PC infected

msobczak · Nov 13, 2010

Computer seems to be running OK

I don't have trouble browsing like before. I haven't tried to run Spybot or Malware bytes again, though.

Satchfan · Nov 14, 2010

PC Infected

Revised post

msobczak

It appears that ComboFix and the online scan have cleaned things up well but I’d like acouple more scans before giving you the all clear.

Run Malwarebytes’ Anti-Malware

Please open your MalwareBytes AntiMalware Program (If you no longer have it, you can download it from here)
Click the Update Tab and search for updates
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish, so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected. <-- very important
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Run OTL

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scan box paste this in:

/md5start
cdrom.*
/md5stop
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so.

The scan won’t take long.

Logs to include:

Mbam.txt
OTL.txt

Satchfan

msobczak · Nov 15, 2010

mbam log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5117

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

11/14/2010 8:23:38 PM
mbam-log-2010-11-14 (20-23-38).txt

Scan type: Quick scan
Objects scanned: 150177
Time elapsed: 4 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

msobczak · Nov 15, 2010

ComboFix log

OTL logfile created on: 11/14/2010 8:28:10 PM - Run 4
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\msobczak\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 58.61 Gb Free Space | 76.79% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 205.28 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 12.99 Gb Free Space | 2.79% Space Free | Partition Type: NTFS

Computer Name: HOME-BIOSTAR | User Name: msobczak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\msobczak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\notes\nsd.exe (IBM)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\lxdwcoms.exe ( )
PRC - C:\Lotus\Domino\nsd.exe (IBM Corp)
PRC - C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
PRC - C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\msobczak\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )

========== Win32 Services (SafeList) ==========

SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (Lotus Notes Diagnostics) -- C:\Notes\nsd.exe (IBM)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (lxdw_device) -- C:\WINDOWS\System32\lxdwcoms.exe ( )
SRV - (lxdwCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe ()
SRV - (Zope_-372241316) -- C:\Program Files\Plone\python\PythonService.exe ()
SRV - (Lotus Domino Diagnostics (CLotusDomino)) Lotus Domino Diagnostics (CLotusDomino) -- C:\Lotus\Domino\nsd.exe (IBM Corp)
SRV - (Lotus Domino Server (LotusDominodata)) Lotus Domino Server (LotusDominodata) -- C:\Lotus\Domino\nservice.exe (IBM Corp)

========== Driver Services (SafeList) ==========

DRV - (pppop) -- C:\WINDOWS\System32\DRIVERS\pppop.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found
DRV - (catchme) -- C:\DOCUME~1\msobczak\LOCALS~1\Temp\catchme.sys File not found
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (Pnp680) -- C:\WINDOWS\system32\DRIVERS\pnp680.sys (Silicon Image, Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/08 18:24:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/08/19 07:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/08/19 07:40:17 | 000,000,000 | ---D | M]

[2010/07/02 14:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Extensions
[2010/07/02 14:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/01/08 10:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\eclipse\extensions
[2010/11/11 19:52:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\extensions
[2010/09/02 05:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/10/21 06:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\SeaMonkey\Profiles\ymk4f6di.default\extensions
[2010/08/31 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\SeaMonkey\Profiles\ymk4f6di.default\extensions\inspector@mozilla.org
[2010/08/19 21:08:14 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\searchplugins\conduit.xml
[2010/11/11 19:52:02 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 21:53:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/21 21:53:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/03 17:53:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Lexmark 7600 Series Fax Server] C:\Program Files\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\msobczak\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sterlingbank.com ([mail] https in Trusted sites)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail.sterlingbank.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://secure2.andersonsinc.com/,DanaInfo=andmail1.andent.andersonsinc.com,ST=1+/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://quickplace.ebiztech.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://secure2.andersonsinc.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure2.andersonsinc.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 09:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/12 15:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/12 15:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Local Settings\Application Data\Conduit
[2010/11/09 13:35:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/09 13:03:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 13:03:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 13:03:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 13:03:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/07 09:34:06 | 000,000,000 | ---D | C] -- C:\blah
[2010/11/03 17:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/03 17:15:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/03 17:07:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 20:05:37 | 000,000,000 | ---D | C] -- D:\Data\My Documents\NeroUser
[2010/10/31 20:03:17 | 000,000,000 | ---D | C] -- D:\Data\My Documents\PMP
[2010/10/31 12:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/10/31 10:22:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\msobczak\Desktop\OTL.exe
[2010/10/24 12:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/24 11:27:53 | 000,000,000 | ---D | C] -- D:\Data\My Documents\ForceField Shared Files
[2010/10/24 11:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Application Data\CheckPoint
[2010/10/24 11:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Local Settings\Application Data\ZoneAlarm_Security
[2010/10/24 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/10/24 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/10/24 11:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/24 11:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/10/24 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/24 09:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/24 09:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/23 21:40:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/10/23 21:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/23 21:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 21:35:18 | 004,294,360 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\msobczak\Desktop\something.exe
[2010/10/23 21:23:33 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\msobczak\Desktop\SUPERAntiSpyware.exe
[2010/10/23 20:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Application Data\AVP 2009
[2010/10/21 07:22:58 | 000,000,000 | ---D | C] -- C:\cports
[2010/10/21 07:09:50 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2009/10/11 09:21:04 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoin.dll
[2009/10/11 09:16:52 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv.dll
[2009/10/11 09:16:52 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1.dll
[2009/10/11 09:16:52 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwpmui.dll
[2009/10/11 09:16:52 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDWhcp.dll
[2009/10/11 09:16:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa.dll
[2009/10/11 09:16:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc.dll
[2009/10/11 09:16:51 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc.dll
[2009/10/11 09:16:51 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwhbn3.dll
[2009/10/11 09:16:51 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm.dll
[2009/10/11 09:16:51 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomm.dll
[2008/12/16 18:46:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\msobczak\Application Data\pcouffin.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/14 09:43:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/12 22:43:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/10 19:31:56 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/10 19:31:44 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/10 07:32:16 | 000,035,636 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010/11/10 07:32:16 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\msobczak\.WASRegistry
[2010/11/10 07:27:50 | 000,000,162 | ---- | M] () -- C:\WINDOWS\.nifregistry
[2010/11/09 13:02:38 | 003,906,966 | R--- | M] () -- C:\Documents and Settings\msobczak\Desktop\ComboFix.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 09:00:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/03 17:53:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/03 17:15:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/03 17:06:24 | 003,901,988 | R--- | M] () -- C:\Documents and Settings\msobczak\Desktop\blah.exe
[2010/11/01 11:13:56 | 006,492,160 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/01 11:13:56 | 003,156,992 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/31 12:13:13 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/10/31 12:13:13 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\DVDFab 8.lnk
[2010/10/31 11:29:20 | 000,019,973 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\OTL_scan.zip
[2010/10/31 11:29:02 | 000,005,035 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Gmer_scan.zip
[2010/10/31 11:28:44 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Gmer.zip
[2010/10/31 10:22:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\msobczak\Desktop\OTL.exe
[2010/10/24 11:28:10 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/24 11:26:43 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/24 11:26:42 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\ZoneAlarm Security.lnk
[2010/10/24 10:00:54 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\dds.scr
[2010/10/24 09:59:06 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/24 09:58:57 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\ERUNT.lnk
[2010/10/23 22:23:13 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 22:23:13 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 21:35:38 | 004,294,360 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\msobczak\Desktop\something.exe
[2010/10/23 21:24:44 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\msobczak\Desktop\SUPERAntiSpyware.exe
[2010/10/23 21:21:31 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\rkill.scr
[2010/10/21 07:29:50 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Shortcut to cports.exe.lnk
[2010/10/21 07:11:37 | 005,505,024 | ---- | M] () -- D:\Data\My Documents\Tooling.nsf
[2010/10/21 07:10:14 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\procexp.exe.lnk
[2010/10/19 15:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\gmer.exe
[2010/10/19 06:29:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 13:03:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 13:03:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 13:03:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 13:03:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 13:03:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 13:02:08 | 003,906,966 | R--- | C] () -- C:\Documents and Settings\msobczak\Desktop\ComboFix.exe
[2010/11/03 17:15:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/03 17:15:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/03 17:01:53 | 003,901,988 | R--- | C] () -- C:\Documents and Settings\msobczak\Desktop\blah.exe
[2010/10/31 12:13:13 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/10/31 12:13:13 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\DVDFab 8.lnk
[2010/10/31 11:29:20 | 000,019,973 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\OTL_scan.zip
[2010/10/31 11:29:02 | 000,005,035 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Gmer_scan.zip
[2010/10/31 10:50:46 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\gmer.exe
[2010/10/31 10:49:55 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Gmer.zip
[2010/10/24 11:26:42 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\ZoneAlarm Security.lnk
[2010/10/24 11:26:34 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/24 10:18:29 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/10/24 10:00:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\dds.scr
[2010/10/24 09:59:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/24 09:58:57 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\ERUNT.lnk
[2010/10/23 22:23:13 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 21:21:30 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\rkill.scr
[2010/10/21 07:29:50 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Shortcut to cports.exe.lnk
[2010/10/21 07:10:03 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\procexp.exe.lnk
[2010/10/21 07:01:14 | 005,505,024 | ---- | C] () -- D:\Data\My Documents\Tooling.nsf
[2010/10/17 10:43:38 | 000,743,737 | ---- | C] () -- D:\Data\My Documents\100_1225.jpg
[2010/08/29 18:32:07 | 000,006,914 | ---- | C] () -- C:\Documents and Settings\msobczak\Local Settings\Application Data\rational_state.log
[2009/10/11 09:21:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdwvs.dll
[2009/10/11 09:20:18 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs.dll
[2009/10/11 09:20:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps.dll
[2009/10/11 09:20:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4.dll
[2009/10/11 09:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDWPMON.DLL
[2009/10/11 09:20:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDWFXPU.DLL
[2009/10/11 09:19:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxdwoem.dll
[2009/10/11 09:17:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdwrwrd.ini
[2009/10/11 09:16:52 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDWinst.dll
[2009/10/11 09:16:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdwgrd.dll
[2009/07/13 16:18:51 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\JuniperExtXP.log
[2009/01/27 11:00:27 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\msobczak\Local Settings\Application Data\kodakpcd.ini
[2008/12/16 18:46:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.cat
[2008/12/16 18:46:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.inf
[2008/12/16 18:46:12 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.log
[2008/12/12 13:23:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/02 23:05:41 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2008/12/02 22:03:22 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/12/02 21:50:20 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2008/12/02 21:50:20 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2008/11/30 19:27:16 | 000,000,141 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/29 14:58:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/04 19:31:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/03 19:44:47 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/03 19:32:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/18 11:21:02 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/17 02:00:16 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/03 17:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/03 17:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/03 17:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/03 17:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/03 17:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/06/30 13:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/03/09 23:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/13 11:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 23:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 23:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994/07/24 23:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/06 23:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

========== LOP Check ==========

[2009/10/11 09:19:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7600 Series
[2010/10/24 12:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/12/02 23:05:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/11/10 07:54:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2010/09/29 14:53:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/02/17 14:01:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark 7600 Series
[2010/01/08 10:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lotus
[2008/10/18 11:21:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2010/10/23 21:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/29 22:51:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2009/10/11 10:19:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ThumbnailCache4R
[2010/08/19 07:30:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/11/25 06:23:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/09/07 13:07:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/11 11:55:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\7600 Series
[2010/10/23 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\AVP 2009
[2010/10/24 11:27:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\CheckPoint
[2010/11/10 19:33:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Dropbox
[2010/02/03 13:48:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Juniper Networks
[2008/12/02 22:03:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Leadertech
[2009/10/11 10:17:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Lexmark Productivity Studio
[2010/01/08 10:26:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Lotus
[2010/08/26 14:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Rational
[2008/12/03 23:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Skinux
[2010/09/08 15:50:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\TeamViewer
[2010/10/19 20:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\uTorrent
[2008/11/04 19:34:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Visio
[2010/10/31 12:13:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< MD5 for: CDROM.CFG >
[2004/11/02 14:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Core\CDROM.CFG
[2004/11/02 14:54:32 | 000,238,909 | ---- | M] () MD5=9843F9599093C944878DC78BF2DFA634 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.CFG

< MD5 for: CDROM.DLL >
[2007/01/12 20:42:04 | 000,262,144 | ---- | M] (Nero AG) MD5=8A706BFE5DC457FE2018A4D980139715 -- C:\Program Files\Nero\Nero 7\Core\CDROM.dll
[2006/10/27 18:26:24 | 000,258,048 | ---- | M] (Nero AG) MD5=A7C58016B8327BA271AE3AFF010EA8F1 -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\CDROM.dll

< MD5 for: CDROM.INF >
[2008/04/13 22:57:52 | 000,035,450 | ---- | M] () MD5=9BAA6F3637647C25A05F0AC694F5C5E6 -- C:\WINDOWS\inf\cdrom.inf

< MD5 for: CDROM.PNF >
[2008/10/21 10:20:28 | 000,056,516 | ---- | M] () MD5=259D643D42910A938E3E7A6B372C6C3B -- C:\WINDOWS\inf\cdrom.PNF

< MD5 for: CDROM.PNG >
[2007/11/12 10:33:32 | 000,000,931 | ---- | M] () MD5=6A09A46C3CD6F8A392DFF593A8FD8517 -- C:\Program Files\Plone\python\Lib\site-packages\wx-2.8-msw-ansi\wx\tools\Editra\pixmaps\theme\Tango\menu\cdrom.png

< MD5 for: CDROM.SY_ >
[2004/08/03 21:59:54 | 000,024,812 | ---- | M] () MD5=AC59EC774E0092BE96B6F012F391F002 -- C:\cmdcons\CDROM.SY_

< MD5 for: CDROM.SYS >
[2008/04/14 01:10:48 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=1F4260CC5B42272D71F79E570A27A4FE -- C:\WINDOWS\$NtUninstallKB932716-v2$\cdrom.sys
[2008/05/02 05:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\Driver Cache\i386\cdrom.sys
[2008/05/02 05:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\dllcache\cdrom.sys
[2008/05/02 05:49:39 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=4B0A100EAF5C49EF3CCA8C641431EACC -- C:\WINDOWS\system32\drivers\cdrom.sys

< End of report >

Satchfan · Nov 15, 2010

msobczak

Although Eset found quite a few infections, not all were dealt but don’t worry, the remaining ones will be removed when we clear up the tools you have been using.

Run OTL

Double click on the icon to run it.

Copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:Services :OTL [2010/10/23 21:33:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\AVP 2009 :Commands [purity] [emptytemp] [Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log (don't check the boxes beside LOP Check or Purity this time)

Please post back with the log and let me know if you are having any problems now.

Satchfan

msobczak · Nov 15, 2010

Results of OTL fix

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Documents and Settings\msobczak\Application Data\AVP 2009 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 989880 bytes
->Temporary Internet Files folder emptied: 111826 bytes

User: msobczak
->Temp folder emptied: 112722665 bytes
->Temporary Internet Files folder emptied: 8872541 bytes
->Java cache emptied: 6408397 bytes
->FireFox cache emptied: 66106908 bytes
->Flash cache emptied: 26207 bytes

User: NetworkService
->Temp folder emptied: 1989832 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2402044 bytes
%systemroot%\System32 .tmp files removed: 7103 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1136609 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3531596115 bytes

Total Files Cleaned = 3,559.00 mb

OTL by OldTimer - Version 3.2.17.1 log created on 11152010_180750

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

msobczak · Nov 15, 2010

Results of OTL full scan

OTL logfile created on: 11/15/2010 6:16:57 PM - Run 5
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Documents and Settings\msobczak\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 83.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 58.68 Gb Free Space | 76.89% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 205.27 Gb Free Space | 73.45% Space Free | Partition Type: NTFS
Drive G: | 465.75 Gb Total Space | 16.26 Gb Free Space | 3.49% Space Free | Partition Type: NTFS

Computer Name: HOME-BIOSTAR | User Name: msobczak | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\msobczak\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\notes\nsd.exe (IBM)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Documents and Settings\msobczak\Application Data\Dropbox\bin\Dropbox.exe ()
PRC - C:\WINDOWS\system32\lxdwcoms.exe ( )
PRC - C:\Lotus\Domino\nsd.exe (IBM Corp)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
PRC - C:\Program Files\Lexmark 7600 Series\lxdwmsdmon.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
PRC - C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\msobczak\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\nview.dll ()
MOD - C:\WINDOWS\system32\nvwddi.dll (NVIDIA Corporation)
MOD - C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )

========== Win32 Services (SafeList) ==========

SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe File not found
SRV - (vsmon) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies)
SRV - (Lotus Notes Diagnostics) -- C:\Notes\nsd.exe (IBM)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (lxdw_device) -- C:\WINDOWS\System32\lxdwcoms.exe ( )
SRV - (lxdwCATSCustConnectService) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe ()
SRV - (Zope_-372241316) -- C:\Program Files\Plone\python\PythonService.exe ()
SRV - (Lotus Domino Diagnostics (CLotusDomino)) Lotus Domino Diagnostics (CLotusDomino) -- C:\Lotus\Domino\nsd.exe (IBM Corp)
SRV - (Lotus Domino Server (LotusDominodata)) Lotus Domino Server (LotusDominodata) -- C:\Lotus\Domino\nservice.exe (IBM Corp)

========== Driver Services (SafeList) ==========

DRV - (pppop) -- C:\WINDOWS\System32\DRIVERS\pppop.sys File not found
DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found
DRV - (MRESP50) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS File not found
DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found
DRV - (MREMP50) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS File not found
DRV - (mcdbus) -- C:\WINDOWS\System32\DRIVERS\mcdbus.sys File not found
DRV - (catchme) -- C:\DOCUME~1\msobczak\LOCALS~1\Temp\catchme.sys File not found
DRV - (ISWKL) -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (Pnp680) -- C:\WINDOWS\system32\DRIVERS\pnp680.sys (Silicon Image, Inc.)
DRV - (BS_I2cIo) -- C:\WINDOWS\system32\drivers\BS_I2cIo.sys (BIOSTAR Group)
DRV - (BIOS) -- C:\WINDOWS\system32\drivers\BIOS.sys (BIOSTAR Group)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHidFlt2.sys (Logitech)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.106
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.240.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010/11/08 18:24:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 21:26:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/08/19 07:40:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.6\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/08/19 07:40:17 | 000,000,000 | ---D | M]

[2010/07/02 14:01:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Extensions
[2010/07/02 14:01:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/01/08 10:30:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\eclipse\extensions
[2010/11/15 07:50:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\extensions
[2010/09/02 05:44:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/10/21 06:45:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\SeaMonkey\Profiles\ymk4f6di.default\extensions
[2010/08/31 20:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\msobczak\Application Data\Mozilla\SeaMonkey\Profiles\ymk4f6di.default\extensions\inspector@mozilla.org
[2010/08/19 21:08:14 | 000,000,939 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Mozilla\Firefox\Profiles\5wwmed26.default\searchplugins\conduit.xml
[2010/11/15 07:50:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/21 21:53:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/07/21 21:53:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2010/11/03 17:53:34 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Program Files\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [Lexmark 7600 Series Fax Server] C:\Program Files\Lexmark 7600 Series\fm3032.exe ()
O4 - HKLM..\Run: [lxdwamon] C:\Program Files\Lexmark 7600 Series\lxdwamon.exe ()
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\msobczak\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: sterlingbank.com ([mail] https in Trusted sites)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} http://files.member.yahoo.com/dl/installs/sbc/yinst.cab (YInstStarter Class)
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} https://mail.sterlingbank.com/iNotes6W.cab (iNotes6 Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://secure2.andersonsinc.com/,DanaInfo=andmail1.andent.andersonsinc.com,ST=1+/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab (Java Plug-in 1.5.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} http://quickplace.ebiztech.com/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://secure2.andersonsinc.com/dana-cached/setup/JuniperSetupSP1.cab (JuniperSetupSP1 Control)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://secure2.andersonsinc.com/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/17 09:59:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 18:07:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/11/15 07:40:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/11/12 15:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/11/12 15:09:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Local Settings\Application Data\Conduit
[2010/11/09 13:35:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/09 13:03:36 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/09 13:03:36 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/09 13:03:36 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/09 13:03:36 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/07 09:34:06 | 000,000,000 | ---D | C] -- C:\blah
[2010/11/03 17:54:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/11/03 17:15:18 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/11/03 17:07:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/31 20:05:37 | 000,000,000 | ---D | C] -- D:\Data\My Documents\NeroUser
[2010/10/31 20:03:17 | 000,000,000 | ---D | C] -- D:\Data\My Documents\PMP
[2010/10/31 12:13:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8
[2010/10/31 10:22:37 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\msobczak\Desktop\OTL.exe
[2010/10/24 12:17:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/10/24 11:27:53 | 000,000,000 | ---D | C] -- D:\Data\My Documents\ForceField Shared Files
[2010/10/24 11:27:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Application Data\CheckPoint
[2010/10/24 11:27:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\msobczak\Local Settings\Application Data\ZoneAlarm_Security
[2010/10/24 11:27:13 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/10/24 11:27:12 | 000,000,000 | ---D | C] -- C:\Program Files\ZoneAlarm_Security
[2010/10/24 11:26:44 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2010/10/24 11:26:41 | 000,058,368 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsregexp.dll
[2010/10/24 11:26:40 | 000,103,936 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcommdb.dll
[2010/10/24 11:26:40 | 000,069,120 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zlcomm.dll
[2010/10/24 11:26:35 | 001,238,528 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\zpeng25.dll
[2010/10/24 11:26:35 | 000,110,080 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsxml.dll
[2010/10/24 11:26:35 | 000,043,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vswmi.dll
[2010/10/24 11:26:34 | 000,532,224 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[2010/10/24 11:26:34 | 000,302,592 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vspubapi.dll
[2010/10/24 11:26:34 | 000,108,032 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsmonapi.dll
[2010/10/24 11:26:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ZoneLabs
[2010/10/24 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Zone Labs
[2010/10/24 11:25:45 | 000,714,240 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsutil.dll
[2010/10/24 11:25:45 | 000,228,352 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsinit.dll
[2010/10/24 11:25:45 | 000,112,128 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdata.dll
[2010/10/24 09:59:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/10/24 09:58:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/10/23 21:40:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2010/10/23 21:37:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp
[2010/10/23 21:35:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/10/23 21:35:18 | 004,294,360 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\msobczak\Desktop\something.exe
[2010/10/23 21:23:33 | 009,578,056 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\msobczak\Desktop\SUPERAntiSpyware.exe
[2010/10/23 21:23:13 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\msobczak\Desktop\ATF-Cleaner.exe
[2010/10/21 07:22:58 | 000,000,000 | ---D | C] -- C:\cports
[2010/10/21 07:09:50 | 003,887,480 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\procexp.exe
[2009/10/11 09:21:04 | 000,409,600 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcoin.dll
[2009/10/11 09:16:52 | 001,069,056 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwserv.dll
[2009/10/11 09:16:52 | 000,860,160 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwusb1.dll
[2009/10/11 09:16:52 | 000,651,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwpmui.dll
[2009/10/11 09:16:52 | 000,446,464 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDWhcp.dll
[2009/10/11 09:16:52 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwinpa.dll
[2009/10/11 09:16:52 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwiesc.dll
[2009/10/11 09:16:51 | 000,761,856 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomc.dll
[2009/10/11 09:16:51 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwhbn3.dll
[2009/10/11 09:16:51 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwlmpm.dll
[2009/10/11 09:16:51 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdwcomm.dll
[2008/12/16 18:46:12 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\msobczak\Application Data\pcouffin.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/15 18:12:27 | 000,000,104 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/11/15 18:11:46 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/15 18:11:39 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/15 09:43:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/15 07:35:47 | 000,077,312 | ---- | M] () -- D:\Data\My Documents\100_0952_Eric2.jpg
[2010/11/15 07:35:47 | 000,073,824 | ---- | M] () -- D:\Data\My Documents\100_0951_Eric3.jpg
[2010/11/15 07:35:46 | 000,068,228 | ---- | M] () -- D:\Data\My Documents\100_0950_1Eric.jpg
[2010/11/10 07:32:16 | 000,035,636 | ---- | M] () -- C:\WINDOWS\vpd.properties
[2010/11/10 07:32:16 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\msobczak\.WASRegistry
[2010/11/10 07:27:50 | 000,000,162 | ---- | M] () -- C:\WINDOWS\.nifregistry
[2010/11/09 13:02:38 | 003,906,966 | R--- | M] () -- C:\Documents and Settings\msobczak\Desktop\ComboFix.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/07 09:00:32 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/11/03 17:53:34 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/03 17:15:24 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/11/03 17:06:24 | 003,901,988 | R--- | M] () -- C:\Documents and Settings\msobczak\Desktop\blah.exe
[2010/11/01 11:13:56 | 006,492,160 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2010/11/01 11:13:56 | 003,156,992 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2010/10/31 12:13:13 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/10/31 12:13:13 | 000,000,677 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\DVDFab 8.lnk
[2010/10/31 11:29:20 | 000,019,973 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\OTL_scan.zip
[2010/10/31 11:29:02 | 000,005,035 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Gmer_scan.zip
[2010/10/31 11:28:44 | 000,286,404 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Gmer.zip
[2010/10/31 10:22:43 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\msobczak\Desktop\OTL.exe
[2010/10/24 11:28:10 | 000,421,442 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/24 11:26:43 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2010/10/24 11:26:42 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\ZoneAlarm Security.lnk
[2010/10/24 10:00:54 | 000,545,280 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\dds.scr
[2010/10/24 09:59:06 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/24 09:58:57 | 000,000,599 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\ERUNT.lnk
[2010/10/23 22:23:13 | 000,000,721 | ---- | M] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 22:23:13 | 000,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/23 21:35:38 | 004,294,360 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\msobczak\Desktop\something.exe
[2010/10/23 21:24:44 | 009,578,056 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\msobczak\Desktop\SUPERAntiSpyware.exe
[2010/10/23 21:23:13 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\msobczak\Desktop\ATF-Cleaner.exe
[2010/10/23 21:21:31 | 000,364,032 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\rkill.scr
[2010/10/21 07:29:50 | 000,000,501 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\Shortcut to cports.exe.lnk
[2010/10/21 07:11:37 | 005,505,024 | ---- | M] () -- D:\Data\My Documents\Tooling.nsf
[2010/10/21 07:10:14 | 000,000,415 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\procexp.exe.lnk
[2010/10/19 15:00:08 | 000,294,912 | ---- | M] () -- C:\Documents and Settings\msobczak\Desktop\gmer.exe
[2010/10/19 06:29:50 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/09 13:03:36 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/09 13:03:36 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/09 13:03:36 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/09 13:03:36 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/09 13:03:36 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/09 13:02:08 | 003,906,966 | R--- | C] () -- C:\Documents and Settings\msobczak\Desktop\ComboFix.exe
[2010/11/03 17:15:23 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/11/03 17:15:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/11/03 17:01:53 | 003,901,988 | R--- | C] () -- C:\Documents and Settings\msobczak\Desktop\blah.exe
[2010/10/31 12:13:13 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
[2010/10/31 12:13:13 | 000,000,677 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\DVDFab 8.lnk
[2010/10/31 11:29:20 | 000,019,973 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\OTL_scan.zip
[2010/10/31 11:29:02 | 000,005,035 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Gmer_scan.zip
[2010/10/31 10:50:46 | 000,294,912 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\gmer.exe
[2010/10/31 10:49:55 | 000,286,404 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Gmer.zip
[2010/10/24 11:26:42 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\ZoneAlarm Security.lnk
[2010/10/24 11:26:34 | 000,421,442 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2010/10/24 10:18:29 | 000,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2010/10/24 10:00:53 | 000,545,280 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\dds.scr
[2010/10/24 09:59:06 | 000,000,774 | ---- | C] () -- C:\Documents and Settings\msobczak\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/10/24 09:58:57 | 000,000,599 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\ERUNT.lnk
[2010/10/23 22:23:13 | 000,000,721 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010/10/23 21:21:30 | 000,364,032 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\rkill.scr
[2010/10/21 07:29:50 | 000,000,501 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\Shortcut to cports.exe.lnk
[2010/10/21 07:10:03 | 000,000,415 | ---- | C] () -- C:\Documents and Settings\msobczak\Desktop\procexp.exe.lnk
[2010/10/21 07:01:14 | 005,505,024 | ---- | C] () -- D:\Data\My Documents\Tooling.nsf
[2010/10/17 10:43:38 | 000,743,737 | ---- | C] () -- D:\Data\My Documents\100_1225.jpg
[2010/08/29 18:32:07 | 000,006,914 | ---- | C] () -- C:\Documents and Settings\msobczak\Local Settings\Application Data\rational_state.log
[2009/10/11 09:21:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdwvs.dll
[2009/10/11 09:20:18 | 001,036,288 | ---- | C] () -- C:\WINDOWS\System32\lxdwdrs.dll
[2009/10/11 09:20:18 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\lxdwcaps.dll
[2009/10/11 09:20:18 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdwcnv4.dll
[2009/10/11 09:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXDWPMON.DLL
[2009/10/11 09:20:03 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXDWFXPU.DLL
[2009/10/11 09:19:43 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxdwoem.dll
[2009/10/11 09:17:46 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdwrwrd.ini
[2009/10/11 09:16:52 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\LXDWinst.dll
[2009/10/11 09:16:51 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdwgrd.dll
[2009/07/13 16:18:51 | 000,000,446 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\JuniperExtXP.log
[2009/01/27 11:00:27 | 000,000,023 | ---- | C] () -- C:\Documents and Settings\msobczak\Local Settings\Application Data\kodakpcd.ini
[2008/12/16 18:46:12 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.cat
[2008/12/16 18:46:12 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.inf
[2008/12/16 18:46:12 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\msobczak\Application Data\pcouffin.log
[2008/12/12 13:23:16 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/12/02 23:05:41 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS75.DLL
[2008/12/02 22:03:22 | 000,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/12/02 21:50:20 | 000,109,056 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2008/12/02 21:50:20 | 000,000,488 | ---- | C] () -- C:\WINDOWS\Cmousecc.ini
[2008/11/30 19:27:16 | 000,000,141 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/11/29 14:58:56 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/04 19:31:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/03 19:44:47 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2008/11/03 19:32:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/10/18 11:21:02 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2008/10/17 02:00:16 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/01/03 17:26:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/01/03 17:26:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/01/03 17:26:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/01/03 17:26:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/01/03 17:26:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/06/30 13:15:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[1999/03/09 23:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1999/01/22 11:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/13 11:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 23:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[1997/02/01 23:23:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[1996/07/08 23:23:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[1994/07/24 23:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[1994/04/06 23:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

< End of report >

Satchfan · Nov 16, 2010

PC Infected

Msobczak

Good news - your log shows no sign of infection.

Please let me how your computer is running.

Satchfan

msobczak · Nov 17, 2010

PC is working fine

Haven't noticed anything in a few days.

Let's close this out.

Thanks for your help!

Satchfan · Nov 18, 2010

Msobczak

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall ComboFix

Follow these steps to make sure that Combofix is completely uninstalled

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

• Once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL

• Double-click OTL.exe
• Click the CleanUp! button.
• Select Yes when the Begin cleanup Process? prompt appears.
• If you are prompted to reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

===================================================

I see no sign of the antivirus you installed previously. If you use the Internet without an antivirus program your computer will certainly become infected again.

If you no longer have Avast, download and install one of the following:

• AVG 2011 Free
• Free Avast Home Edition
• Avira AntiVir® Personal Edition Classic

Update Adobe Reader and Java

Your version of Adobe Reader is very out of date. You also have old versions of Java on your computer. Older versions of both programs have vulnerabilities that malicious sites can use to exploit and infect your system.

• Go to Add/Remove Programs and remove all versions of Adobe Reader and Java.
• Click here to download the latest version of Adobe Reader.
• Go here to download the latest version of Java.

===================================================

Set your computer to automatically check for Windows updates.

To turn on Automatic Updates:

• Click Start, Settings and then click Control Panel.
• Double-click Automatic Updates.
• Choose Automatic (recommended).

===================================================

I suggest that you run SUPERAntiSpyware and Malwarebytes’ AntiMalware on a regular basis, probably weekly.

===================================================

I also recommend that you read the following:

“So how did I get infected in the first place”?
by Tony Klein
"How to prevent malware"
by miekiemoes

Remember to keep updating all of the above programs to help your computer remains clean. You can never update too often and your computer will not be protected from new malware if your programs are not up-to-date.

Safe computing

Satchfan

PC infected

msobczak

New member

Satchfan

Security Expert

msobczak

New member

msobczak

New member

Satchfan

Security Expert

msobczak

New member

msobczak

New member

Satchfan

Security Expert

msobczak

New member

Satchfan

Security Expert