Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I still need help.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I still need help.

Unread postby jkwozney » June 29th, 2010, 5:37 pm

I was being helped but I took too long responding to my last helper. Here's a link to the old thread:

viewtopic.php?f=11&t=51814

I followed the instructions I was last given and got rid of uTorrent. I still don't have sound, system restore or wireless signal though.

Here's my updated log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:30:41 PM, on 6/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\UStorSrv.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5d2b8007-1aaf-44f5-856c-632b9fda28e0} - rejipupo.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [gohasilipa] Rundll32.exe "heyejopo.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [gohasilipa] Rundll32.exe "heyejopo.dll",s (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [gohasilipa] Rundll32.exe "heyejopo.dll",s (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ccagent.exe] C:\Documents and Settings\Jwozney\Application Data\ACommander\ccagent.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ccagent.exe] C:\Documents and Settings\Jwozney\Application Data\ACommander\ccagent.exe (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 7582207376
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Jwozney.local
O17 - HKLM\Software\..\Telephony: DomainName = Jwozney.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Jwozney.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Jwozney.local
O20 - AppInit_DLLs: rurafele.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: UStorage Server Service - OTi - C:\WINDOWS\system32\UStorSrv.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8420 bytes
jkwozney
Active Member
 
Posts: 9
Joined: June 15th, 2010, 11:42 am
Advertisement
Register to Remove

Re: I still need help.

Unread postby MWR 3 day Mod » July 2nd, 2010, 11:38 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: I still need help.

Unread postby deltalima » July 5th, 2010, 9:04 am

Hi jkwozney,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I still need help.

Unread postby jkwozney » July 8th, 2010, 8:11 am

Here are the logs you requested.

OTL logfile created on: 7/8/2010 7:08:30 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 636.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 11.15 Gb Free Space | 15.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.46 Gb Total Space | 4.79 Gb Free Space | 64.11% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JWOZNEY
Current User Name: Jwozney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
PRC - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\UStorSrv.exe (OTi)


========== Modules (SafeList) ==========

MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
MOD - C:\WINDOWS\system32\cewmdm.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe (Intel Corporation)
SRV - (WLANKEEPER) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe (Intel Corporation)
SRV - (S24EventMonitor) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe (Intel Corporation)
SRV - (UStorage Server Service) -- C:\WINDOWS\System32\UStorSrv.exe (OTi)


========== Driver Services (SafeList) ==========

DRV - (ffcvryx) -- C:\WINDOWS\System32\drivers\ffcvryx.sys ()
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (NETw4x32) Intel(R) -- C:\WINDOWS\system32\drivers\NETw4x32.sys (Intel Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (rimmptsk) -- C:\WINDOWS\system32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\WINDOWS\system32\drivers\rixdptsk.sys (REDC)
DRV - (monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (HSFHWAZL) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (CTUSFSYN) -- C:\WINDOWS\system32\drivers\ctusfsyn.sys (Creative Technology Ltd.)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555



IE - HKU\S-1-5-21-856469676-1127877537-354656731-1118\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-856469676-1127877537-354656731-1118\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-856469676-1127877537-354656731-1118\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-856469676-1127877537-354656731-1118\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/03 16:25:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/03 16:25:26 | 000,000,000 | ---D | M]

[2009/04/10 06:48:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jwozney\Application Data\Mozilla\Extensions
[2010/06/21 09:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jwozney\Application Data\Mozilla\Firefox\Profiles\rq9luuzd.default\extensions
[2010/04/28 00:06:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jwozney\Application Data\Mozilla\Firefox\Profiles\rq9luuzd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/21 09:26:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/26 23:25:44 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5d2b8007-1aaf-44f5-856c-632b9fda28e0} - File not found
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-856469676-1127877537-354656731-1118\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [gohasilipa] File not found
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\.DEFAULT..\Run: [ccagent.exe] C:\Documents and Settings\Jwozney\Application Data\ACommander\ccagent.exe File not found
O4 - HKU\.DEFAULT..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\debug.exe File not found
O4 - HKU\.DEFAULT..\Run: [mpfkdeua] C:\Documents and Settings\NetworkService\Local Settings\Application Data\yktetftpk\fohurwdtssd.exe File not found
O4 - HKU\S-1-5-18..\Run: [ccagent.exe] C:\Documents and Settings\Jwozney\Application Data\ACommander\ccagent.exe File not found
O4 - HKU\S-1-5-18..\Run: [hsf87efjhdsf87f3jfsdi7fhsujfd] C:\WINDOWS\TEMP\debug.exe File not found
O4 - HKU\S-1-5-18..\Run: [mpfkdeua] C:\Documents and Settings\NetworkService\Local Settings\Application Data\yktetftpk\fohurwdtssd.exe File not found
O4 - HKU\S-1-5-19..\Run: [gohasilipa] File not found
O4 - HKU\S-1-5-20..\Run: [gohasilipa] File not found
O4 - HKU\S-1-5-21-856469676-1127877537-354656731-1118..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-856469676-1127877537-354656731-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-856469676-1127877537-354656731-1118\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/v ... .2.4.1.cab (DLM Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 7582207376 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Jwozney.local
O20 - AppInit_DLLs: (rurafele.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Documents and Settings\Jwozney\Application Data\ACommander\ccmain.exe) - C:\Documents and Settings\Jwozney\Application Data\ACommander\ccmain.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Documents and Settings\Jwozney\Application Data\ACommander\ccmain.exe) - C:\Documents and Settings\Jwozney\Application Data\ACommander\ccmain.exe File not found
O20 - HKU\S-1-5-21-856469676-1127877537-354656731-1118 Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 17:28:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{14b198f0-56bb-11de-81a6-001422f0e05b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{14b198f0-56bb-11de-81a6-001422f0e05b}\Shell\Explore\command - "" = autorun.exe
O33 - MountPoints2\{14b198f0-56bb-11de-81a6-001422f0e05b}\Shell\Open\command - "" = autorun.exe
O33 - MountPoints2\{a96c57ef-2905-11de-819a-001422f0e05b}\Shell - "" = AutoRun
O33 - MountPoints2\{a96c57ef-2905-11de-819a-001422f0e05b}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a96c57ef-2905-11de-819a-001422f0e05b}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/06/26 23:21:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/06/26 23:19:58 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/23 15:41:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/23 15:41:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/18 18:14:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jwozney\Application Data\vlc
[2010/06/18 17:55:58 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/03 01:53:20 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/05/26 01:36:49 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\Settings
[2010/05/10 21:15:13 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jwozney\Recent
[2010/05/10 21:07:45 | 000,000,000 | ---D | C] -- C:\rsit
[2010/05/09 23:41:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\yktetftpk
[2010/05/07 00:43:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/05/07 00:42:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/05/06 10:56:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/06 10:31:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2010/05/06 10:15:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/05/06 08:06:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/05/06 08:06:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/05 23:53:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\hcnvedvsn
[2010/05/04 07:14:23 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jwozney\Desktop\myapp.exe
[2010/05/04 07:04:21 | 000,178,000 | ---- | C] (Kaspersky Lab) -- C:\Documents and Settings\Jwozney\Desktop\TDSSKiller.exe
[2010/05/02 16:33:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2010/04/29 11:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/04/28 16:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/04/28 16:37:54 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Jwozney\Desktop\ccsetup231.exe
[2010/04/28 11:40:33 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\GroupPolicy
[2010/04/28 11:12:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jwozney\Application Data\Malwarebytes
[2010/04/28 11:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/04/28 11:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/04/28 10:56:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/04/28 10:56:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/04/28 10:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/04/28 10:18:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jwozney\Application Data\00313E5C56B80F9D2C1B235040946104
[2010/04/27 12:05:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/19 17:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jwozney\Desktop\backups
[2010/04/13 18:13:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\SchCache
[2010/04/09 10:10:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\custom matrices
[2010/04/09 10:10:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\C2MP
[2010/04/09 10:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVI Codec Pack
[2010/04/09 10:01:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\quicktime
[1 C:\Documents and Settings\Jwozney\My Documents\*.tmp files -> C:\Documents and Settings\Jwozney\My Documents\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/08 06:50:50 | 000,512,960 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/08 06:50:50 | 000,435,828 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/08 06:50:50 | 000,068,558 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/08 06:46:52 | 000,030,356 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2010/07/08 06:46:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/08 06:46:10 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/06 15:24:29 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\Argyle.doc
[2010/07/06 14:18:38 | 000,000,364 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2010/07/06 01:41:49 | 000,158,720 | ---- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/29 16:35:50 | 004,456,448 | ---- | M] () -- C:\Documents and Settings\Jwozney\ntuser.dat
[2010/06/29 16:35:38 | 004,839,476 | -H-- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\IconCache.db
[2010/06/29 16:30:41 | 000,008,421 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\hijackthis_new
[2010/06/29 16:29:28 | 000,002,457 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\HiJackThis.lnk
[2010/06/26 23:19:59 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\ERUNT.lnk
[2010/06/23 17:10:14 | 000,008,359 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\hijackthis2
[2010/06/23 16:48:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/23 16:28:09 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/23 15:28:04 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/13 07:54:11 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\Senseless World 30 minutes.doc
[2010/06/07 23:48:59 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\One day back in 1994.doc
[2010/06/05 16:23:53 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\Do You Harbor Resentment or Do You Forgive (revised).doc
[2010/05/27 17:57:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/19 12:54:24 | 002,132,672 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/18 22:45:27 | 000,030,356 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/15 02:26:24 | 000,068,544 | ---- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/14 11:42:29 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\JWozneyResume.doc
[2010/05/12 11:11:20 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Jwozney\My Documents\~$jwozneyResume.doc
[2010/05/10 19:54:08 | 000,824,681 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\RSIT.exe
[2010/05/10 19:50:31 | 000,451,584 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\CKScanner.exe
[2010/05/10 19:24:06 | 000,013,824 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\kXk1e8cNYr5
[2010/05/10 19:24:05 | 000,013,824 | -HS- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\kXk1e8cNYr5
[2010/05/07 07:03:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/06 10:54:43 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\HiJackThis.msi
[2010/05/06 10:16:13 | 000,000,603 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/06 10:16:13 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/06 10:16:13 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/05/06 10:14:26 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/05/06 08:12:15 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Jwozney\ntuser.ini
[2010/05/04 07:14:23 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Jwozney\Desktop\myapp.exe
[2010/05/04 07:03:33 | 000,154,469 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\tdsskiller.zip
[2010/05/04 06:42:58 | 000,000,370 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\fix.inf
[2010/05/03 09:38:15 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\ffcvryx.sys
[2010/05/03 09:33:17 | 000,000,000 | ---- | M] () -- C:\Settings.ini
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/29 11:45:18 | 000,013,586 | -HS- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\860882149
[2010/04/29 11:45:18 | 000,013,586 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\860882149
[2010/04/28 22:56:29 | 000,000,360 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\fix.reg
[2010/04/28 16:41:00 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Jwozney\Desktop\ccsetup231.exe
[2010/04/28 16:38:11 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/28 13:20:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jwozney\defogger_reenable
[2010/04/28 10:44:04 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Jwozney\Desktop\rkill.com
[2010/04/28 10:30:57 | 000,017,006 | -HS- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\KLry0l
[2010/04/28 10:30:57 | 000,017,006 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\KLry0l
[2010/04/16 14:21:20 | 000,030,720 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\JWozney_Resume.doc
[2010/04/14 01:37:48 | 000,015,840 | -HS- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\40e2
[2010/04/14 01:37:48 | 000,015,840 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\40e2
[2010/04/13 20:04:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\April PNC Payment.doc
[2010/04/13 17:32:20 | 000,108,883 | ---- | M] () -- C:\Documents and Settings\Jwozney\My Documents\JWozney-2009.pdf
[2010/04/11 15:58:55 | 000,017,322 | -HS- | M] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\0CMR8yFmkXh
[2010/04/11 15:58:55 | 000,017,322 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\0CMR8yFmkXh
[1 C:\Documents and Settings\Jwozney\My Documents\*.tmp files -> C:\Documents and Settings\Jwozney\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/06 14:23:07 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\Argyle.doc
[2010/06/29 16:30:41 | 000,008,421 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\hijackthis_new
[2010/06/26 23:19:59 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\ERUNT.lnk
[2010/06/23 17:10:13 | 000,008,359 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\hijackthis2
[2010/06/07 23:48:59 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\One day back in 1994.doc
[2010/06/05 10:15:46 | 000,049,152 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\Do You Harbor Resentment or Do You Forgive (revised).doc
[2010/05/12 11:11:20 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Jwozney\My Documents\~$jwozneyResume.doc
[2010/05/10 19:53:58 | 000,824,681 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\RSIT.exe
[2010/05/10 19:50:27 | 000,451,584 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\CKScanner.exe
[2010/05/06 10:56:18 | 000,002,457 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\HiJackThis.lnk
[2010/05/06 10:54:42 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\HiJackThis.msi
[2010/05/04 07:03:32 | 000,154,469 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\tdsskiller.zip
[2010/05/04 06:42:55 | 000,000,370 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\fix.inf
[2010/05/03 09:33:17 | 000,000,000 | ---- | C] () -- C:\Settings.ini
[2010/04/29 11:45:07 | 000,013,586 | -HS- | C] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\860882149
[2010/04/29 11:45:07 | 000,013,586 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\860882149
[2010/04/28 22:56:29 | 000,000,360 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\fix.reg
[2010/04/28 16:38:11 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/04/28 16:37:59 | 000,013,824 | -HS- | C] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\kXk1e8cNYr5
[2010/04/28 16:37:59 | 000,013,824 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kXk1e8cNYr5
[2010/04/28 13:20:32 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jwozney\defogger_reenable
[2010/04/28 10:43:58 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Jwozney\Desktop\rkill.com
[2010/04/28 10:19:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\ffcvryx.sys
[2010/04/28 10:19:28 | 000,017,006 | -HS- | C] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\KLry0l
[2010/04/28 10:19:28 | 000,017,006 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KLry0l
[2010/04/16 14:21:20 | 000,030,720 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\JWozney_Resume.doc
[2010/04/14 01:35:37 | 000,015,840 | -HS- | C] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\40e2
[2010/04/14 01:35:37 | 000,015,840 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\40e2
[2010/04/13 20:04:02 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\April PNC Payment.doc
[2010/04/13 17:32:20 | 000,108,883 | ---- | C] () -- C:\Documents and Settings\Jwozney\My Documents\JWozney-2009.pdf
[2010/04/11 15:56:40 | 000,017,322 | -HS- | C] () -- C:\Documents and Settings\Jwozney\Local Settings\Application Data\0CMR8yFmkXh
[2010/04/11 15:56:40 | 000,017,322 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\0CMR8yFmkXh
[2010/03/02 20:00:00 | 004,555,278 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/03/02 20:00:00 | 001,449,935 | ---- | C] () -- C:\WINDOWS\System32\ffmpegmt.dll
[2010/03/02 20:00:00 | 000,877,385 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2010/03/02 20:00:00 | 000,556,491 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/03/02 20:00:00 | 000,336,384 | ---- | C] () -- C:\WINDOWS\System32\ff_libfaad2.dll
[2010/03/02 20:00:00 | 000,324,096 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/03/02 20:00:00 | 000,248,320 | ---- | C] () -- C:\WINDOWS\System32\ff_kernelDeint.dll
[2010/03/02 20:00:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\ff_libdts.dll
[2010/03/02 20:00:00 | 000,169,984 | ---- | C] () -- C:\WINDOWS\System32\ff_samplerate.dll
[2010/03/02 20:00:00 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\ff_libmad.dll
[2010/03/02 20:00:00 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/03/02 20:00:00 | 000,121,856 | ---- | C] () -- C:\WINDOWS\System32\ff_liba52.dll
[2010/03/02 20:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\ff_tremor.dll
[2010/03/02 20:00:00 | 000,100,864 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2010/03/02 20:00:00 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\ff_unrar.dll
[2010/03/02 20:00:00 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/11/19 22:39:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/14 14:37:08 | 000,154,112 | ---- | C] () -- C:\WINDOWS\System32\ts.dll
[2009/11/14 14:33:38 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\dxr.dll
[2009/11/14 14:11:50 | 000,093,184 | ---- | C] () -- C:\WINDOWS\System32\avss.dll
[2009/11/14 14:11:42 | 000,150,016 | ---- | C] () -- C:\WINDOWS\System32\mkx.dll
[2009/11/14 14:11:42 | 000,141,824 | ---- | C] () -- C:\WINDOWS\System32\mp4.dll
[2009/11/14 14:11:40 | 000,123,392 | ---- | C] () -- C:\WINDOWS\System32\ogm.dll
[2009/11/14 14:11:40 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\avi.dll
[2009/11/14 14:11:38 | 000,097,792 | ---- | C] () -- C:\WINDOWS\System32\avs.dll
[2009/11/14 14:11:32 | 000,080,384 | ---- | C] () -- C:\WINDOWS\System32\mkzlib.dll
[2009/11/14 14:11:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\mkunicode.dll
[2009/09/12 20:45:26 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2009/06/07 12:24:04 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/04/15 14:00:39 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/04/15 14:00:39 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/04/15 14:00:39 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/04/15 14:00:38 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/04/15 13:27:17 | 000,022,629 | ---- | C] () -- C:\WINDOWS\System32\CiFilter.ini
[2009/04/02 10:33:13 | 000,000,364 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2009/03/31 13:04:40 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/03/25 12:14:45 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2009/01/10 18:15:44 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\mmfinfo.dll
[2008/11/06 12:37:32 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/13 05:30:20 | 000,000,137 | ---- | C] () -- C:\WINDOWS\System32\Registration.ini
[2007/08/06 11:07:30 | 000,008,520 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2004/12/19 09:17:10 | 000,614,400 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/10/06 14:42:56 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/10/04 19:04:24 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2002/10/04 19:04:16 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/05/15 19:38:40 | 000,091,136 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 7/8/2010 7:08:30 AM - Run 1
OTL by OldTimer - Version 3.2.8.1 Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 636.00 Mb Available Physical Memory | 62.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.79 Gb Total Space | 11.15 Gb Free Space | 15.98% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 7.46 Gb Total Space | 4.79 Gb Free Space | 64.11% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JWOZNEY
Current User Name: Jwozney
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- File not found
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Documents and Settings\Jwozney\Local Settings\Temp\Vcg.exe" = C:\Documents and Settings\Jwozney\Local Settings\Temp\Vcg.exe:*:Enabled:Vcg -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3881DB80-EAA2-012B-ADAE-000000000000}" = TurboTax 2009 WinPerFedFormset
"{38975F50-EAA2-012B-ADB4-000000000000}" = TurboTax 2009 WinPerReleaseEngine
"{38A34630-EAA2-012B-ADB6-000000000000}" = TurboTax 2009 WinPerTaxSupport
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3C5A81D0-EAA2-012B-AE9F-000000000000}" = TurboTax 2009 wrapper
"{3D29DFC0-EAA2-012B-AED3-000000000000}" = TurboTax 2009 wvaiper
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = iSEEK AnswerWorks English Runtime
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}" = WinZip 12.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AVI Codec Pack" = AVI Codec Pack
"CCleaner" = CCleaner
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"ERUNT_is1" = ERUNT 1.1j
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.9.5
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.9)" = Mozilla Firefox (3.5.9)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel(R) PROSet/Wireless Software
"SAMB_ADVMB_FILTER_DRV" = Sound Blaster ADVANCED MB Drivers
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"TurboTax 2009" = TurboTax 2009
"U-Storage Service" = U-Storage Service
"VLC media player" = VLC media player 1.0.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-856469676-1127877537-354656731-1118\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/7/2010 10:09:42 PM | Computer Name = JWOZNEY | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 7/7/2010 10:09:42 PM | Computer Name = JWOZNEY | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 7/7/2010 10:09:45 PM | Computer Name = JWOZNEY | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80070836). The workstation driver is not installed. Enrollment
will not be performed.

Error - 7/7/2010 10:09:49 PM | Computer Name = JWOZNEY | Source = Google Update | ID = 20
Description =

Error - 7/7/2010 10:16:43 PM | Computer Name = JWOZNEY | Source = Google Update | ID = 20
Description =

Error - 7/8/2010 6:46:29 AM | Computer Name = JWOZNEY | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 7/8/2010 6:46:31 AM | Computer Name = JWOZNEY | Source = Userenv | ID = 1054
Description = Windows cannot obtain the domain controller name for your computer
network. (The workstation driver is not installed. ). Group Policy processing aborted.


Error - 7/8/2010 6:46:33 AM | Computer Name = JWOZNEY | Source = Google Update | ID = 20
Description =

Error - 7/8/2010 6:46:33 AM | Computer Name = JWOZNEY | Source = AutoEnrollment | ID = 15
Description = Automatic certificate enrollment for local system failed to contact
the active directory (0x80070836). The workstation driver is not installed. Enrollment
will not be performed.

Error - 7/8/2010 6:59:48 AM | Computer Name = JWOZNEY | Source = Google Update | ID = 20
Description =

[ System Events ]
Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Error Reporting Service
service to connect.

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the COM+ Event System service
to connect.

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7000
Description = The COM+ Event System service failed to start due to the following
error: %%1053

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Help and Support service
to connect.

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7000
Description = The Help and Support service failed to start due to the following
error: %%1053

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HID Input Service service
to connect.

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7000
Description = The HID Input Service service failed to start due to the following
error: %%1053

Error - 6/23/2010 4:51:17 PM | Computer Name = JWOZNEY | Source = Service Control Manager | ID = 7001
Description = The System Event Notification service depends on the COM+ Event System
service which failed to start because of the following error: %%1053

Error - 6/24/2010 12:05:51 AM | Computer Name = JWOZNEY | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 6/24/2010 12:05:51 AM | Computer Name = JWOZNEY | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.


< End of report >
jkwozney
Active Member
 
Posts: 9
Joined: June 15th, 2010, 11:42 am

Re: I still need help.

Unread postby deltalima » July 8th, 2010, 8:57 am

Hi jkwozney,

Security Check

  • Download Security Check by screen317 from:
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Please post the log from the GMER scan.

If GMER failed to run then please run this alternative scan.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of the report and paste it in a reply here.

Next

Now please run Malwarebytes, update and run a quick scan, remove any infected items found and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: I still need help.

Unread postby Gary R » July 11th, 2010, 9:33 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 57 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware