 10:13:11 | 000,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/30 18:32:48 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:07:19 | 000,005,972 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\d3d9caps.dat
[2010/04/30 17:04:18 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 15:12:13 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:26:44 | 000,409,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/04/30 09:22:36 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/30 06:28:53 | 000,422,438 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 09:51:47 | 000,000,718 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\CCleaner.lnk
[2010/04/26 19:46:02 | 059,288,376 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/22 22:28:20 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/04/22 20:50:50 | 000,393,305 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/04/22 18:29:38 | 000,001,546 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 17:51:42 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/22 17:24:21 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/04/22 17:24:21 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/04/09 13:16:52 | 000,535,624 | ---- | M] () -- C:\Windows\System32\pwNative.exe
[2010/04/09 13:16:50 | 000,016,472 | ---- | M] () -- C:\Windows\System32\pwdrvio.sys
[2010/04/09 13:16:46 | 000,011,104 | ---- | M] () -- C:\Windows\System32\pwdspio.sys
[2010/03/31 08:39:09 | 000,003,213 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/26 08:04:59 | 000,381,559 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100422-205050.backup
[2010/03/17 11:11:03 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/17 07:12:10 | 000,381,307 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100326-080459.backup
[2010/03/15 07:35:22 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/12 16:21:53 | 000,381,239 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100317-071210.backup
[2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/08 23:09:23 | 000,380,856 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100312-152153.backup
[2010/03/06 00:05:45 | 000,014,336 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 08:08:23 | 000,109,480 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/18 21:53:12 | 000,380,752 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100308-220923.backup
[2010/02/13 08:56:26 | 000,379,050 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100218-205312.backup
[2010/02/09 10:01:39 | 000,379,090 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100213-075625.backup
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/10 01:26:28 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 16:26:57 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/04/30 18:32:48 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:04:18 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 09:37:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:22:36 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/22 18:29:38 | 000,001,546 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/31 06:03:58 | 000,003,213 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/31 05:52:34 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/03/31 05:52:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/03/31 05:52:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/03/31 05:52:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/03/31 05:52:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/03/30 15:14:36 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/03/30 15:14:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/03/30 15:14:15 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/03/30 15:02:57 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/03/17 11:11:03 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/15 07:35:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/20 22:18:01 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010/01/13 17:51:59 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2009/12/23 20:33:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/30 00:05:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\erainp32.dll
[2008/08/09 11:23:06 | 000,000,181 | ---- | C] () -- C:\Windows\msmail.ini
[2008/07/12 21:01:18 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/07/12 21:01:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/07/12 20:59:09 | 000,000,228 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/12 20:59:09 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/12 20:57:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/12 20:57:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/07 17:42:43 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp(303).dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image(300).dll
[2008/02/13 19:55:42 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp(326).dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo(305).dll
[2008/02/13 19:55:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog(301).dll
[2008/02/13 19:55:41 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend(274).dll
[2008/02/13 19:15:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/14 17:21:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/07 06:44:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/07 06:44:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/20 13:56:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Machinist2.dll

========== LOP Check ==========

[2010/01/09 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\IObit
[2008/07/07 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\PureEdge
[2009/12/23 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Thunderbird
[2010/03/16 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2008/08/18 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Xerox
[2010/05/10 00:41:49 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/05/10 00:38:02 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/10 00:39:10 | 000,038,748 | ---- | M] () -- C:\aaw7boot.log
[2010/01/20 15:23:17 | 000,000,002 | ---- | M] () -- C:\ATK0100.log
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/23 17:39:49 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/01/20 16:05:39 | 000,000,034 | ---- | M] () -- C:\esaycapture.log
[2010/05/10 00:42:03 | 075,232,586 | ---- | M] () -- C:\FaceProv.log
[2010/05/10 00:41:21 | 000,109,792 | ---- | M] () -- C:\HeadVideo.log
[2008/08/09 11:18:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/08/09 11:18:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/05/10 00:39:10 | 016,777,216 | -HS- | M] () -- C:\pagefile.sys
[2008/02/13 19:08:46 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
[2008/08/07 05:46:36 | 000,005,343 | ---- | M] () -- C:\WirelessDiagLog.csv
[2009/12/23 22:31:16 | 000,000,156 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 07:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 07:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 02:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 02:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 02:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\system32\drivers\*.sys /90 >
[2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/02/20 16:53:34 | 000,411,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\http.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/30 09:23:11 | 000,132,480 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\snapman.sys
[2010/04/30 09:22:37 | 000,368,480 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tdrpman.sys
[2010/04/30 09:23:29 | 000,044,384 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\tifsfilt.sys
[2010/04/30 09:23:29 | 000,441,760 | ---- | M] (Acronis) -- C:\Windows\System32\drivers\timntr.sys
[1 C:\Windows\system32\drivers\*.tmp files -> C:\Windows\system32\drivers\*.tmp -> ]

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

OTL Extras Log:

OTL Extras logfile created on: 5/10/2010 2:06:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CFBD4-1A04-4B84-920E-E3AABE076C4B}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{09058782-5BE9-47AE-9E77-E9D95A56D6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{100C04D7-0BD5-420A-9C30-D349AB13FC5B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{12981B49-90A4-4C1D-87BA-BFDB8091A7DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14AF9013-9CC6-4FC1-8D4F-BB86857B0D29}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{2776CBA4-9AEA-4C82-8A0C-7C578824D091}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7913906B-6810-4DF9-A4C7-E41488316830}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BA12E6FB-42DE-473C-BE95-1515FA36721D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C30A1DA5-B495-4963-BDFB-96D36FC0D444}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{D406073B-28FC-441B-98EA-C85912015E69}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114813E0-DED2-4545-BAD3-682A35D2BDC9}" = protocol=17 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{160F4E77-9E46-41B8-A34E-6BF0E7EB7092}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1797BF06-5567-4572-9D7C-9F8D5FFCF620}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{1DDA24D5-64A9-47BB-B833-7A1CCB979B2E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FBCDEC0-82AB-4908-99E4-A2E0AB0B2D33}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3BD477E3-818C-4EB5-B56B-9EE38A91010B}" = dir=in | app=c:\program files\lenovo\shuttlecenter\powercinema.exe |
"{3C582205-6C25-42FE-99A6-655BFC56DE9E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{45780240-5609-47EF-A5FC-0E67F60678BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dmp\clbrowserengine.exe |
"{6D59C795-087C-42C0-86DF-B6B352A6606F}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{8302C106-8222-4F55-98B7-A4825B50F984}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dms\clmsservice.exe |
"{CED57A0D-9753-42BD-A801-FC919E296434}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{EC823F68-1CD6-4380-BB24-F7F5F4D70DA3}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F4A696EC-F341-436D-8799-AF55683C7BBE}" = protocol=6 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{F690C616-0592-4083-9D42-77BC18E6E9BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\pcmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{10885AE8-E42E-43CB-0A9D-1DCE4B636080}" = Symantec Ghost Configuration Client (Standalone)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Shuttle Center II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo Easy Camera
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6ECD42B2-32AF-4898-880D-0608EA5C592A}" = ApproveIt Desktop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B39AA98E-C966-46C9-ACA2-D2586E300988}" = WinFlash
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4917541-1D76-4BDD-0A44-0E5B98363300}" = Symantec User Migration Wizard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"HDMI" = Intel® Graphics Media Accelerator Driver
"lenovo scrnsave" = lenovo scrnsave
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"PROR" = Microsoft Office Professional 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ ActivIdentity Events ]
Error - 3/14/2010 2:01:14 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

Error - 3/20/2010 7:42:32 AM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

Error - 3/22/2010 2:19:32 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

[ Application Events ]
Error - 3/29/2010 4:35:55 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1590 Start Time: 01cacf5050b5e932 Termination Time: 26

Error - 3/30/2010 2:11:40 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 63c Start Time: 01cad02e9aaaa002 Termination Time: 38266

Error - 3/30/2010 2:19:21 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f0 Start Time: 01cad0345907cd72 Termination Time: 60000

Error - 3/30/2010 2:23:01 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =

Error - 4/22/2010 5:12:15 PM | Computer Name = REO-laptop | Source = ESENT | ID = 505
Description = wuaueng.dll (1320) SUS20ClientDataStore: An attempt to open the compressed
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
access failed because it could not be converted to a normal file. The open file
operation will fail with error -4005 (0xfffff05b). To prevent this error in the
future you can manually decompress the file and change the compression state of
the containing folder to uncompressed. Writing to this file when it is compressed
is not supported.

Error - 4/22/2010 5:26:20 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =

Error - 5/1/2010 10:15:58 AM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program qw.exe version 17.1.9.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1420 Start Time: 01cae93846b35561 Termination Time: 44

Error - 5/1/2010 10:16:58 AM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application Dwm.exe, version 6.0.6002.18005, time stamp 0x49e01b94,
faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception
code 0xc0000005, fault offset 0x0004a1de, process id 0xb64, application start time
0x01cae92fb35c7f61.

Error - 5/1/2010 1:41:52 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1468, application
start time 0x01cae9310db162e1.

Error - 5/1/2010 1:42:28 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1bfc, application
start time 0x01cae9432fe48dd1.

[ Media Center Events ]
Error - 8/28/2008 7:37:07 AM | Computer Name = REO-laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/19/2008 12:26:05 AM | Computer Name = REO-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9922 seconds with 8100 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 5/9/2010 2:03:02 PM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 5/10/2010 12:37:56 AM | Computer Name = REO-laptop | Source = DCOM | ID = 10010
Description =

Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:54 AM | Computer Name = REO-laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/10/2010 12:40:34 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 5/10/2010 12:40:45 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 5/10/2010 1:54:45 AM | Computer Name = REO-laptop | Source = BROWSER | ID = 8032
Description =


< End of report >

Extras.txt OTL log:

OTL Extras logfile created on: 5/10/2010 2:06:21 AM - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 32.93 Gb Free Space | 53.27% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 192.17 Gb Free Space | 86.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.82 Gb Free Space | 73.19% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{064CFBD4-1A04-4B84-920E-E3AABE076C4B}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdateservice.exe |
"{09058782-5BE9-47AE-9E77-E9D95A56D6E6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{100C04D7-0BD5-420A-9C30-D349AB13FC5B}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{12981B49-90A4-4C1D-87BA-BFDB8091A7DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{14AF9013-9CC6-4FC1-8D4F-BB86857B0D29}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{2776CBA4-9AEA-4C82-8A0C-7C578824D091}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{7913906B-6810-4DF9-A4C7-E41488316830}" = lport=80 | protocol=6 | dir=out | app=c:\program files\common files\intuit\update service\intuitupdater.exe |
"{BA12E6FB-42DE-473C-BE95-1515FA36721D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{C30A1DA5-B495-4963-BDFB-96D36FC0D444}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{D406073B-28FC-441B-98EA-C85912015E69}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{114813E0-DED2-4545-BAD3-682A35D2BDC9}" = protocol=17 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{160F4E77-9E46-41B8-A34E-6BF0E7EB7092}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{1797BF06-5567-4572-9D7C-9F8D5FFCF620}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{1DDA24D5-64A9-47BB-B833-7A1CCB979B2E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{1FBCDEC0-82AB-4908-99E4-A2E0AB0B2D33}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{3BD477E3-818C-4EB5-B56B-9EE38A91010B}" = dir=in | app=c:\program files\lenovo\shuttlecenter\powercinema.exe |
"{3C582205-6C25-42FE-99A6-655BFC56DE9E}" = protocol=58 | dir=in | name=internet connection sharing (router solicitation-in) |
"{45780240-5609-47EF-A5FC-0E67F60678BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dmp\clbrowserengine.exe |
"{6D59C795-087C-42C0-86DF-B6B352A6606F}" = dir=out | svc=sharedaccess | app=c:\windows\system32\svchost.exe |
"{8302C106-8222-4F55-98B7-A4825B50F984}" = dir=in | app=c:\program files\lenovo\shuttlecenter\kernel\dms\clmsservice.exe |
"{CED57A0D-9753-42BD-A801-FC919E296434}" = protocol=6 | dir=in | app=d:\program files\yahoo!\messenger\yserver.exe |
"{EC823F68-1CD6-4380-BB24-F7F5F4D70DA3}" = protocol=17 | dir=in | app=d:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F4A696EC-F341-436D-8799-AF55683C7BBE}" = protocol=6 | dir=in | app=d:\program files\symantec\ghost\ngctw32.exe |
"{F690C616-0592-4083-9D42-77BC18E6E9BC}" = dir=in | app=c:\program files\lenovo\shuttlecenter\pcmservice.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{10885AE8-E42E-43CB-0A9D-1DCE4B636080}" = Symantec Ghost Configuration Client (Standalone)
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Shuttle Center II
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{353D20CC-719B-4A60-AD33-D03F88C10330}" = Microsoft Office Accounting PayPal Addin
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{39316EDC-804F-4081-9974-0A13BA77E5EF}" = Windows Internet Explorer Platform Preview
"{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{46614A49-222A-48EF-87A9-BFD603E608E1}" = Microsoft Office Accounting Fixed Asset Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo Easy Camera
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5E11064C-41D6-4451-B45A-E36DFBCB84AC}" = Download Guard for Internet Explorer
"{5FA793A6-0071-42C1-9355-8F69A428C44F}" = Microsoft Office Accounting ADP Payroll Addin
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6E127727-CE4B-40E4-9A7D-9D65CDE0A15C}" = EnergyCut
"{6ECD42B2-32AF-4898-880D-0608EA5C592A}" = ApproveIt Desktop
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C711818-076E-475C-B95B-DF11CD9D8DBE}" = Microsoft Office Accounting Equifax Addin
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A90C03D6-08E1-4C59-B93B-6919A6C0AC19}" = TSP_CODEC
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A98E3354-AD08-427C-A0AC-32221A3E6598}" = Active@ Partition Manager
"{AA468551-1794-42FE-B504-C41D75EEBDF2}_is1" = Partition Wizard Home Edition 5.0
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B0717D5A-1976-482B-9ADF-F19631A541A4}" = Microsoft Office Accounting 2007
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B39AA98E-C966-46C9-ACA2-D2586E300988}" = WinFlash
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4917541-1D76-4BDD-0A44-0E5B98363300}" = Symantec User Migration Wizard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C43E4B9C-14C8-4EB0-998B-85211B6EDD61}" = Acronis True Image WD Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0000650-0650-0650-0650-000000000650}" = PureEdge Viewer 6.5
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"AVG9Uninstall" = AVG Free 9.0
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Download Guard for Internet Explorer" = Download Guard for Internet Explorer
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 5.0.1 Home Edition
"HDMI" = Intel® Graphics Media Accelerator Driver
"lenovo scrnsave" = lenovo scrnsave
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Office Accounting 2007" = Microsoft Office Accounting 2007
"Microsoft Office Accounting Equifax Addin" = Microsoft Office Accounting Equifax Addin
"Microsoft Office Accounting PayPal Addin" = Microsoft Office Accounting PayPal Addin
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox (3.6.4)" = Mozilla Firefox (3.6.4)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"PROR" = Microsoft Office Professional 2007
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SpywareBlaster_is1" = SpywareBlaster 4.3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TurboTax 2008" = TurboTax 2008
"VeriFace" = VeriFace
"WinLiveSuite_Wave3" = Windows Live Essentials
"Yahoo! Messenger" = Yahoo! Messenger
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ ActivIdentity Events ]
Error - 3/14/2010 2:01:14 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

Error - 3/20/2010 7:42:32 AM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

Error - 3/22/2010 2:19:32 PM | Computer Name = REO-laptop | Source = ActivClient | ID = 769
Description =

[ Application Events ]
Error - 3/29/2010 4:35:55 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 1.9.2.3727 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 1590 Start Time: 01cacf5050b5e932 Termination Time: 26

Error - 3/30/2010 2:11:40 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 63c Start Time: 01cad02e9aaaa002 Termination Time: 38266

Error - 3/30/2010 2:19:21 PM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Problem Reports and Solutions control panel. Process
ID: 17f0 Start Time: 01cad0345907cd72 Termination Time: 60000

Error - 3/30/2010 2:23:01 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =

Error - 4/22/2010 5:12:15 PM | Computer Name = REO-laptop | Source = ESENT | ID = 505
Description = wuaueng.dll (1320) SUS20ClientDataStore: An attempt to open the compressed
file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" for read / write
access failed because it could not be converted to a normal file. The open file
operation will fail with error -4005 (0xfffff05b). To prevent this error in the
future you can manually decompress the file and change the compression state of
the containing folder to uncompressed. Writing to this file when it is compressed
is not supported.

Error - 4/22/2010 5:26:20 PM | Computer Name = REO-laptop | Source = VSS | ID = 8194
Description =

Error - 5/1/2010 10:15:58 AM | Computer Name = REO-laptop | Source = Application Hang | ID = 1002
Description = The program qw.exe version 17.1.9.2 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Problem Reports and Solutions control panel. Process
ID: 1420 Start Time: 01cae93846b35561 Termination Time: 44

Error - 5/1/2010 10:16:58 AM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application Dwm.exe, version 6.0.6002.18005, time stamp 0x49e01b94,
faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7, exception
code 0xc0000005, fault offset 0x0004a1de, process id 0xb64, application start time
0x01cae92fb35c7f61.

Error - 5/1/2010 1:41:52 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1468, application
start time 0x01cae9310db162e1.

Error - 5/1/2010 1:42:28 PM | Computer Name = REO-laptop | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18904, time stamp
0x4b835fec, faulting module ole32.dll, version 6.0.6002.18005, time stamp 0x49e037d7,
exception code 0xc0000005, fault offset 0x0004a1de, process id 0x1bfc, application
start time 0x01cae9432fe48dd1.

[ Media Center Events ]
Error - 8/28/2008 7:37:07 AM | Computer Name = REO-laptop | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 8/19/2008 12:26:05 AM | Computer Name = REO-laptop | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session
lasted 9922 seconds with 8100 seconds of active time. This session ended with a
crash.

[ System Events ]
Error - 5/9/2010 2:03:02 PM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 5/10/2010 12:37:56 AM | Computer Name = REO-laptop | Source = DCOM | ID = 10010
Description =

Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:38:47 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:10 AM | Computer Name = REO-laptop | Source = volmgr | ID = 262190
Description = Crash dump initialization failed!

Error - 5/10/2010 12:39:54 AM | Computer Name = REO-laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 5/10/2010 12:40:34 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7000
Description =

Error - 5/10/2010 12:40:45 AM | Computer Name = REO-laptop | Source = Service Control Manager | ID = 7034
Description =

Error - 5/10/2010 1:54:45 AM | Computer Name = REO-laptop | Source = BROWSER | ID = 8032
Description =


< End of report >


GMER Log:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-10 02:03:54
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\RAYE~1.OSE\AppData\Local\Temp\kwlyykog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateFile [0x90A2F0D8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateKey [0x90A4DAA6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcess [0x90A49F6A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0x90A4A392]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateSection [0x90A5236A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteFile [0x90A2FF9A]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteKey [0x90A4F4BC]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0x90A4EDB2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0x90A48DA8]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey [0x90A4FE86]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0x90A500C4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwLoadKeyEx [0x90A50576]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenFile [0x90A2FA8C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwOpenProcess [0x90A4BFC2]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRenameKey [0x90A5130C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwReplaceKey [0x90A50840]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwRestoreKey [0x90A50F4C]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0x90A35DC4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0x90A303A4]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetSecurityObject [0x90A51894]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSetValueKey [0x90A4E4D6]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0x90A4B08E]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0x90A4ADBE]
SSDT \SystemRoot\system32\DRIVERS\vsdatant.sys (ZoneAlarm Firewalling Driver/Check Point Software Technologies LTD) ZwCreateUserProcess [0x90A4A806]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 1D9 820BA93C 4 Bytes [D8, F0, A2, 90]
.text ntkrnlpa.exe!KeSetEvent + 1E9 820BA94C 4 Bytes [A6, DA, A4, 90]
.text ntkrnlpa.exe!KeSetEvent + 209 820BA96C 8 Bytes [6A, 9F, A4, 90, 92, A3, A4, ...]
.text ntkrnlpa.exe!KeSetEvent + 215 820BA978 4 Bytes [6A, 23, A5, 90] {PUSH 0x23; MOVSD ; NOP }
.text ntkrnlpa.exe!KeSetEvent + 2D1 820BAA34 8 Bytes [9A, FF, A2, 90, BC, F4, A4, ...] {CALL FAR 0xa4f4:0xbc90a2ff; NOP }
.text ...

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[744] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[744] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3832] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogParamW 771D72A2 5 Bytes JMP 6AEBDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!GetAsyncKeyState 771D863C 5 Bytes JMP 6ADD8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetWindowsHookExW 771D87AD 5 Bytes JMP 6AEB9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CallNextHookEx 771D8E3B 5 Bytes JMP 6AEAD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!UnhookWindowsHookEx 771D98DB 5 Bytes JMP 6AE2466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!EnableWindow 771DCD8B 5 Bytes JMP 6AEBDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!GetKeyState 771E8CB1 5 Bytes JMP 6AEBD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!IsDialogMessageW 771F0745 5 Bytes JMP 6ADE5A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogParamA 771F17AA 5 Bytes JMP 6AFB53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!IsDialogMessage 771F1847 5 Bytes JMP 6AFB4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogIndirectParamA 771F26F1 5 Bytes JMP 6AFB53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!CreateDialogIndirectParamW 771F9A62 5 Bytes JMP 6AFB5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetKeyboardState 77200987 5 Bytes JMP 6AFB4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SendInput 77202F75 5 Bytes JMP 6AFB5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!EndDialog 7720326E 5 Bytes JMP 6ADE7EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!SetCursorPos 77216FB2 5 Bytes JMP 6AFB5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] USER32.dll!keybd_event 7722D972 5 Bytes JMP 6AFB5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D1D 761C8910 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D25 761C8918 4 Bytes [57, 2F, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D95 761C8988 4 Bytes [4D, 30, 06, 66]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] SHELL32.dll!SHRestricted + D9D 761C8990 8 Bytes [57, 2F, 06, 66, 9C, 5B, 05, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] ole32.dll!OleLoadFromStream 770A1E12 5 Bytes JMP 6AFB4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] ole32.dll!CoCreateInstance 770D9EA6 5 Bytes JMP 6AEBDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!closesocket 75CA330C 5 Bytes JMP 65F5EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!recv 75CA343A 5 Bytes JMP 65F5F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!socket 75CA36D1 5 Bytes JMP 65F5E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!connect 75CA40D9 5 Bytes JMP 65F5E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!getaddrinfo 75CA418A 5 Bytes JMP 65F5E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5264] WS2_32.dll!send 75CA659B 5 Bytes JMP 65F5E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!CreateWindowExW 771E1305 5 Bytes JMP 6AEBDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxParamW 772010B0 5 Bytes JMP 6ADE5505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxIndirectParamW 77202EF5 5 Bytes JMP 6AFB473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxParamA 77218152 5 Bytes JMP 6AFB46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!DialogBoxIndirectParamA 7721847D 5 Bytes JMP 6AFB47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxIndirectA 7722D4D9 5 Bytes JMP 6AFB4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxIndirectW 7722D5D3 5 Bytes JMP 6AFB4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxExA 7722D639 5 Bytes JMP 6AFB45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5392] USER32.dll!MessageBoxExW 7722D65D 5 Bytes JMP 6AFB4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 tdrpman.sys (Acronis Try&Decide and Restore Points Volume Filter Driver/Acronis)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

MBAM Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

5/10/2010 1:33:35 AM
mbam-log-2010-05-10 (01-33-35).txt

Scan type: Quick scan
Objects scanned: 128632
Time elapsed: 5 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements

#2
RKinner
Posted 10 May 2010 - 08:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Uninstall Zone Alarm if you haven't already. It appears to be broken. You are also telling Firefox to use a proxy but none is defined which is why it can't work.

Also uninstall
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7

and uniblue if you still have it. We don't want it.



Copy the text between the lines of stars by highlighting and Ctrl + c
***************************************************************************************************
:OTL
FF - prefs.js..network.proxy.type: 4
O2 - BHO: (Download Guard for Internet Explorer) - {20C1A7F0-528E-444F-BAC5-5804A61CCA7F} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Right click on george and Run As Administrator to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:


Ron
  • 0

#3
RKinner
Posted 10 May 2010 - 09:01 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Before I forget:

You have compressed a folder that should not be compressed.

C:\Windows\SoftwareDistribution\DataStore

See http://www.itechtalk...thread3026.html for how to uncompress it.

Ron
  • 0

#4
rosejo
Posted 10 May 2010 - 11:27 AM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Ron,

I completed all your steps exactly as you suggested; however, I did not find that C:\Windows\SoftwareDistribution\DataStore was compressed, so I just left it as is.

Here are the requested logs after completing all the suggested steps:

OTL log:

OTL logfile created on: 5/10/2010 12:36:19 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Ray E. Osejo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): c:\pagefile.sys 16 16d:\pagefile.sys 3057 5000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 61.81 Gb Total Space | 33.13 Gb Free Space | 53.61% Space Free | Partition Type: NTFS
Drive D: | 221.48 Gb Total Space | 190.87 Gb Free Space | 86.18% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 29.29 Gb Total Space | 5.31 Gb Free Space | 18.14% Space Free | Partition Type: NTFS
Drive G: | 104.96 Gb Total Space | 76.92 Gb Free Space | 73.28% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: REO-LAPTOP
Current User Name: Ray E. Osejo
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
PRC - [2010/04/22 17:26:14 | 002,064,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/04/22 17:26:08 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/04/22 17:21:42 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/03/29 14:54:52 | 002,343,120 | ---- | M] (IObit) -- D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/03/12 15:03:28 | 000,508,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2010/03/12 15:01:52 | 000,710,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- D:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2009/11/02 20:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/06/10 04:02:50 | 000,904,840 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2009/06/10 03:57:40 | 000,136,472 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2009/06/10 03:55:30 | 001,326,080 | ---- | M] (Acronis) -- D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/02/06 19:21:00 | 000,224,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Toolbar\wltuser.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/02/13 19:55:40 | 000,241,664 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\VeriFace\PManage.exe
PRC - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
PRC - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
PRC - [2007/10/26 05:07:56 | 000,417,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe
PRC - [2007/10/05 16:55:12 | 000,229,376 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\HControl.exe
PRC - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe
PRC - [2007/08/27 14:55:32 | 001,232,896 | ---- | M] (Lenovo (Beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe
PRC - [2007/08/15 12:38:30 | 000,147,456 | ---- | M] () -- C:\Program Files\ATK Hotkey\WDC.exe
PRC - [2007/08/08 12:03:42 | 002,441,216 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006/12/05 18:30:06 | 000,450,560 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter3\BrccMCtl.exe
PRC - [2006/11/24 21:20:36 | 000,622,592 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
PRC - [2006/11/22 05:31:25 | 000,630,784 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/05/08 19:52:04 | 000,204,800 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
PRC - [2006/02/26 11:07:12 | 002,502,656 | ---- | M] (Lenovo(beijing) Limited) -- D:\Program Files\Lenovo\EnergyCut\utilty.exe


========== Modules (SafeList) ==========

MOD - [2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
MOD - [2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (ac.sharedstore)
SRV - [2010/03/12 15:03:22 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/12 15:01:53 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- D:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/11/22 16:44:16 | 002,384,240 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/06/10 03:57:36 | 000,431,384 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/05/27 04:27:04 | 029,262,680 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/03/30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 17:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/10/26 05:08:26 | 000,106,583 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2007/10/26 05:08:24 | 000,262,233 | ---- | M] () [Auto | Running] -- C:\Program Files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2007/10/02 22:53:00 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2006/12/04 15:32:10 | 000,632,456 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- D:\Program Files\Symantec\Ghost\ngctw32.exe -- (NGCLIENT)


========== Driver Services (SafeList) ==========

DRV - [2010/04/30 09:23:29 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/04/30 09:23:29 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/04/30 09:23:11 | 000,132,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/04/30 09:22:37 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/04/09 13:16:50 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010/04/09 13:16:46 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/01/20 16:53:06 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/01/20 16:53:04 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/01/06 23:19:00 | 000,057,856 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCR3XX2K.sys -- (SCR3XX2K)
DRV - [2009/12/02 09:19:06 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/11/22 16:44:20 | 000,446,664 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (vsdatant)
DRV - [2009/05/19 06:43:08 | 000,021,520 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009/04/11 00:38:59 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbccid.sys -- (USBCCID)
DRV - [2008/02/13 19:30:44 | 000,018,048 | ---- | M] (ensurebit) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CapFilt.sys -- (CapFilt)
DRV - [2008/02/11 20:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/19 01:57:16 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2008/01/19 00:25:05 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2007/11/14 17:24:18 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/02 17:29:02 | 000,828,328 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007/07/22 16:00:44 | 000,180,736 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/06/21 05:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/04/25 00:17:35 | 000,277,784 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/03/21 23:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/02/24 15:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/01/23 17:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/12/14 03:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006/11/22 05:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.lenovo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://netscape.aol.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://netscape.aol.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.14
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.%(version)s
FF - prefs.js..network.proxy.type: ""

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: D:\Program Files\Mozilla Firefox 3.6 Beta 5\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: D:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/04/30 17:04:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2010/04/30 17:04:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: D:\Program Files\Mozilla Thunderbird\components [2010/04/30 18:32:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: D:\Program Files\Mozilla Thunderbird\plugins

[2009/12/23 10:42:27 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions
[2009/12/23 10:42:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/04 09:14:46 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions
[2010/02/05 19:28:54 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/04/27 21:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/18 08:02:52 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/22 23:12:09 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/08 15:06:01 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2008/07/07 17:54:34 | 000,000,000 | ---D | M] (DoD Configuration) -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\{d15c1608-ba3e-4aa0-aa6f-aa9337226087}
[2010/04/22 18:26:38 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\extensions\[email protected]

O1 HOSTS File: ([2010/05/10 12:22:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AprvRemoveLegacyExcelKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AprvRemoveLegacyWordKeys] C:\Program Files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.Off File not found
O4 - HKLM..\Run: [AVG9_TRAY] D:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [EnergyCut] D:\Program Files\Lenovo\EnergyCut\EnergyCut.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] D:\Program Files\Lenovo\EnergyCut\utilty.exe (Lenovo(beijing) Limited)
O4 - HKLM..\Run: [masqform.exe] D:\Program Files\PureEdge\Viewer 6.5\masqform.exe (PureEdge™ Solutions Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Lenovo\ShuttleCenter\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VeriFacePassManager] C:\Program Files\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe File not found
O4 - HKLM..\RunOnce: [OTL] C:\Users\Ray E. Osejo\Desktop\OTL.exe (OldTimer Tools)
O8 - Extra context menu item: E&xport to Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Password Administration Box - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\Program Files\Lenovo\VeriFace\OpenWnd.exe (Lenovo)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([webmail.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmcac.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([wmlogin.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - File not found
O24 - Desktop WallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O24 - Desktop BackupWallPaper: \Windows\Web\Wallpaper\lenovo_Chr1_W.jpg
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell - "" = AutoRun
O33 - MountPoints2\{3d8c39fb-697c-11dd-b3cf-001fc600b2c6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/10 12:29:07 | 000,000,000 | ---D | C] -- D:\Users\Ray E. Osejo\Documents\OTL Actions Log Files
[2010/05/10 12:22:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/10 02:05:24 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/10 01:26:33 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Malwarebytes
[2010/05/10 01:26:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/05/10 01:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/05/10 01:26:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/05/01 16:26:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DVDneXtCOPY
[2010/04/30 09:24:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010/04/30 09:22:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Acronis
[2010/04/29 23:28:43 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Apple Computer
[2010/04/28 07:54:36 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\Spark
[2010/04/27 07:55:04 | 000,000,000 | -H-D | C] -- C:\VirtualStore
[2010/04/24 08:25:04 | 000,000,000 | ---D | C] -- C:\Program Files\Coupons
[2010/04/22 18:29:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010/04/22 16:34:52 | 000,000,000 | ---D | C] -- D:\Users\Ray E. Osejo\Documents\RootKit Scan Log Files
[2010/03/30 14:47:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Paragon
[2010/03/30 14:42:39 | 000,040,560 | ---- | C] (Paragon Software Group) -- C:\Windows\System32\drivers\hotcore3.sys
[2010/03/30 13:11:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/03/27 08:01:44 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Symantec
[2010/03/17 15:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Config
[2010/03/17 11:11:00 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer Platform Preview
[2010/03/16 09:41:24 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2010/03/12 15:03:28 | 000,012,464 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/07 18:32:23 | 000,000,000 | ---D | C] -- C:\Users\Ray E. Osejo\AppData\Roaming\Move Networks
[2010/02/25 22:06:13 | 000,000,000 | ---D | C] -- C:\Program Files\Machinist2DLL

========== Files - Modified Within 90 Days ==========

[2010/05/10 12:36:17 | 008,388,608 | -HS- | M] () -- C:\Users\Ray E. Osejo\ntuser.dat
[2010/05/10 12:35:49 | 003,685,876 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\ComboFix.exe
[2010/05/10 12:25:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/10 12:25:11 | 000,000,374 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010/05/10 12:24:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/05/10 12:24:40 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 12:24:40 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/05/10 12:24:32 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2010/05/10 12:23:19 | 000,524,288 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/05/10 12:23:19 | 000,065,536 | -HS- | M] () -- C:\Users\Ray E. Osejo\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/05/10 12:22:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010/05/10 12:08:25 | 000,409,232 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/10 12:06:08 | 003,780,518 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\IconCache.db
[2010/05/10 02:22:05 | 000,066,640 | -H-- | M] () -- C:\Users\Ray E. Osejo\AppData\Roaming\Ray E. Osejo.idx
[2010/05/10 01:41:17 | 000,293,376 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\gmer.exe
[2010/05/10 01:26:28 | 000,000,626 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/06 01:11:52 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Ray E. Osejo\Desktop\OTL.exe
[2010/05/01 16:26:57 | 000,000,677 | ---- | M] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/05/01 10:13:11 | 000,756,644 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/01 10:13:11 | 000,642,392 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/01 10:13:11 | 000,118,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/04/30 18:32:48 | 000,000,810 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:07:19 | 000,005,972 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\d3d9caps.dat
[2010/04/30 17:04:18 | 000,000,760 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 15:12:13 | 000,001,024 | ---- | M] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:22:36 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/30 06:28:53 | 000,422,438 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/28 09:51:47 | 000,000,718 | ---- | M] () -- C:\Users\Ray E. Osejo\Desktop\CCleaner.lnk
[2010/04/26 19:46:02 | 059,288,376 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/04/22 22:28:20 | 000,000,692 | ---- | M] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/04/22 18:29:38 | 000,001,546 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/04/22 17:51:42 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/04/22 17:26:09 | 000,242,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/04/22 17:24:21 | 000,000,419 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2010/04/22 17:24:21 | 000,000,027 | ---- | M] () -- C:\Windows\BRPP2KA.INI
[2010/04/09 13:16:52 | 000,535,624 | ---- | M] () -- C:\Windows\System32\pwNative.exe
[2010/04/09 13:16:50 | 000,016,472 | ---- | M] () -- C:\Windows\System32\pwdrvio.sys
[2010/04/09 13:16:46 | 000,011,104 | ---- | M] () -- C:\Windows\System32\pwdspio.sys
[2010/03/31 08:39:09 | 000,003,213 | -H-- | M] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/26 08:04:59 | 000,381,559 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100422-205050.backup
[2010/03/17 11:11:03 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/17 07:12:10 | 000,381,307 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100326-080459.backup
[2010/03/15 07:35:22 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010/03/12 16:21:53 | 000,381,239 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100317-071210.backup
[2010/03/12 15:03:28 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/03/12 15:03:28 | 000,012,464 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/03/12 15:01:52 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/03/08 23:09:23 | 000,380,856 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100312-152153.backup
[2010/03/06 00:05:45 | 000,014,336 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/24 08:08:23 | 000,109,480 | ---- | M] () -- C:\Users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/18 21:53:12 | 000,380,752 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100308-220923.backup
[2010/02/13 08:56:26 | 000,379,050 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100218-205312.backup

========== Files Created - No Company Name ==========

[2010/05/10 12:35:22 | 003,685,876 | ---- | C] () -- C:\Users\Ray E. Osejo\Desktop\ComboFix.exe
[2010/05/10 01:26:28 | 000,000,626 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 16:26:57 | 000,000,677 | ---- | C] () -- C:\Users\Public\Desktop\DVDneXtCOPY 3.lnk
[2010/04/30 18:32:48 | 000,000,810 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010/04/30 17:04:18 | 000,000,760 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/04/30 09:37:58 | 000,001,024 | ---- | C] () -- C:\Windows\System32\AutoPartNt.let
[2010/04/30 09:22:36 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image WD Edition.lnk
[2010/04/22 18:29:38 | 000,001,546 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/03/31 06:03:58 | 000,003,213 | -H-- | C] () -- C:\Windows\EPMBatch.ept
[2010/03/31 05:52:36 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\EASEUS Partition Master 5.0.1 Home Edition.lnk
[2010/03/31 05:52:34 | 001,692,288 | ---- | C] () -- C:\Windows\System32\BootMan.exe
[2010/03/31 05:52:34 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe
[2010/03/31 05:52:34 | 000,014,848 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll
[2010/03/31 05:52:34 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys
[2010/03/31 05:52:34 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys
[2010/03/30 15:14:36 | 000,535,624 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2010/03/30 15:14:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2010/03/30 15:14:15 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2010/03/30 15:02:57 | 000,000,692 | ---- | C] () -- C:\Users\Public\Desktop\Partition Wizard Home Edition.lnk
[2010/03/17 11:11:03 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\Internet Explorer Platform Preview.lnk
[2010/03/15 07:35:21 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010/01/20 22:18:01 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010/01/13 17:51:59 | 000,004,733 | ---- | C] () -- C:\Windows\SigPlus.ini
[2009/12/23 20:33:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/04/30 00:05:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\erainp32.dll
[2008/08/09 11:23:06 | 000,000,181 | ---- | C] () -- C:\Windows\msmail.ini
[2008/07/12 21:01:18 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/07/12 21:01:18 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/07/12 20:59:09 | 000,000,228 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2008/07/12 20:59:09 | 000,000,094 | ---- | C] () -- C:\Windows\brpcfx.ini
[2008/07/12 20:57:30 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2008/07/12 20:57:28 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2008/07/07 17:42:43 | 000,000,165 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp.dll
[2008/02/13 19:55:43 | 001,560,576 | ---- | C] () -- C:\Windows\System32\MainOp(303).dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image.dll
[2008/02/13 19:55:43 | 000,208,896 | ---- | C] () -- C:\Windows\System32\Image(300).dll
[2008/02/13 19:55:42 | 000,491,520 | ---- | C] () -- C:\Windows\System32\picn.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp.dll
[2008/02/13 19:55:42 | 000,126,976 | ---- | C] () -- C:\Windows\System32\VideoOp(326).dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo.dll
[2008/02/13 19:55:42 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Momo(305).dll
[2008/02/13 19:55:42 | 000,049,152 | ---- | C] () -- C:\Windows\System32\DevFilt.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog.dll
[2008/02/13 19:55:41 | 001,327,104 | ---- | C] () -- C:\Windows\System32\ImageReog(301).dll
[2008/02/13 19:55:41 | 000,622,592 | ---- | C] () -- C:\Windows\System32\PicNotify.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend.dll
[2008/02/13 19:55:41 | 000,094,208 | ---- | C] () -- C:\Windows\System32\ApBlend(274).dll
[2008/02/13 19:15:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/02/11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007/11/14 17:21:02 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/07 06:44:11 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
[2007/09/07 06:44:11 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/01/20 13:56:58 | 000,086,016 | ---- | C] () -- C:\Windows\System32\Machinist2.dll

========== LOP Check ==========

[2010/01/09 11:10:36 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\IObit
[2008/07/07 18:28:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\PureEdge
[2009/12/23 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Thunderbird
[2010/03/16 09:41:24 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Uniblue
[2008/08/18 09:47:14 | 000,000,000 | ---D | M] -- C:\Users\Ray E. Osejo\AppData\Roaming\Xerox
[2010/05/10 12:25:33 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\AWC Startup.job
[2010/05/10 12:23:21 | 000,032,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >

ComboFix log:

ComboFix 10-05-09.08 - Ray E. Osejo 05/10/2010 12:48:14.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1689 [GMT -4:00]
Running from: c:\users\Ray E. Osejo\Desktop\george.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\BisonC07.dll
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-04-10 to 2010-05-10 )))))))))))))))))))))))))))))))
.

2010-05-10 16:54 . 2010-05-10 17:00 -------- d-----w- c:\users\Ray E. Osejo\AppData\Local\temp
2010-05-10 16:54 . 2010-05-10 16:54 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-10 16:54 . 2010-05-10 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-10 16:22 . 2010-05-10 16:22 -------- d-----w- C:\_OTL
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 20:26 . 2010-05-01 22:19 -------- d-----w- c:\programdata\DVDneXtCOPY
2010-04-30 13:37 . 2010-04-30 19:11 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-04-30 13:23 . 2010-04-30 13:23 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-04-30 13:23 . 2010-04-30 13:23 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-30 13:23 . 2010-04-30 13:23 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-30 13:22 . 2010-04-30 13:22 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-04-30 13:22 . 2010-04-30 13:22 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-30 03:28 . 2010-04-30 03:28 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Apple Computer
2010-04-28 11:54 . 2010-04-28 11:54 -------- d-----w- c:\users\Ray E. Osejo\Spark
2010-04-27 11:55 . 2010-04-27 11:55 -------- d-----w- C:\VirtualStore
2010-04-24 12:25 . 2010-04-24 12:29 -------- d-----w- c:\program files\Coupons
2010-04-22 22:29 . 2010-04-22 22:29 -------- d-----w- c:\programdata\Apple Computer
2010-04-22 22:18 . 2009-12-23 11:33 172032 -c--a-w- c:\windows\system32\wintrust.dll
2010-04-22 22:18 . 2010-01-13 17:34 98304 -c--a-w- c:\windows\system32\cabview.dll
2010-04-22 21:38 . 2010-02-23 11:10 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-22 21:38 . 2010-02-23 11:10 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-22 21:38 . 2010-02-23 11:10 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-22 21:38 . 2010-02-18 14:07 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-22 21:38 . 2010-02-18 14:07 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-22 21:38 . 2010-03-05 14:01 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-04-22 21:37 . 2010-02-18 14:07 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-22 21:37 . 2010-02-18 13:30 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-04-22 21:37 . 2010-02-18 11:28 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-22 21:20 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-10 16:15 . 2008-07-04 17:26 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 16:04 . 2008-07-04 16:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-10 11:51 . 2008-02-13 23:40 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 11:07 . 2010-05-07 11:06 30534926 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2010_05_07_00_50_01_full.dmp.zip
2010-05-01 20:26 . 2010-02-03 21:59 -------- d-----w- c:\programdata\DShield
2010-04-30 21:07 . 2008-07-26 11:09 5972 ----a-w- c:\users\Ray E. Osejo\AppData\Local\d3d9caps.dat
2010-04-30 10:28 . 2010-01-21 02:45 422438 -c-ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-04-29 16:39 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBA73D.tmp
2010-04-29 16:31 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBAA2B.tmp
2010-04-27 11:47 . 2010-04-27 11:54 1920000 ----a-w- c:\windows\Internet Logs\xDB7D4B.tmp
2010-04-27 11:43 . 2010-04-27 11:54 1919488 ----a-w- c:\windows\Internet Logs\xDB7E65.tmp
2010-04-27 02:46 . 2010-01-07 03:20 3432125 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-23 16:05 . 2008-07-28 04:20 110312 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\Shop4Tech.com
2010-04-22 22:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-22 22:10 . 2010-04-22 22:11 51712 ----a-w- c:\windows\Internet Logs\xDBA333.tmp
2010-04-22 21:26 . 2009-12-24 02:51 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-09 17:16 . 2010-03-30 19:14 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-04-09 17:16 . 2010-03-30 19:14 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-04-09 17:16 . 2010-03-30 19:14 11104 ------w- c:\windows\system32\pwdspio.sys
2010-03-31 09:37 . 2010-03-31 09:39 228352 ----a-w- c:\windows\Internet Logs\xDB2FC8.tmp
2010-03-30 18:48 . 2010-03-30 18:47 -------- d-----w- c:\programdata\Paragon
2010-03-30 18:23 . 2008-02-13 23:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 04:24 . 2010-03-28 11:25 1865728 ----a-w- c:\windows\Internet Logs\xDBA95B.tmp
2010-03-28 04:23 . 2010-03-28 11:25 387584 ----a-w- c:\windows\Internet Logs\xDBA822.tmp
2010-03-27 12:01 . 2010-03-27 12:01 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Symantec
2010-03-21 04:49 . 2010-03-21 10:05 1846272 ----a-w- c:\windows\Internet Logs\xDB9370.tmp
2010-03-21 04:49 . 2010-03-21 10:05 422912 ----a-w- c:\windows\Internet Logs\xDB9187.tmp
2010-03-19 22:56 . 2010-03-19 22:56 1426674 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Employment-Employer Messages.sbd\Sanford.com
2010-03-17 19:46 . 2010-03-17 19:46 -------- d-----w- c:\programdata\Config
2010-03-17 15:11 . 2010-03-17 15:11 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-03-16 13:52 . 2008-02-13 23:55 -------- d-----w- c:\programdata\VeriFace
2010-03-16 13:41 . 2010-03-16 13:41 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Uniblue
2010-03-15 11:35 . 2010-03-15 11:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-12 19:03 . 2010-03-12 19:03 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-03-12 19:03 . 2009-12-24 02:51 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-12 19:01 . 2009-12-24 02:51 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-12 14:03 . 2010-03-12 18:57 237056 ----a-w- c:\windows\Internet Logs\xDB5BF6.tmp
2010-03-08 03:15 . 2010-03-08 09:36 1201664 ----a-w- c:\windows\Internet Logs\xDBF299.tmp
2010-03-07 22:36 . 2010-03-07 22:36 144160 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\uninstall.exe
2010-03-07 22:36 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-03-03 17:28 . 2010-03-03 17:28 3391 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\KnoxvilleGasPrices.com
2010-03-01 13:32 . 2010-01-28 18:53 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 09:16 . 2010-02-28 09:16 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 14:16 . 2009-12-23 00:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:08 . 2008-07-04 14:49 109480 ----a-w- c:\users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 09:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 08:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 08:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 08:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-11 11:42 . 2010-02-11 11:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-10 03:16 . 2010-02-10 12:39 8704 ----a-w- c:\windows\Internet Logs\xDBD940.tmp
2010-02-10 03:13 . 2010-02-10 03:16 1755136 ----a-w- c:\windows\Internet Logs\xDB781.tmp
2010-02-10 03:13 . 2010-02-10 03:16 421888 ----a-w- c:\windows\Internet Logs\xDB629.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-02-13 23:55 241752 -c--a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-02-13 241664]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"masqform.exe"="d:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"EnergyUtility"="d:\program files\Lenovo\EnergyCut\utilty.exe" [2006-02-26 2502656]
"EnergyCut"="d:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-08-27 1232896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-14 857648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ApproveIt StartUp.lnk - c:\windows\Installer\{6ECD42B2-32AF-4898-880D-0608EA5C592A}\Icon9557F1BC1.ico [2010-1-13 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a1,da,6e,bd,1d,9a,ca,01

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
R2 NGCLIENT;Symantec Ghost Client Agent;d:\program files\Symantec\Ghost\ngctw32.exe [2006-12-04 632456]
R3 CapFilt;CapFilt; [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-07 57856]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-22 242896]
S2 avg9emc;AVG Free E-mail Scanner;d:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
S2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-10 c:\windows\Tasks\AWC Startup.job
- d:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-09 18:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netscape.aol.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: army.mil\webmail.us
Trusted Zone: army.mil\wmcac.us
Trusted Zone: army.mil\wmlogin.us
Trusted Zone: army.mil\www.us
FF - ProfilePath - c:\users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - prefs.js: network.proxy.type -
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-ZoneAlarm Client - d:\program files\Zone Labs\ZoneAlarm\zlclient.exe
HKLM-Run-SunJavaUpdateSched - d:\program files\Java\jre6\bin\jusched.exe
SafeBoot-Lavasoft Ad-Aware Service
AddRemove-Download Guard for Internet Explorer - c:\programdata\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}\Download Guard for Internet Explorer.exe
AddRemove-ZoneAlarm - d:\program files\Zone Labs\ZoneAlarm\zauninst.exe
AddRemove-{5E11064C-41D6-4451-B45A-E36DFBCB84AC} - c:\programdata\{BB36BADD-522D-4988-B24C-0D9C7F8078A1}\Download Guard for Internet Explorer.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 13:01
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{15200cd7-27c6-42ee-8f55-17a6da84c85e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001fc6
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{3ccdd15a-96dc-41e3-986b-ea10b4869355}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:11020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{8a8c8dc8-3540-48c0-9be7-c6049692395f}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:08001cbf
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(912)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(3972)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
d:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
d:\program files\AVG\AVG9\avgchsvx.exe
d:\program files\AVG\AVG9\avgrsx.exe
d:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-10 13:05:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-10 17:05

Pre-Run: 35,438,211,072 bytes free
Post-Run: 35,819,536,384 bytes free

- - End Of File - - E44B7932553C939B3DA56FE535C27A41

I am awaiting your next instructions. I have re-activated all my AVG Free 9.0 functions and my SpyBot S&D Tea-timer. Windows Security reports my AVG virus definitions are out of date, which I am sure they are since I have not been able to access the internet with it to update them. I am sure my SpyBot S&D definitions are also out of date, and I bet my Spywareblaster protections are out of date too. I hope I can reinstall ZoneAlarm once we are done. However, I do have access to Trend Micro's Antivirus products if you think I should change my Antivirus from AVG. My other systems have always been configured with the same suite of antivirus and anti-malware products, and I hope I can re-install AdAware Free Edition anti-malware once we get my internet access back for everything that needs it besides IE.

Thanks,

Ray
  • 0

#5
RKinner
Posted 10 May 2010 - 01:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The combofix instruction just applied to avg. Please leave TeaTimer off until we finish.

Combofix pulled a folder from System32 called %AppData%. This sometimes means the environmental variables are messed up.

Start (Windows Logo), Programs, Accessories then right click on Command Prompt and Run As Administrator. This will bring up a black Command window. Type the text in the code box with an Enter after each line:

set

(There should be an entry for APPDATA which should say:
APPDATA=C:\Users\Ray E. Osejo\AppData\Roaming
(If you are not logged in as Ray E. Osejo then it should have the current user's name instead.
If not then I need you to do the stuff in the code box.)

set  >  junk.txt

reg  query  "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User  Shell  Folders"  /s  >>  junk.txt

reg  query  "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell  Folders"  /s  >>  junk.txt

reg  query  "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User  Shell  Folders"  /s  >>  junk.txt

reg  query  "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell  Folders"  /s  >>  junk.txt

notepad  junk.txt

(I use two spaces so you can see where one space should go. Copy the text from Notepad and paste it in the reply then come back to the command window and do:)

netsh  winsock  reset  catalog

netsh  int  ip  reset  reset.log

Now reboot

Ron

Edited by RKinner, 10 May 2010 - 01:20 PM.

  • 0

#6
rosejo
Posted 10 May 2010 - 02:33 PM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Ray E. Osejo\AppData\Roaming
CLASSPATH=.;D:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=REO-LAPTOP
ComSpec=C:\Windows\system32\cmd.exe
configsetroot=C:\Windows\ConfigSetRoot
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Ray E. Osejo
LOCALAPPDATA=C:\Users\Ray E. Osejo\AppData\Local
LOGONSERVER=\\REO-LAPTOP
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Windows\system32;C:\Windows;C:\Windows\system32\wbem;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files\Microsoft SQL Server\90\Tools\binn;C:\Program Files\ApproveIt\ThirdParty\Bin;C:\Program Files\ApproveIt;D:\Program Files\QuickTime\QTSystem;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=D:\Program Files\Java\jre6\lib\ext\QTJava.zip
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\RAYE~1.OSE\AppData\Local\Temp
TMP=C:\Users\RAYE~1.OSE\AppData\Local\Temp
tvdumpflags=8
USERDOMAIN=REO-laptop
USERNAME=Ray E. Osejo
USERPROFILE=C:\Users\Ray E. Osejo
windir=C:\Windows

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
AppData REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming
Cache REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
Cookies REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
Desktop REG_EXPAND_SZ %USERPROFILE%\Desktop
Favorites REG_EXPAND_SZ %USERPROFILE%\Favorites
History REG_EXPAND_SZ %USERPROFILE%\AppData\Local\Microsoft\Windows\History
Local AppData REG_EXPAND_SZ %USERPROFILE%\AppData\Local
My Music REG_EXPAND_SZ %USERPROFILE%\Music
My Pictures REG_EXPAND_SZ D:\Users\Ray E. Osejo\Pictures
My Video REG_EXPAND_SZ %USERPROFILE%\Videos
NetHood REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Personal REG_EXPAND_SZ D:\Users\Ray E. Osejo\Documents
PrintHood REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Programs REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
SendTo REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
Startup REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Start Menu REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
Templates REG_EXPAND_SZ %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
{374DE290-123F-4565-9164-39C4925E467B} REG_EXPAND_SZ %USERPROFILE%\Downloads


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
Common Desktop REG_EXPAND_SZ %PUBLIC%\Desktop
Common Documents REG_EXPAND_SZ %PUBLIC%\Documents
CommonPictures REG_EXPAND_SZ %PUBLIC%\Pictures
CommonMusic REG_EXPAND_SZ %PUBLIC%\Music
CommonVideo REG_EXPAND_SZ %PUBLIC%\Videos
{3D644C9B-1FB8-4f30-9B45-F670235F79C0} REG_EXPAND_SZ %PUBLIC%\Downloads
Common Start Menu REG_EXPAND_SZ %ProgramData%\Microsoft\Windows\Start Menu
Common Programs REG_EXPAND_SZ %ProgramData%\Microsoft\Windows\Start Menu\Programs
Common Startup REG_EXPAND_SZ %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
Common AppData REG_EXPAND_SZ %ProgramData%
Common Templates REG_EXPAND_SZ %ProgramData%\Microsoft\Windows\Templates


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
Common Start Menu REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu
CommonVideo REG_SZ C:\Users\Public\Videos
CommonPictures REG_SZ C:\Users\Public\Pictures
Common Programs REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs
CommonMusic REG_SZ C:\Users\Public\Music
Common Administrative Tools REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common Startup REG_SZ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Desktop REG_SZ C:\Users\Public\Desktop
Common Documents REG_SZ C:\Users\Public\Documents
OEM Links REG_SZ C:\ProgramData\OEM Links
Common Templates REG_SZ C:\ProgramData\Microsoft\Windows\Templates
Common AppData REG_SZ C:\ProgramData

Your instructions said to reboot at this time, but I am sending you this logfile first. I will reboot immediately after posting this reply.

Ray
  • 0

#7
RKinner
Posted 10 May 2010 - 02:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The environment is correct. Are you able to connect with anything else now that you have rebooted?

Ron
  • 0

#8
rosejo
Posted 10 May 2010 - 03:03 PM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
No. The problem is unchanged. I have the Windows Firewall set to notify me when a program is blocked for access, and I have removed my Mozilla products from the list of exceptions for the firewall, but when I launched them just now, no notification and the same unable to connect messages from both programs. Quicken too still will not access my investment sites for updates, and neither AVG or SpyBot S&D can be updated still.
  • 0

#9
RKinner
Posted 10 May 2010 - 05:06 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
There is a known problem with ZA & AVG per AVG's FAQ:

When using ZoneAlarm and AVG programs simultaneously, it is possible that you cannot browse the Internet at all. This issue is caused by the ZoneAlarm program (officialy confirmed by ZoneAlarm developers) and should be fixed till the end of March. Please use one of the below mentioned solutions to temporarily solve the issue:

1. Uninstall the ZoneAlarm program
Program can be uninstalled via its program folder or by using Start -> Control Panel -> Add or remove programs (or Programs and features for Windows Vista/7).
2. Uninstall the LinkScanner component
You can uninstall the LinkScanner component easily by following steps mentioned in FAQ 1247


More http://free.avg.com/...7#ixzz0nZPkG7sO

However, we've removed ZA and reset TCP/IP and the winsock stack so that leaves only AVG as the possible culprit so try uninstalling the Linkscanner per their FAQ:

To add or remove some AVG Free components, such as e-mail scanner plugins, please proceed as follows:

* please download the latest AVG installation installation file from the Download section of our website
*
When you are prompted, please do not open this file directly from the Internet, but click the "Save" button and choose a location where the installation file should be stored. We recommend saving the file to the Desktop.
* Locate the downloaded AVG installation file (it has a four color square icon and its name starts with AVG...) and launch the installation by double-clicking on it.
* The installation process recognizes the existence of installed AVG and the Add/Remove Components option is offered.


More http://free.avg.com/...7#ixzz0nZRZbHPz

If that doesn't help then

Reboot into Safe Mode with Networking (F8 after you see the maker's logo or it beeps) see if you can get out with Firefox. (Try (Start), Programs, Mozilla Firefox, Firefox (Safe Mode)). Don't stay in this mode too long and don't go to any untrusted websites.

Ron
  • 0

#10
rosejo
Posted 10 May 2010 - 06:10 PM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Nothing works, again, even in safe mode. I did everything you suggested exactly like you told me and followed all the steps. I just don't know what has happened, but I dread having to wipe my hard drive and start over again. Lenovo does not provide OS discs, and if I have to buy an OS, it will certainly not be Vista of any kind.
  • 0

Advertisements

#11
RKinner
Posted 10 May 2010 - 06:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Can you download and save the free Avast?

http://www.avast.com...avast-home.html

And the AVG uninstall program:

http://www.avg.com/g.../download-tools


Then uninstall AVG. Install Avast.

Then run Combofix again and let me see what it looks like now.

Ron
  • 0

#12
rosejo
Posted 10 May 2010 - 07:32 PM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Installing AVAST after uninstalling AVG was a disaster. Even IE could not access the internet then. I noticed that the Windows Security Center is still showing ZoneAlarm as a firewall, but I even tried disabling the Windows Firewall and with NO antivirus installed and NO firewall working, I still could not access the internet. When I installed AVAST, it could not update as it could not access the internet, either. I did a System Restore on the restore point made by AVAST as it began its installation, and now am back with IE making this reply. I ran ComboFix on my system again as before, with no windows open and let it run, and here is the log:

ComboFix 10-05-09.08 - Ray E. Osejo 05/10/2010 21:05:59.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1692 [GMT -4:00]
Running from: c:\users\Ray E. Osejo\Desktop\george.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 01:11 . 2010-05-11 01:11 -------- d-----w- c:\users\Ray E. Osejo\AppData\Local\temp
2010-05-11 01:11 . 2010-05-11 01:11 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-11 01:11 . 2010-05-11 01:11 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-11 01:11 . 2010-05-11 01:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-10 16:22 . 2010-05-10 16:22 -------- d-----w- C:\_OTL
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 20:26 . 2010-05-01 22:19 -------- d-----w- c:\programdata\DVDneXtCOPY
2010-04-30 13:37 . 2010-04-30 19:11 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-04-30 13:23 . 2010-04-30 13:23 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-04-30 13:23 . 2010-04-30 13:23 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-30 13:23 . 2010-04-30 13:23 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-30 13:22 . 2010-04-30 13:22 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-04-30 13:22 . 2010-04-30 13:22 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-30 03:28 . 2010-04-30 03:28 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Apple Computer
2010-04-28 11:54 . 2010-04-28 11:54 -------- d-----w- c:\users\Ray E. Osejo\Spark
2010-04-27 11:55 . 2010-04-27 11:55 -------- d-----w- C:\VirtualStore
2010-04-24 12:25 . 2010-04-24 12:29 -------- d-----w- c:\program files\Coupons
2010-04-22 22:29 . 2010-04-22 22:29 -------- d-----w- c:\programdata\Apple Computer
2010-04-22 22:18 . 2009-12-23 11:33 172032 -c--a-w- c:\windows\system32\wintrust.dll
2010-04-22 22:18 . 2010-01-13 17:34 98304 -c--a-w- c:\windows\system32\cabview.dll
2010-04-22 21:38 . 2010-02-23 11:10 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-22 21:38 . 2010-02-23 11:10 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-22 21:38 . 2010-02-23 11:10 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-22 21:38 . 2010-02-18 14:07 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-22 21:38 . 2010-02-18 14:07 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-22 21:38 . 2010-03-05 14:01 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-04-22 21:37 . 2010-02-18 14:07 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-22 21:37 . 2010-02-18 13:30 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-04-22 21:37 . 2010-02-18 11:28 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-22 21:20 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 00:50 . 2010-05-11 00:50 -------- d-----w- c:\programdata\Alwil Software
2010-05-11 00:45 . 2009-12-24 02:50 -------- d-----w- c:\programdata\avg9
2010-05-10 16:15 . 2008-07-04 17:26 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 16:04 . 2008-07-04 16:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-10 11:51 . 2008-02-13 23:40 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 11:07 . 2010-05-07 11:06 30534926 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2010_05_07_00_50_01_full.dmp.zip
2010-05-01 20:26 . 2010-02-03 21:59 -------- d-----w- c:\programdata\DShield
2010-04-30 21:07 . 2008-07-26 11:09 5972 ----a-w- c:\users\Ray E. Osejo\AppData\Local\d3d9caps.dat
2010-04-30 10:28 . 2010-01-21 02:45 422438 -c-ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-04-29 16:39 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBA73D.tmp
2010-04-29 16:31 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBAA2B.tmp
2010-04-27 11:47 . 2010-04-27 11:54 1920000 ----a-w- c:\windows\Internet Logs\xDB7D4B.tmp
2010-04-27 11:43 . 2010-04-27 11:54 1919488 ----a-w- c:\windows\Internet Logs\xDB7E65.tmp
2010-04-27 02:46 . 2010-01-07 03:20 3432125 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-23 16:05 . 2008-07-28 04:20 110312 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\Shop4Tech.com
2010-04-22 22:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-22 22:10 . 2010-04-22 22:11 51712 ----a-w- c:\windows\Internet Logs\xDBA333.tmp
2010-04-09 17:16 . 2010-03-30 19:14 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-04-09 17:16 . 2010-03-30 19:14 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-04-09 17:16 . 2010-03-30 19:14 11104 ------w- c:\windows\system32\pwdspio.sys
2010-03-31 09:37 . 2010-03-31 09:39 228352 ----a-w- c:\windows\Internet Logs\xDB2FC8.tmp
2010-03-30 18:48 . 2010-03-30 18:47 -------- d-----w- c:\programdata\Paragon
2010-03-30 18:23 . 2008-02-13 23:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 04:24 . 2010-03-28 11:25 1865728 ----a-w- c:\windows\Internet Logs\xDBA95B.tmp
2010-03-28 04:23 . 2010-03-28 11:25 387584 ----a-w- c:\windows\Internet Logs\xDBA822.tmp
2010-03-27 12:01 . 2010-03-27 12:01 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Symantec
2010-03-21 04:49 . 2010-03-21 10:05 1846272 ----a-w- c:\windows\Internet Logs\xDB9370.tmp
2010-03-21 04:49 . 2010-03-21 10:05 422912 ----a-w- c:\windows\Internet Logs\xDB9187.tmp
2010-03-19 22:56 . 2010-03-19 22:56 1426674 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Employment-Employer Messages.sbd\Sanford.com
2010-03-17 19:46 . 2010-03-17 19:46 -------- d-----w- c:\programdata\Config
2010-03-17 15:11 . 2010-03-17 15:11 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-03-16 13:52 . 2008-02-13 23:55 -------- d-----w- c:\programdata\VeriFace
2010-03-16 13:41 . 2010-03-16 13:41 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Uniblue
2010-03-15 11:35 . 2010-03-15 11:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-12 14:03 . 2010-03-12 18:57 237056 ----a-w- c:\windows\Internet Logs\xDB5BF6.tmp
2010-03-08 03:15 . 2010-03-08 09:36 1201664 ----a-w- c:\windows\Internet Logs\xDBF299.tmp
2010-03-07 22:36 . 2010-03-07 22:36 144160 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\uninstall.exe
2010-03-07 22:36 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-03-03 17:28 . 2010-03-03 17:28 3391 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\KnoxvilleGasPrices.com
2010-03-01 13:32 . 2010-01-28 18:53 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 09:16 . 2010-02-28 09:16 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 14:16 . 2009-12-23 00:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:08 . 2008-07-04 14:49 109480 ----a-w- c:\users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 09:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 08:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 08:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 08:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-11 11:42 . 2010-02-11 11:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-10 03:16 . 2010-02-10 12:39 8704 ----a-w- c:\windows\Internet Logs\xDBD940.tmp
2010-02-10 03:13 . 2010-02-10 03:16 1755136 ----a-w- c:\windows\Internet Logs\xDB781.tmp
2010-02-10 03:13 . 2010-02-10 03:16 421888 ----a-w- c:\windows\Internet Logs\xDB629.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-02-13 23:55 241752 -c--a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Excel\Addins\OfficeAddIn.OfficeAddIn" [X]
"AprvRemoveLegacyWordKeys"="c:\program files\ApproveIt\Support\Tools\AprvClean.exe -k HKCU SOFTWARE\Microsoft\Office\Word\Addins\OfficeAddIn.OfficeAddIn" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-02-13 241664]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"masqform.exe"="d:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [BU]
"EnergyUtility"="d:\program files\Lenovo\EnergyCut\utilty.exe" [2006-02-26 2502656]
"EnergyCut"="d:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-08-27 1232896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-14 857648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ApproveIt StartUp.lnk - c:\windows\Installer\{6ECD42B2-32AF-4898-880D-0608EA5C592A}\Icon9557F1BC1.ico [2010-1-13 9216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a1,da,6e,bd,1d,9a,ca,01

R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
R2 NGCLIENT;Symantec Ghost Client Agent;d:\program files\Symantec\Ghost\ngctw32.exe [2006-12-04 632456]
R3 CapFilt;CapFilt; [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-07 57856]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-05-11 c:\windows\Tasks\AWC Startup.job
- d:\program files\IObit\Advanced SystemCare 3\AWC.exe [2010-01-09 18:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netscape.aol.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: army.mil\webmail.us
Trusted Zone: army.mil\wmcac.us
Trusted Zone: army.mil\wmlogin.us
Trusted Zone: army.mil\www.us
FF - ProfilePath - c:\users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(820)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(4312)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
Completion time: 2010-05-10 21:15:19
ComboFix-quarantined-files.txt 2010-05-11 01:15
ComboFix2.txt 2010-05-10 17:05

Pre-Run: 35,008,159,744 bytes free
Post-Run: 34,999,214,080 bytes free

- - End Of File - - 482FC4FA79290906B926F6B8446BFDF9

I wonder if the remainder of the ZoneAlarm, which still also shows in Control Panel's listing of installed programs, albeit with no size information or date of installation, is causing a double firewall conflict which may be the culprit for the whole internet access problem in the first place. I have tried several times to install the ZoneAlarm installation in Control Panel, but when you click on it and then click on Uninstall/Change, you get an error and the message says, "An error occured while trying to uninstall ZoneAlarm. It may have already been uninstalled." When you click on the Yes button under the question in the error dialog box that says, "Would you like to remove ZoneAlarm from the Programs and Features list?", you get another Programs and Features dialog error box which says, "You do not have sufficient access to remove ZoneAlarm from the Programs and Features List. Please contact your system administrator."
  • 0

#13
RKinner
Posted 10 May 2010 - 08:08 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
You might want to try the Zone Alarm removal process:

http://server.iad.li...amp;action=view

Following kills the visible ZA stuff I see plus some dead links:

Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

File::
c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe
c:\windows\system32\drivers\vsdatant.win7.sys
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
c:\windows\Tasks\AWC Startup.job

Driver::
ac.sharedstore
CapFilt
vsdatant7

Folder::
d:\program files\Zone Labs

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AprvRemoveLegacyExcelKeys"=-
"AprvRemoveLegacyWordKeys"=-
"ZoneAlarm Client"=-

******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Ron
  • 0

#14
rosejo
Posted 10 May 2010 - 09:01 PM

rosejo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
ran the ComboFix with the CFScript.txt file in notepad dragged over to george.exe.....here's the log file:

ComboFix 10-05-09.08 - Ray E. Osejo 05/10/2010 22:27:15.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3062.1673 [GMT -4:00]
Running from: c:\users\Ray E. Osejo\Desktop\george.exe
Command switches used :: c:\users\Ray E. Osejo\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe"
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk"
"c:\windows\system32\drivers\vsdatant.win7.sys"
"c:\windows\Tasks\AWC Startup.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ApproveIt StartUp.lnk
c:\windows\Tasks\AWC Startup.job
d:\program files\Zone Labs

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ac.sharedstore
-------\Service_CapFilt
-------\Service_vsdatant7


((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.

2010-05-11 02:31 . 2010-05-11 02:45 -------- d-----w- c:\users\Ray E. Osejo\AppData\Local\temp
2010-05-11 02:31 . 2010-05-11 02:31 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-11 02:31 . 2010-05-11 02:31 -------- d-----w- c:\users\Guest\AppData\Local\temp
2010-05-11 02:31 . 2010-05-11 02:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-11 01:04 . 2010-05-11 01:15 -------- d-----w- C:\george
2010-05-11 00:50 . 2010-05-11 00:50 -------- d-----w- c:\programdata\Alwil Software
2010-05-10 16:22 . 2010-05-10 16:22 -------- d-----w- C:\_OTL
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-10 05:26 . 2010-05-10 05:26 -------- d-----w- c:\programdata\Malwarebytes
2010-05-10 05:26 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 20:26 . 2010-05-01 22:19 -------- d-----w- c:\programdata\DVDneXtCOPY
2010-04-30 13:37 . 2010-04-30 19:11 1885464 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-04-30 13:23 . 2010-04-30 13:23 44384 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
2010-04-30 13:23 . 2010-04-30 13:23 441760 ----a-w- c:\windows\system32\drivers\timntr.sys
2010-04-30 13:23 . 2010-04-30 13:23 132480 ----a-w- c:\windows\system32\drivers\snapman.sys
2010-04-30 13:22 . 2010-04-30 13:22 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
2010-04-30 13:22 . 2010-04-30 13:22 -------- d-----w- c:\program files\Common Files\Acronis
2010-04-30 03:28 . 2010-04-30 03:28 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Apple Computer
2010-04-28 11:54 . 2010-04-28 11:54 -------- d-----w- c:\users\Ray E. Osejo\Spark
2010-04-27 11:55 . 2010-04-27 11:55 -------- d-----w- C:\VirtualStore
2010-04-24 12:25 . 2010-04-24 12:29 -------- d-----w- c:\program files\Coupons
2010-04-22 22:29 . 2010-04-22 22:29 -------- d-----w- c:\programdata\Apple Computer
2010-04-22 22:18 . 2009-12-23 11:33 172032 -c--a-w- c:\windows\system32\wintrust.dll
2010-04-22 22:18 . 2010-01-13 17:34 98304 -c--a-w- c:\windows\system32\cabview.dll
2010-04-22 21:38 . 2010-02-23 11:10 212992 -c--a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-22 21:38 . 2010-02-23 11:10 79360 -c--a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-22 21:38 . 2010-02-23 11:10 106496 -c--a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-22 21:38 . 2010-02-18 14:07 3600776 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-22 21:38 . 2010-02-18 14:07 3548040 -c--a-w- c:\windows\system32\ntoskrnl.exe
2010-04-22 21:38 . 2010-03-05 14:01 420352 -c--a-w- c:\windows\system32\vbscript.dll
2010-04-22 21:37 . 2010-02-18 14:07 904576 -c--a-w- c:\windows\system32\drivers\tcpip.sys
2010-04-22 21:37 . 2010-02-18 13:30 200704 -c--a-w- c:\windows\system32\iphlpsvc.dll
2010-04-22 21:37 . 2010-02-18 11:28 25088 -c--a-w- c:\windows\system32\drivers\tunnel.sys
2010-04-22 21:20 . 2010-04-12 21:29 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 00:45 . 2009-12-24 02:50 -------- d-----w- c:\programdata\avg9
2010-05-10 16:15 . 2008-07-04 17:26 -------- d-----w- c:\program files\Common Files\Java
2010-05-10 16:04 . 2008-07-04 16:57 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-10 11:51 . 2008-02-13 23:40 -------- d-----w- c:\programdata\Microsoft Help
2010-05-07 11:07 . 2010-05-07 11:06 30534926 ----a-w- c:\windows\Internet Logs\vsmon_on_demand_thread_2010_05_07_00_50_01_full.dmp.zip
2010-05-01 20:26 . 2010-02-03 21:59 -------- d-----w- c:\programdata\DShield
2010-04-30 21:07 . 2008-07-26 11:09 5972 ----a-w- c:\users\Ray E. Osejo\AppData\Local\d3d9caps.dat
2010-04-30 10:28 . 2010-01-21 02:45 422438 -c-ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-04-29 16:39 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBA73D.tmp
2010-04-29 16:31 . 2010-04-30 10:27 1625088 ----a-w- c:\windows\Internet Logs\xDBAA2B.tmp
2010-04-27 11:47 . 2010-04-27 11:54 1920000 ----a-w- c:\windows\Internet Logs\xDB7D4B.tmp
2010-04-27 11:43 . 2010-04-27 11:54 1919488 ----a-w- c:\windows\Internet Logs\xDB7E65.tmp
2010-04-27 02:46 . 2010-01-07 03:20 3432125 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-04-23 16:05 . 2008-07-28 04:20 110312 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\Shop4Tech.com
2010-04-22 22:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-22 22:10 . 2010-04-22 22:11 51712 ----a-w- c:\windows\Internet Logs\xDBA333.tmp
2010-04-09 17:16 . 2010-03-30 19:14 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-04-09 17:16 . 2010-03-30 19:14 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-04-09 17:16 . 2010-03-30 19:14 11104 ------w- c:\windows\system32\pwdspio.sys
2010-03-31 09:37 . 2010-03-31 09:39 228352 ----a-w- c:\windows\Internet Logs\xDB2FC8.tmp
2010-03-30 18:48 . 2010-03-30 18:47 -------- d-----w- c:\programdata\Paragon
2010-03-30 18:23 . 2008-02-13 23:07 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-28 04:24 . 2010-03-28 11:25 1865728 ----a-w- c:\windows\Internet Logs\xDBA95B.tmp
2010-03-28 04:23 . 2010-03-28 11:25 387584 ----a-w- c:\windows\Internet Logs\xDBA822.tmp
2010-03-27 12:01 . 2010-03-27 12:01 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Symantec
2010-03-21 04:49 . 2010-03-21 10:05 1846272 ----a-w- c:\windows\Internet Logs\xDB9370.tmp
2010-03-21 04:49 . 2010-03-21 10:05 422912 ----a-w- c:\windows\Internet Logs\xDB9187.tmp
2010-03-19 22:56 . 2010-03-19 22:56 1426674 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Employment-Employer Messages.sbd\Sanford.com
2010-03-17 19:46 . 2010-03-17 19:46 -------- d-----w- c:\programdata\Config
2010-03-17 15:11 . 2010-03-17 15:11 -------- d-----w- c:\program files\Internet Explorer Platform Preview
2010-03-16 13:52 . 2008-02-13 23:55 -------- d-----w- c:\programdata\VeriFace
2010-03-16 13:41 . 2010-03-16 13:41 -------- d-----w- c:\users\Ray E. Osejo\AppData\Roaming\Uniblue
2010-03-15 11:35 . 2010-03-15 11:35 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-12 14:03 . 2010-03-12 18:57 237056 ----a-w- c:\windows\Internet Logs\xDB5BF6.tmp
2010-03-08 03:15 . 2010-03-08 09:36 1201664 ----a-w- c:\windows\Internet Logs\xDBF299.tmp
2010-03-07 22:36 . 2010-03-07 22:36 144160 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\uninstall.exe
2010-03-07 22:36 . 2009-12-10 19:26 4187512 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
2010-03-03 17:28 . 2010-03-03 17:28 3391 ----a-w- c:\users\Ray E. Osejo\AppData\Roaming\Thunderbird\Profiles\acdk12ex.default\Mail\Local Folders\Inbox.sbd\Payment Confirmation61201360.sbd\KnoxvilleGasPrices.com
2010-03-01 13:32 . 2010-01-28 18:53 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-28 09:16 . 2010-02-28 09:16 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-02-24 14:16 . 2009-12-23 00:50 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 12:08 . 2008-07-04 14:49 109480 ----a-w- c:\users\Ray E. Osejo\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-23 06:39 . 2010-03-31 09:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 09:20 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 09:20 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 09:20 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 08:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 08:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 08:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-11 11:42 . 2010-02-11 11:42 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2010-02-10 03:16 . 2010-02-10 12:39 8704 ----a-w- c:\windows\Internet Logs\xDBD940.tmp
2010-02-10 03:13 . 2010-02-10 03:16 1755136 ----a-w- c:\windows\Internet Logs\xDB781.tmp
2010-02-10 03:13 . 2010-02-10 03:16 421888 ----a-w- c:\windows\Internet Logs\xDB629.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-05-11_01.11.55 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-11-02 13:05 . 2010-05-11 01:02 90286 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-11 02:47 90286 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-07-04 15:45 . 2010-05-11 02:47 16718 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2716186734-4049314302-157023608-1004_UserData.bin
+ 2008-07-04 14:45 . 2010-05-11 02:32 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-07-04 14:45 . 2010-05-11 01:04 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-07-04 14:45 . 2010-05-11 02:32 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-04 14:45 . 2010-05-11 01:04 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-07-04 14:45 . 2010-05-11 01:04 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-07-04 14:45 . 2010-05-11 02:32 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-23 04:07 . 2010-05-11 01:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-23 04:07 . 2010-05-11 02:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-12-23 04:07 . 2010-05-11 01:00 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-23 04:07 . 2010-05-11 02:33 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-23 04:07 . 2010-05-11 02:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-12-23 04:07 . 2010-05-11 01:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-11 01:00 . 2010-05-11 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-11 02:32 . 2010-05-11 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-11 02:32 . 2010-05-11 02:32 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-11 01:00 . 2010-05-11 01:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]
@="{771C7324-DA80-49D3-8017-753B0AF60951}"
[HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]
2008-02-13 23:55 241752 -c--a-w- c:\program files\Lenovo\VeriFace\IcnOvrly.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 630784]
"PCMService"="c:\program files\Lenovo\ShuttleCenter\PCMService.exe" [2007-10-26 417792]
"VeriFacePassManager"="c:\program files\Lenovo\VeriFace\PManage.exe" [2008-02-13 241664]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"masqform.exe"="d:\program files\PureEdge\Viewer 6.5\masqform.exe" [2005-07-04 643072]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [BU]
"EnergyUtility"="d:\program files\Lenovo\EnergyCut\utilty.exe" [2006-02-26 2502656]
"EnergyCut"="d:\program files\Lenovo\EnergyCut\EnergyCut.exe" [2007-08-27 1232896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-14 857648]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"TrueImageMonitor.exe"="d:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-06-10 1326080]
"AcronisTimounterMonitor"="d:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2009-06-10 904840]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-06-10 136472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):a1,da,6e,bd,1d,9a,ca,01

R2 NGCLIENT;Symantec Ghost Client Agent;d:\program files\Symantec\Ghost\ngctw32.exe [2006-12-04 632456]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-01-20 14216]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-01-20 8456]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-04-09 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-04-09 11104]
R3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2010-01-07 57856]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-12-02 64288]
S2 SBSDWSCService;SBSD Security Center Service;d:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-07-22 180736]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://netscape.aol.com/
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: army.mil\webmail.us
Trusted Zone: army.mil\wmcac.us
Trusted Zone: army.mil\wmlogin.us
Trusted Zone: army.mil\www.us
FF - ProfilePath - c:\users\Ray E. Osejo\AppData\Roaming\Mozilla\Firefox\Profiles\d2wqvl0c.default\
FF - prefs.js: browser.startup.homepage - hxxp://netscape.aol.com/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Ray E. Osejo\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin2.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin3.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin4.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin5.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin6.dll
FF - plugin: d:\program files\QuickTime\Plugins\npqtplugin7.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 10);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-10 22:45
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(804)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'Explorer.exe'(2200)
c:\program files\Lenovo\VeriFace\IcnOvrly.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
d:\program files\Microsoft Office\Business Contact Manager\BcmSqlStartupSvc.exe
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLCapSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Lenovo\ShuttleCenter\Kernel\TV\CLSched.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
d:\program files\IObit\Advanced SystemCare 3\AWC.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-05-10 22:49:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 02:49
ComboFix2.txt 2010-05-11 01:15
ComboFix3.txt 2010-05-10 17:05

Pre-Run: 35,043,090,432 bytes free
Post-Run: 34,817,961,984 bytes free

- - End Of File - - 7EE45D22FC916136774AF704E610B9AA
  • 0

#15
RKinner
Posted 10 May 2010 - 09:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The only thing I see that I'm not too sure about are these files:

2010-04-09 17:16 . 2010-03-30 19:14 535624 ----a-w- c:\windows\system32\pwNative.exe
2010-04-09 17:16 . 2010-03-30 19:14 16472 ------w- c:\windows\system32\pwdrvio.sys
2010-04-09 17:16 . 2010-03-30 19:14 11104 ------w- c:\windows\system32\pwdspio.sys

which I assumed came from Partition Wizard. I assume this is something you downloaded after the problem started. Do we need it?


We Need to check for Rootkits with RootRepeal
[*]Extract RootRepeal.exe from the archive.
[*]Open Posted Image on your desktop.
[*]Before you run the scan go into Settings, Options, General and move the slider to Middle Level then close the Settings box!
[*]Click the Posted Image button.
[*]Allow RootRepeal to run a scan of your system. This may take some time.
[*]Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
[/list]

Also download mbr.exe from

http://www2.gmer.net/mbr/mbr.exe

and save it to your desktop.


Then run it. It should create a log file on your desktop. Open it and copy the text and paste it into a reply.



Can you get an online scan to work?

http://www.bitdefend...nline/free.html

Eset's scan is more thorugh I suppose but it takes several hours to run:

Go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish

Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP