possos
2011-04-12, 18:09
The S&D log now shows the computer is clean (used to have trojan win32.Valero). Here is the DDS performed after the S&D log came clean: Thanks for your help!
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sophie at 2:24:28.46 on Tue 04/12/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.404 [GMT -5:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\LocalService\Application Data\Microsoft\coguhy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\pahoohusos.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\sophie\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\sophie\My Documents\Downloads\rootalyz-0.3.4.47 (1)\RootAlyzer.exe
C:\Documents and Settings\sophie\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
mWinlogon: Userinit=userinit.exe,EXPLORER.EXE
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-4965663266-2284102241-504017063-5427\djwi2kcew.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\ie\imacros\imacros.dll
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search - home\DeskbandIntegration302010008.dll
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\sophie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [wsctf.exe] wsctf.exe
uRun: [EXPLORER.EXE] EXPLORER.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [betub] c:\windows\system32\pahoohusos.exe
mRunServices: [betub] c:\windows\system32\pahoohusos.exe
dRun: [betub] c:\documents and settings\localservice\application data\microsoft\pahoohusos.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\avlmhxytup.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\bcxnojp66g8.exe
StartupFolder: c:\docume~1\sophie\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sophie\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\dzppll2c5xt.exe
StartupFolder: c:\docume~1\sophie\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\o3avb61dyz.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\ie\imacros\imacros.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sophie\applic~1\mozilla\firefox\profiles\mi1reerw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\sophie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sophie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sophie\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\sophie\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-18 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 pyhtajjc;pyhtajjc;\??\c:\windows\system32\drivers\pyhtajjc.sys --> c:\windows\system32\drivers\pyhtajjc.sys [?]
S2 gupdate1c996896a073334;Google Update Service (gupdate1c996896a073334);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104]
S2 ndriln;System Installer;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 seoayit;Image Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 vmsdlhe;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 yiueduwe;Canon BJ Memory Card Manager;c:\windows\system32\dedewif.exe [2011-4-12 258048]
S3 fksdocti;fksdocti;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024]
.
=============== Created Last 30 ================
.
2011-04-12 06:46:24 -------- d-----w- c:\docume~1\sophie\applic~1\Safer Networking
2011-04-12 06:46:00 -------- d-----w- c:\program files\Safer Networking
2011-04-12 06:41:36 545 ----a-w- c:\windows\UC.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\RAR.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\PKZIP.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\LHA.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\ARJ.PIF
2011-04-12 06:41:36 -------- d-----w- C:\totalcmd
2011-04-12 06:41:36 -------- d-----w- c:\docume~1\sophie\applic~1\GHISLER
2011-04-12 06:32:05 258048 ----a-w- c:\windows\system32\dedewif.exe
2011-03-27 13:59:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-27 13:59:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-27 13:59:04 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-27 13:59:04 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-03-27 13:59:04 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-27 13:59:04 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-27 13:59:04 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-27 13:59:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-03-27 13:59:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-27 13:59:04 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-20 09:20:08 258048 ----a-w- c:\windows\system32\pahoohusos.exe
2011-03-17 23:59:53 -------- d-----w- c:\docume~1\sophie\locals~1\applic~1\Unity
2011-03-13 22:30:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-13 22:30:11 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2006-10-25 14:32:36 36864 --sh--r- c:\windows\system32\EXPLORER.EXE
.
============= FINISH: 2:25:28.17 ===============
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by sophie at 2:24:28.46 on Tue 04/12/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.404 [GMT -5:00]
.
FW: ZoneAlarm Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Documents and Settings\LocalService\Application Data\Microsoft\coguhy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Freecorder\FLVSrvc.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\pahoohusos.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\sophie\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\sophie\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\sophie\My Documents\Downloads\rootalyz-0.3.4.47 (1)\RootAlyzer.exe
C:\Documents and Settings\sophie\My Documents\Downloads\dds.com
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://eeepc.asus.com/global
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
mWinlogon: Userinit=userinit.exe,EXPLORER.EXE
uWinlogon: Shell=explorer.exe,c:\recycler\s-1-5-21-4965663266-2284102241-504017063-5427\djwi2kcew.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
TB: ZoneAlarm Toolbar: {66f2e20d-0da8-4c11-a9c8-dd8477b88acd} - c:\program files\zonealarm\tbZone.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
EB: iOpus iMacros: {0483894e-2422-45e0-8384-021aff1af3cd} - c:\program files\ie\imacros\imacros.dll
EB: Copernic Desktop Search - Home Toolbar: {4a1c6093-14f9-44d7-860e-5d265cfca9d9} - c:\program files\copernic desktop search - home\toolbar\ToolbarContainer101000313.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search - home\DeskbandIntegration302010008.dll
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search - home\DesktopSearchService.exe" /tray
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "c:\documents and settings\sophie\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [wsctf.exe] wsctf.exe
uRun: [EXPLORER.EXE] EXPLORER.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe
mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe
mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [ETDWareDetect] c:\program files\elantech\ETDDect.exe
mRun: [Boingo Wi-Fi] "c:\program files\boingo\boingo wi-fi\Boingo.lnk"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [ISW] "c:\program files\checkpoint\zaforcefield\ForceField.exe" /icon="hidden"
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [betub] c:\windows\system32\pahoohusos.exe
mRunServices: [betub] c:\windows\system32\pahoohusos.exe
dRun: [betub] c:\documents and settings\localservice\application data\microsoft\pahoohusos.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\avlmhxytup.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\bcxnojp66g8.exe
StartupFolder: c:\docume~1\sophie\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\sophie\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\dzppll2c5xt.exe
StartupFolder: c:\docume~1\sophie\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\sophie\start menu\programs\startup\o3avb61dyz.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0483894E-2422-45E0-8384-021AFF1AF3CD} - {0483894E-2422-45E0-8384-021AFF1AF3CD} - c:\program files\ie\imacros\imacros.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\sophie\applic~1\mozilla\firefox\profiles\mi1reerw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{66f2e20d-0da8-4c11-a9c8-dd8477b88acd}\components\RadioWMPCore.dll
FF - component: c:\documents and settings\sophie\application data\mozilla\firefox\profiles\mi1reerw.default\extensions\{e0b8c461-f8fb-49b4-8373-fe32e9252800}\platform\winnt_x86-msvc\components\enbar.dll
FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff35\gears.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\sophie\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\sophie\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\sophie\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\sophie\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\3.0.40624.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\opera\program\plugins\np_gp.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============
.
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-7-18 532224]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2010-5-26 26352]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2010-5-26 493032]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 pyhtajjc;pyhtajjc;\??\c:\windows\system32\drivers\pyhtajjc.sys --> c:\windows\system32\drivers\pyhtajjc.sys [?]
S2 gupdate1c996896a073334;Google Update Service (gupdate1c996896a073334);c:\program files\google\update\GoogleUpdate.exe [2009-2-24 133104]
S2 ndriln;System Installer;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 seoayit;Image Windows;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 vmsdlhe;Manager Helper;c:\windows\system32\svchost.exe -k netsvcs [2008-8-9 14336]
S2 yiueduwe;Canon BJ Memory Card Manager;c:\windows\system32\dedewif.exe [2011-4-12 258048]
S3 fksdocti;fksdocti;\??\c:\windows\system32\03.tmp --> c:\windows\system32\03.tmp [?]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2008-9-11 625024]
.
=============== Created Last 30 ================
.
2011-04-12 06:46:24 -------- d-----w- c:\docume~1\sophie\applic~1\Safer Networking
2011-04-12 06:46:00 -------- d-----w- c:\program files\Safer Networking
2011-04-12 06:41:36 545 ----a-w- c:\windows\UC.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\RAR.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\PKZIP.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\LHA.PIF
2011-04-12 06:41:36 545 ----a-w- c:\windows\ARJ.PIF
2011-04-12 06:41:36 -------- d-----w- C:\totalcmd
2011-04-12 06:41:36 -------- d-----w- c:\docume~1\sophie\applic~1\GHISLER
2011-04-12 06:32:05 258048 ----a-w- c:\windows\system32\dedewif.exe
2011-03-27 13:59:06 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-03-27 13:59:04 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-03-27 13:59:04 728024 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-03-27 13:59:04 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-03-27 13:59:04 1975768 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll
2011-03-27 13:59:04 1893336 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll
2011-03-27 13:59:04 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-03-27 13:59:04 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-03-27 13:59:04 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-03-27 13:59:04 142296 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-03-20 09:20:08 258048 ----a-w- c:\windows\system32\pahoohusos.exe
2011-03-17 23:59:53 -------- d-----w- c:\docume~1\sophie\locals~1\applic~1\Unity
2011-03-13 22:30:11 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-13 22:30:11 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
==================== Find3M ====================
.
2011-02-03 00:19:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2006-10-25 14:32:36 36864 --sh--r- c:\windows\system32\EXPLORER.EXE
.
============= FINISH: 2:25:28.17 ===============