Solved Computer shutting down on its own

jewelianne · 2009/09/30

[Resolved] Computer shutting down on its own

http://www.windowsbbs.com/windows-xp/87423-computer-shutting-down-its-own.html

I put the link to my other thread so you can see some of the problems I am dealing with.
After reading the instructions for posting here, I downloaded DDS and began the scan. It was running for nearly two hours when I chose to stop it because I had no way of knowing if it was running since there was no progress bar or if it is supposed to run that long. I checked the Task Manager and it did not show up.
So I decided to come here to check before I proceeded any further.
I would appreciate it if someone could help me understand what to expect.
Thank you!

broni · 2009/09/30

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\system32\eventlog.dll
%systemroot%\system32\scecli.dll
%systemroot%\netlogon.dll
%systemroot%\system32\cngaudit.dll
%systemroot%\system32\sceclt.dll
%systemroot%\ntelogon.dll
%systemroot%\system32\logevent.dll

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
Since those are pretty big files, you can attach them, if you wish.

jewelianne · 2009/09/30

OTL logfile created on: 9/30/2009 10:11:21 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 156.05 Mb Available Physical Memory | 40.69% Memory free
922.21 Mb Paging File | 472.23 Mb Available in Paging File | 51.21% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 64.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.86 Mb Total Space | 484.86 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER1-CCD5E22C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe
PRC - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/09/13 21:46:42 | 00,980,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe
PRC - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
PRC - [2009/09/18 19:58:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe
PRC - [2008/08/30 16:04:08 | 01,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\WinVNC.exe
PRC - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/08/17 12:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/08/17 12:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2008/08/30 16:04:08 | 01,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\WinVNC.exe
PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/12/01 03:54:22 | 00,077,824 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2009/02/16 00:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2009/08/17 12:07:23 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/09/18 19:58:14 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2004/08/10 17:47:38 | 00,331,776 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\System32\sistray.exe
PRC - [2008/04/13 20:12:37 | 00,135,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\taskmgr.exe
PRC - [2009/09/30 22:07:46 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/09/13 21:46:42 | 00,980,512 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\a-squared Free\a2service.exe -- (a2free [Auto | Running])
SRV - [2008/10/16 18:22:20 | 00,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/08/17 11:58:55 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2007/09/12 18:27:24 | 00,554,352 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler [Auto | Running])
SRV - [2009/08/17 12:07:17 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/08/17 12:07:01 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/08/17 12:04:21 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/09/18 19:58:14 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2007/09/12 18:27:24 | 02,999,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate [On_Demand | Stopped])
SRV - File not found -- -- (LiveUpdate Notice Ex [Auto | Stopped])
SRV - [2008/01/29 17:38:31 | 00,583,048 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service [Auto | Running])
SRV - [2005/07/25 15:25:18 | 00,491,520 | ---- | M] ( ) -- C:\WINDOWS\System32\lxcfcoms.exe -- (lxcf_device [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2004/08/11 01:45:04 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2008/08/30 16:04:08 | 01,519,168 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service [Auto | Running])
SRV - [2009/02/16 00:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon [Auto | Running])
SRV - [2008/11/09 16:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.jewelianne.mysite.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim
IE - URLSearchHook: {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll (NetZero, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/15 07:23:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/09/18 19:58:17 | 00,000,000 | ---D | M]

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Pop-up Blocker) - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll (United Online, Inc.)
O2 - BHO: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (NetZero DSL) - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll (NetZero, Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [LXCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.DLL ()
O4 - HKLM..\Run: [NetZeroDSL] C:\Program Files\NetZero DSL\ConnectionCenter.exe (NetZero, Inc.)
O4 - HKLM..\Run: [PD0620 STISvc] C:\WINDOWS\System32\P0620Pin.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Google Update] C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\System32\sistray.exe (Silicon Integrated Systems Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/02/02 22:41:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: 6to4 - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[4 C:\WINDOWS\*.tmp files]
[2009/09/30 22:07:38 | 00,519,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/30 19:06:10 | 00,029,854 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\wolv.jpg
[2009/09/30 16:15:38 | 00,000,922 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\bbs.rtf
[2009/09/30 14:02:28 | 00,361,355 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2009/09/29 13:44:16 | 00,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2009/09/27 21:21:06 | 00,297,455 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\adblock_plus-1.1.1-fx+sm+tb.xpi
[2009/09/27 20:56:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/09/27 20:51:30 | 00,002,284 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/09/27 20:47:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Temp
[2009/09/27 20:47:31 | 00,000,978 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003UA.job
[2009/09/27 20:47:30 | 00,000,926 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003Core.job
[2009/09/27 20:47:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Google
[2009/09/27 20:46:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2009/09/27 19:58:53 | 00,143,075 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\****.JPG
[2009/09/27 19:53:34 | 00,001,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/09/27 19:53:31 | 00,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/09/27 19:53:31 | 00,000,000 | ---D | C] -- C:\Program Files\Belarc
[2009/09/27 19:25:01 | 00,061,573 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\error.JPG
[2009/09/27 18:54:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/09/27 18:51:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/09/27 12:14:16 | 00,050,572 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\julianne.jpg
[2009/09/27 12:13:36 | 00,050,572 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Jewel Rock.jpg
[2009/09/27 12:11:40 | 00,050,572 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\me.jpg
[2009/09/27 11:45:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/09/27 11:45:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AIM
[2009/09/27 11:45:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\AOL
[2009/09/27 11:41:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/09/27 11:41:39 | 00,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/09/27 11:41:29 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/09/27 11:41:17 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/09/27 11:41:15 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2009/09/27 10:42:37 | 00,000,362 | -H-- | C] () -- C:\IPH.PH
[2009/09/26 15:46:07 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009/09/26 15:45:35 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/09/25 18:24:19 | 00,324,710 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My first book.pdf
[2009/09/24 20:51:40 | 00,000,422 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1960232-1F44-4A00-A2D1-EDB898ED6FAA}.job
[2009/09/22 12:42:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2009/09/21 16:48:02 | 00,012,944 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Query.odt
[2009/09/20 20:06:10 | 00,000,150 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\.~lock.Untitled 1.odt#
[2009/09/20 15:22:45 | 00,081,544 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Irisetta and Valarion.odt
[2009/09/19 17:43:29 | 00,083,565 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\My first book.odt
[2009/09/19 10:40:54 | 00,001,724 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/19 10:40:53 | 00,000,000 | ---D | C] -- C:\Program Files\CodeStuff
[2009/09/18 21:49:42 | 00,081,544 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Untitled 1.odt
[2009/09/18 21:49:04 | 00,083,469 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\PARAMOUR ..odt
[2009/09/18 21:32:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/09/18 20:01:11 | 00,000,905 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/09/18 19:59:24 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/09/18 19:59:09 | 00,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2009/09/18 19:58:02 | 00,000,000 | ---D | C] -- C:\Program Files\Java
[2009/09/18 19:57:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/09/18 19:56:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/09/18 09:46:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo
[2009/09/18 09:44:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Yahoo!
[2009/09/18 09:44:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2009/09/18 09:43:32 | 00,000,812 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk
[2009/09/18 09:43:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/09/18 09:42:57 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[4 C:\WINDOWS\*.tmp files]
[2009/09/30 22:07:46 | 00,519,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/09/30 21:52:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003UA.job
[2009/09/30 20:52:07 | 00,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003Core.job
[2009/09/30 19:06:10 | 00,029,854 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\wolv.jpg
[2009/09/30 16:15:38 | 00,000,922 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\bbs.rtf
[2009/09/30 14:02:28 | 00,361,355 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds (1).scr
[2009/09/30 12:44:56 | 00,006,306 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2009 Doctor Info.rtf
[2009/09/30 12:26:24 | 00,002,683 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\2009 August list of meds.rtf
[2009/09/30 09:40:45 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A1960232-1F44-4A00-A2D1-EDB898ED6FAA}.job
[2009/09/30 07:44:18 | 00,350,192 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/09/30 07:43:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/30 07:43:25 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/09/30 07:43:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/09/27 21:21:11 | 00,297,455 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\adblock_plus-1.1.1-fx+sm+tb.xpi
[2009/09/27 20:51:30 | 00,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2009/09/27 20:46:45 | 00,021,560 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/09/27 19:58:53 | 00,143,075 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\****.JPG
[2009/09/27 19:53:34 | 00,001,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Belarc Advisor.lnk
[2009/09/27 19:25:01 | 00,061,573 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\error.JPG
[2009/09/27 12:11:31 | 00,050,572 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\me.jpg
[2009/09/27 12:11:31 | 00,050,572 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Jewel Rock.jpg
[2009/09/27 12:11:31 | 00,050,572 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\julianne.jpg
[2009/09/27 11:45:39 | 00,000,362 | -H-- | M] () -- C:\IPH.PH
[2009/09/27 11:41:39 | 00,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/09/27 08:15:36 | 00,132,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/09/25 18:36:58 | 00,324,710 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My first book.pdf
[2009/09/25 18:27:31 | 00,083,565 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My first book.odt
[2009/09/25 16:03:29 | 00,083,469 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\PARAMOUR ..odt
[2009/09/25 15:16:07 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/09/24 11:58:44 | 02,460,672 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/09/24 11:58:44 | 01,351,680 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/09/24 11:57:22 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/09/24 08:49:51 | 00,000,021 | ---- | M] () -- C:\txlog.xml
[2009/09/21 16:48:04 | 00,012,944 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Query.odt
[2009/09/20 20:06:12 | 00,081,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Untitled 1.odt
[2009/09/20 20:06:10 | 00,000,150 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\.~lock.Untitled 1.odt#
[2009/09/20 20:06:00 | 00,081,544 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Irisetta and Valarion.odt
[2009/09/19 13:58:49 | 00,430,398 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\My first book.rtf
[2009/09/19 10:40:54 | 00,001,724 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CodeStuff Starter.lnk
[2009/09/18 20:01:11 | 00,000,905 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.1.lnk
[2009/09/18 09:43:32 | 00,000,812 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk

========== LOP Check ==========

[2009/09/27 19:16:37 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/27 11:41:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/09/27 19:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/09/10 03:19:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NetZero DSL
[2009/02/21 20:24:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/09/27 18:51:11 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data
[2009/09/27 11:45:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2009/09/02 10:32:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2009/09/18 21:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenOffice.org
[2009/09/11 21:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/09/27 19:11:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Uniblue
[2009/02/17 14:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Watchtower
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/09/25 15:16:07 | 00,000,436 | ---- | M] () -- C:\WINDOWS\Tasks\EasyShare Registration Task.job
[2009/09/30 20:52:07 | 00,000,926 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003Core.job
[2009/09/30 21:52:00 | 00,000,978 | ---- | M] () -- C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003UA.job
[2009/09/30 07:43:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/09/30 09:40:45 | 00,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A1960232-1F44-4A00-A2D1-EDB898ED6FAA}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >

jewelianne · 2009/09/30

OTL Extras logfile created on: 9/30/2009 10:11:22 PM - Run 1
OTL by OldTimer - Version 3.0.17.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

383.48 Mb Total Physical Memory | 156.05 Mb Available Physical Memory | 40.69% Memory free
922.21 Mb Paging File | 472.23 Mb Available in Paging File | 51.21% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76.32 Gb Total Space | 64.60 Gb Free Space | 84.64% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 484.86 Mb Total Space | 484.86 Mb Free Space | 100.00% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER1-CCD5E22C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\Program Files\SightSpeed\SightSpeed.exe" = C:\Program Files\SightSpeed\SightSpeed.exe:*:Enabled:SightSpeed -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{073F22CE-9A5B-4A40-A604-C7270AC6BF34}" = ESSSONIC
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{608D2A3C-6889-4C11-9B54-A42F45ACBFDB}" = fflink
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7c3aeaa8-8e35-45f3-b6d9-31da59e6db5e}" = Watchtower Library 2007 - English
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE5BFF9C-84D1-4B09-9C20-54633044CB85}" = Watchtower Library 2008 - English
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F22C222C-3CE2-4A4B-A83F-AF4681371ABE}" = kgcbase
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Video FX Utility" = Advanced Video FX Utility
"AIM_7" = AIM 7
"Ask Toolbar_is1" = ZoneAlarm Spy Blocker Toolbar
"a-squared Free_is1" = a-squared Free 4.5
"avast!" = avast! Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CodeStuff Starter" = CodeStuff Starter
"Creative PD0620" = Creative WebCam Instant Driver (1.03.02.0425)
"Creative Photo Manager" = Creative Photo Manager
"Creative WebCam Center" = Creative WebCam Center
"Creative WebCam Instant User's Guide English" = Creative WebCam Instant User's Guide (English)
"Get Yahoo! Messenger" = Get Yahoo! Messenger
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Lexmark 730 Series" = Lexmark 730 Series
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NetZero DSL" = NetZero DSL (remove only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Ultravnc2_is1" = UltraVNC 1.0.5
"WebCam Instant Product Registration" = WebCam Instant Product Registration
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"ZoneAlarm" = ZoneAlarm

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/13/2009 4:23:02 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 4:23:06 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 4:23:07 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 5:05:06 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/13/2009 5:06:47 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/15/2009 11:20:45 AM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/15/2009 11:20:46 AM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/15/2009 11:47:39 AM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 9/20/2009 8:34:42 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1002
Description = Hanging application soffice.bin, version 3.1.9420.500, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 9/20/2009 8:51:43 PM | Computer Name = OWNER1-CCD5E22C | Source = Application Hang | ID = 1001
Description = Fault bucket 1425431979.

[ System Events ]
Error - 9/27/2009 7:15:19 PM | Computer Name = OWNER1-CCD5E22C | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/27/2009 7:15:19 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 9/27/2009 7:15:19 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 9/27/2009 7:15:38 PM | Computer Name = OWNER1-CCD5E22C | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/27/2009 10:26:43 PM | Computer Name = OWNER1-CCD5E22C | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/27/2009 10:26:53 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 9/27/2009 10:26:53 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

Error - 9/27/2009 10:27:09 PM | Computer Name = OWNER1-CCD5E22C | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service lxcf_device
with arguments " " in order to run the server: {323CE21C-A448-40AA-BA74-7FCF1E44106F}

Error - 9/27/2009 10:27:09 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxcf_device service to
connect.

Error - 9/27/2009 10:27:09 PM | Computer Name = OWNER1-CCD5E22C | Source = Service Control Manager | ID = 7000
Description = The lxcf_device service failed to start due to the following error:
%%1053

< End of report >

broni · 2009/09/30

383.48 Mb Total Physical Memory
Click to expand...

You have very little amount of RAM.
Upgrading RAM to at least 512MB (1GB preferable) would help a lot.

You're running two AV programs: Avast and Norton.
One of them has to go.
Before you do anything, I need to know, which one you want to keep.

There are also AVG leftovers.

jewelianne · 2009/10/01

When I was given this computer I was told that the Hard Drive was wiped clean. The operatinig system was reinstalled before I got it.
(I was given the Operating System disc but when I ran it it states that it is an older version than what I have installed.)

Norton was already installed when I got it as well. I ran the built in Uninstaller and it no longer appeared so I assumed it
was gone. So then I installed the Avast. I would like to keep Avast.

I have no idea regarding the AVG, it was installed I assume by the previous owner and it is not visible to me.

Unfortunately, I was unaware that the Firewall was not active for a few weeks untill I installed ZoneAlarm.

I don't want to seem overly concerned, but my CPU usage runs a 100% only when I am on the internet and then the computer crashes. The frequency of
crashes is increasing.

I am also concerned that I have lost my desktop. The Icons and shortcuts are still there but I have instead of my background pictures a "Active Desktop Recovery"
notification with instructions on how to recover. However, this appeared after a major crash after installing A-squared. Inspite of following the instructions listed, (and uninstalling A-squared) I cannot recover.
I am not sure if this is relevent to the crash issue I am having but I thought you should be aware of it just in case.

p.s. I plan on getting more RAM shortly.

broni · 2009/10/01

Thank you for all the info
The more I know, the better

When I was given this computer I was told that the Hard Drive was wiped clean.
Click to expand...

You're talking about your hard drive space, but I'm concerned about your RAM, which is computer memory. It's low. It's not crucial at this moment, so we can discuss it later.

I was given the Operating System disc but when I ran it it states that it is an older version than what I have installed
Click to expand...

Your CD is most likely OK. The above message appears, when you try to run Windows setup from within Windows. To use that CD for whatever reason, you have to boot from it.

We'll try to sort your security programs issues out.

Download and run Norton Removal Tool: http://service1.symantec.com/Support/tsgeninfo.nsf/docid/2005033108162039

When done....

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Download HijackThis Installer
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!

NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator

jewelianne · 2009/10/02

ComboFix 09-10-01.01 - Owner 10/02/2009 10:05.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.178 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1351 [VPS 091001-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://download.yimg.com
.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-01 20:25 . 2009-10-01 20:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\windows\Sun
2009-09-28 00:47 . 2009-10-02 11:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-09-28 00:47 . 2009-09-28 00:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2009-09-28 00:46 . 2009-09-28 00:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2009-09-27 23:53 . 2009-09-27 23:53 -------- d-----w- c:\program files\Belarc
2009-09-27 23:53 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-09-27 22:54 . 2009-09-27 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-27 22:51 . 2009-09-27 23:11 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AIM
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AOL
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\AIM
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\Common Files\AOL
2009-09-26 19:45 . 2009-09-26 19:45 -------- d-----w- c:\program files\MSECache
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-09-22 16:42 . 2009-09-22 16:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-19 14:40 . 2009-09-19 14:40 -------- d-----w- c:\program files\CodeStuff
2009-09-19 01:32 . 2009-09-19 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-09-18 23:59 . 2009-09-18 23:59 -------- d-----w- c:\program files\JRE
2009-09-18 23:59 . 2009-09-18 23:59 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-18 23:58 . 2009-09-18 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-18 23:58 . 2009-09-18 23:58 -------- d-----w- c:\program files\Java
2009-09-18 13:46 . 2009-09-18 13:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-09-18 13:44 . 2009-09-18 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-18 13:44 . 2009-09-18 13:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-09-18 13:43 . 2009-09-18 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-18 13:42 . 2009-09-18 13:45 -------- d-----w- c:\program files\Yahoo!
2009-09-16 13:20 . 2001-08-17 16:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2009-09-16 13:20 . 2001-08-17 16:13 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2009-09-16 13:20 . 2001-08-17 17:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2009-09-16 13:20 . 2001-08-17 17:28 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2009-09-16 13:20 . 2001-08-17 16:13 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2009-09-16 13:20 . 2001-08-17 16:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2009-09-16 13:20 . 2001-08-17 16:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2009-09-16 13:20 . 2001-08-18 02:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2009-09-16 13:20 . 2001-08-17 16:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2009-09-16 13:20 . 2008-04-13 23:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2009-09-16 13:18 . 2001-08-18 02:36 29696 -c--a-w- c:\windows\system32\dllcache\brmflpt.dll
2009-09-16 13:17 . 2001-08-17 16:49 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys
2009-09-16 13:06 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-09-16 13:05 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-09-13 20:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-13 20:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-13 20:08 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-13 20:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-13 20:08 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-13 20:08 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-13 20:08 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-13 20:08 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-13 20:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 20:07 . 2009-09-13 20:07 -------- d-----w- c:\program files\Alwil Software
2009-09-13 19:30 . 2009-09-13 19:31 -------- d-----w- c:\program files\AskBarDis
2009-09-13 19:24 . 2009-09-13 19:24 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-13 19:23 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-13 19:23 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-13 19:21 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-13 19:21 . 2009-09-13 19:24 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-13 19:21 . 2009-09-13 19:21 -------- d-----w- c:\program files\Zone Labs
2009-09-13 19:17 . 2009-10-02 14:26 -------- d-----w- c:\windows\Internet Logs
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\program files\MSBuild
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\program files\Reference Assemblies
2009-09-13 14:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-13 14:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-13 14:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-13 14:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-13 14:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-13 14:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-13 14:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-13 14:59 . 2009-09-13 15:00 -------- d-----w- C:\8e4244726c998ee659f851e2412065
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-13 01:45 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 01:45 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2009-09-11 19:46 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-09-11 19:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-09-11 19:46 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-09-11 19:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-09-10 07:00 . 2009-09-10 07:01 -------- d-----w- c:\windows\ie8updates
2009-09-10 00:54 . 2009-09-10 00:54 -------- d-----w- c:\program files\Google
2009-09-10 00:39 . 2009-09-10 00:39 -------- d--h--w- c:\windows\PIF
2009-09-10 00:31 . 2009-09-10 00:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-10 00:21 . 2009-10-02 13:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-09 23:58 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-09 23:58 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-09 14:32 . 2009-09-09 14:32 -------- d-----w- c:\program files\NetZero DSL
2009-09-09 14:32 . 2009-09-10 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NetZero DSL
2009-09-08 18:53 . 2009-09-08 18:53 -------- d-----w- C:\users
2009-09-08 18:11 . 2009-09-08 18:11 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-09-08 18:08 . 2009-09-08 18:08 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-09-08 18:02 . 2009-09-08 18:04 -------- dc-h--w- c:\windows\ie8
2009-09-02 14:32 . 2009-09-02 14:32 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 11:36 . 2009-02-21 20:27 -------- d-----w- c:\program files\Lx_cats
2009-09-28 00:46 . 2009-02-17 18:03 21560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 11:22 . 2009-02-03 11:08 -------- d-----w- c:\program files\UltraVNC
2009-09-13 19:48 . 2009-02-03 11:09 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-09-13 01:37 . 2009-02-22 00:23 -------- d-----w- c:\program files\The Learning Company
2009-09-11 19:58 . 2009-02-25 19:19 -------- d-----w- c:\program files\Common Files\Kodak
2009-09-03 12:55 . 2009-09-02 14:19 -------- d-----w- c:\program files\Common Files\Verizon Online
2009-09-02 16:26 . 2009-02-03 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 07:00 . 2009-09-02 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-08-25 19:12 . 2009-08-25 19:05 -------- d-----w- c:\program files\Creative
2009-08-25 19:10 . 2009-08-25 19:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Creative
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"LXCFCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"NetZeroDSL "= "c:\program files\NetZero DSL\ConnectionCenter.exe" [2007-09-17 1095152]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]
"PD0620 STISvc "= "P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-3 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\AIM\\aim.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP "= 5900:TCP:vnc5900
"5800:TCP "= 5800:TCP:vnc5800

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/13/2009 4:08 PM 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/13/2009 3:30 PM 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2009 4:08 PM 20560]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [2/3/2009 7:08 AM 1519168]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 00:47]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 00:47]

2009-10-01 c:\windows\Tasks\User_Feed_Synchronization-{A1960232-1F44-4A00-A2D1-EDB898ED6FAA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
Trusted Zone: aol.com\free
.
- - - - ORPHANS REMOVED - - - -

BHO-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Ultravnc2_is1 - c:\program files\UltraVNC\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 10:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2009-10-02 10:34
ComboFix-quarantined-files.txt 2009-10-02 14:34

Pre-Run: 69,262,442,496 bytes free
Post-Run: 69,756,944,384 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

251 --- E O F --- 2009-09-27 02:50

jewelianne · 2009/10/02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:32 AM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6405 bytes

jewelianne · 2009/10/02

I am happy to also add that after running ComboFix my active desktop has been restored.

broni · 2009/10/02

Very well

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::

Folder::
c:\documents and settings\Owner\Application Data\Uniblue
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\avg8


Driver::

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

jewelianne · 2009/10/02

ComboFix 09-10-01.05 - Owner 10/02/2009 14:33.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.383.165 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1351 [VPS 091001-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\avg8
c:\documents and settings\Owner\Application Data\Uniblue
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-02 to 2009-10-02 )))))))))))))))))))))))))))))))
.

2009-10-01 20:25 . 2009-10-01 20:25 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-09-29 17:44 . 2009-09-29 17:44 -------- d-----w- c:\windows\Sun
2009-09-28 00:47 . 2009-10-02 11:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2009-09-28 00:47 . 2009-09-28 00:50 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google
2009-09-28 00:46 . 2009-09-28 00:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Deployment
2009-09-27 23:53 . 2009-09-27 23:53 -------- d-----w- c:\program files\Belarc
2009-09-27 23:53 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-09-27 22:54 . 2009-09-27 23:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AIM
2009-09-27 15:45 . 2009-09-27 15:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AOL
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\AIM
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-09-27 15:41 . 2009-09-27 15:41 -------- d-----w- c:\program files\Common Files\AOL
2009-09-26 19:45 . 2009-09-26 19:45 -------- d-----w- c:\program files\MSECache
2009-09-25 15:27 . 2009-09-25 15:27 -------- d-sh--w- c:\documents and settings\Owner\IECompatCache
2009-09-22 16:42 . 2009-09-22 16:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2009-09-19 14:40 . 2009-09-19 14:40 -------- d-----w- c:\program files\CodeStuff
2009-09-19 01:32 . 2009-09-19 01:32 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org
2009-09-18 23:59 . 2009-09-18 23:59 -------- d-----w- c:\program files\JRE
2009-09-18 23:59 . 2009-09-18 23:59 -------- d-----w- c:\program files\OpenOffice.org 3
2009-09-18 23:58 . 2009-09-18 23:58 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-18 23:58 . 2009-09-18 23:58 -------- d-----w- c:\program files\Java
2009-09-18 13:46 . 2009-09-18 13:46 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Yahoo
2009-09-18 13:44 . 2009-09-18 13:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-18 13:44 . 2009-09-18 13:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Yahoo!
2009-09-18 13:43 . 2009-09-18 13:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-09-18 13:42 . 2009-09-18 13:45 -------- d-----w- c:\program files\Yahoo!
2009-09-16 13:20 . 2001-08-17 16:13 27164 -c--a-w- c:\windows\system32\dllcache\ce3n5.sys
2009-09-16 13:20 . 2001-08-17 16:13 21530 -c--a-w- c:\windows\system32\dllcache\ce2n5.sys
2009-09-16 13:20 . 2001-08-17 17:52 7680 -c--a-w- c:\windows\system32\dllcache\cd20xrnt.sys
2009-09-16 13:20 . 2001-08-17 17:28 714698 -c--a-w- c:\windows\system32\dllcache\cbmdmkxx.sys
2009-09-16 13:20 . 2001-08-17 16:13 46108 -c--a-w- c:\windows\system32\dllcache\cben5.sys
2009-09-16 13:20 . 2001-08-17 16:12 39680 -c--a-w- c:\windows\system32\dllcache\cb325.sys
2009-09-16 13:20 . 2001-08-17 16:12 37916 -c--a-w- c:\windows\system32\dllcache\cb102.sys
2009-09-16 13:20 . 2001-08-18 02:36 32256 -c--a-w- c:\windows\system32\dllcache\diapi2NT.dll
2009-09-16 13:20 . 2001-08-17 16:13 164923 -c--a-w- c:\windows\system32\dllcache\diapi2.sys
2009-09-16 13:20 . 2008-04-13 23:11 121856 -c--a-w- c:\windows\system32\dllcache\camext30.dll
2009-09-16 13:18 . 2001-08-18 02:36 29696 -c--a-w- c:\windows\system32\dllcache\brmflpt.dll
2009-09-16 13:17 . 2001-08-17 16:49 46464 -c--a-w- c:\windows\system32\dllcache\atibt829.sys
2009-09-16 13:06 . 2001-08-17 18:07 101888 -c--a-w- c:\windows\system32\dllcache\adpu160m.sys
2009-09-16 13:05 . 2001-08-17 18:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2009-09-13 20:08 . 2009-08-17 16:04 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-09-13 20:08 . 2009-08-17 16:04 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-09-13 20:08 . 2009-08-17 16:03 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-09-13 20:08 . 2009-08-17 16:02 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-09-13 20:08 . 2009-08-17 16:06 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-09-13 20:08 . 2009-08-17 16:06 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-09-13 20:08 . 2009-08-17 16:05 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-09-13 20:08 . 2009-08-17 16:05 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-09-13 20:07 . 2009-08-17 16:10 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-09-13 20:07 . 2009-09-13 20:07 -------- d-----w- c:\program files\Alwil Software
2009-09-13 19:30 . 2009-09-13 19:31 -------- d-----w- c:\program files\AskBarDis
2009-09-13 19:24 . 2009-09-13 19:24 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-09-13 19:23 . 2009-02-16 04:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-13 19:23 . 2009-02-16 04:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-13 19:21 . 2009-02-16 04:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-09-13 19:21 . 2009-09-13 19:24 -------- d-----w- c:\windows\system32\ZoneLabs
2009-09-13 19:21 . 2009-09-13 19:21 -------- d-----w- c:\program files\Zone Labs
2009-09-13 19:17 . 2009-10-02 18:33 -------- d-----w- c:\windows\Internet Logs
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\windows\system32\XPSViewer
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\program files\MSBuild
2009-09-13 15:01 . 2009-09-13 15:01 -------- d-----w- c:\program files\Reference Assemblies
2009-09-13 14:59 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-09-13 14:59 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-09-13 14:59 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-09-13 14:59 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-09-13 14:59 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-09-13 14:59 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-09-13 14:59 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-09-13 14:59 . 2009-09-13 15:00 -------- d-----w- C:\8e4244726c998ee659f851e2412065
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-09-13 01:45 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-13 01:45 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-13 01:45 . 2009-09-13 01:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 01:29 . 2009-09-12 01:29 -------- d-----w- c:\documents and settings\Owner\Application Data\Skinux
2009-09-11 19:46 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2009-09-11 19:46 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2009-09-11 19:46 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2009-09-11 19:46 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2009-09-10 07:00 . 2009-09-10 07:01 -------- d-----w- c:\windows\ie8updates
2009-09-10 00:54 . 2009-09-10 00:54 -------- d-----w- c:\program files\Google
2009-09-10 00:39 . 2009-09-10 00:39 -------- d--h--w- c:\windows\PIF
2009-09-10 00:31 . 2009-09-10 00:31 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-09 23:58 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-09-09 23:58 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-09-09 14:32 . 2009-09-09 14:32 -------- d-----w- c:\program files\NetZero DSL
2009-09-09 14:32 . 2009-09-10 07:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NetZero DSL
2009-09-08 18:53 . 2009-09-08 18:53 -------- d-----w- C:\users
2009-09-08 18:11 . 2009-09-08 18:11 -------- d-sh--w- c:\documents and settings\Owner\PrivacIE
2009-09-08 18:08 . 2009-09-08 18:08 -------- d-sh--w- c:\documents and settings\Owner\IETldCache
2009-09-08 18:02 . 2009-09-08 18:04 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-02 11:36 . 2009-02-21 20:27 -------- d-----w- c:\program files\Lx_cats
2009-09-28 00:46 . 2009-02-17 18:03 21560 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-14 11:22 . 2009-02-03 11:08 -------- d-----w- c:\program files\UltraVNC
2009-09-13 01:37 . 2009-02-22 00:23 -------- d-----w- c:\program files\The Learning Company
2009-09-11 19:58 . 2009-02-25 19:19 -------- d-----w- c:\program files\Common Files\Kodak
2009-09-03 12:55 . 2009-09-02 14:19 -------- d-----w- c:\program files\Common Files\Verizon Online
2009-09-02 16:26 . 2009-02-03 11:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-02 14:32 . 2009-09-02 14:32 -------- d-----w- c:\documents and settings\Owner\Application Data\MSNInstaller
2009-09-02 07:00 . 2009-09-02 07:00 -------- d-----w- c:\program files\MSXML 4.0
2009-08-25 19:12 . 2009-08-25 19:05 -------- d-----w- c:\program files\Creative
2009-08-25 19:10 . 2009-08-25 19:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Creative
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2004-08-04 12:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-10-16 22:22 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98} "= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update "= "c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-28 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG "= "c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"LXCFCATS "= "c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"NetZeroDSL "= "c:\program files\NetZero DSL\ConnectionCenter.exe" [2007-09-17 1095152]
"ZoneAlarm Client "= "c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-09-18 149280]
"SoundMan "= "SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-12-01 77824]
"PD0620 STISvc "= "P0620Pin.dll" - c:\windows\system32\P0620Pin.dll [2005-05-10 36864]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - c:\windows\system32\sistray.exe [2009-2-3 331776]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring "=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe "=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=
"c:\\Program Files\\AIM\\aim.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5900:TCP "= 5900:TCP:vnc5900
"5800:TCP "= 5800:TCP:vnc5800

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/13/2009 4:08 PM 114768]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [9/13/2009 3:30 PM 464264]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/13/2009 4:08 PM 20560]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [2/3/2009 7:08 AM 1519168]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll ",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003Core.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 00:47]

2009-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1972579041-839522115-1003UA.job
- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-28 00:47]

2009-10-02 c:\windows\Tasks\User_Feed_Synchronization-{A1960232-1F44-4A00-A2D1-EDB898ED6FAA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/?src=aim
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
Trusted Zone: aol.com\free
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-02 15:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@= "FlashBroker "
"LocalizedString "= "@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101 "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled "=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@= "c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe "

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@= "IFlashBroker3 "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@= "{00020424-0000-0000-C000-000000000046} "

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@= "{FAB3E735-69C7-453B-A446-B6823C6DF1C9} "
"Version "= "1.0 "
.
Completion time: 2009-10-02 15:09
ComboFix-quarantined-files.txt 2009-10-02 19:09
ComboFix2.txt 2009-10-02 14:34

Pre-Run: 69,719,846,912 bytes free
Post-Run: 69,853,843,456 bytes free

235 --- E O F --- 2009-09-27 02:50

jewelianne · 2009/10/02

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:17:14 PM, on 10/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5973 bytes

broni · 2009/10/02

Uninstall Combofix:
Go Start > Run
Type in:
combofix /u
Note the space between the "combofix" and the "/u "
Restart computer.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Scan to run express scan. Click OK in pop-up window to allow scan.

This will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it. This is only a short scan.

Once the short scan has finished, select Complete scan.

Click the green arrow at the right, and the scan will start.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, in the menu, click File and choose Save report list

Save the report to your desktop. The report will be called DrWeb.csv

Close Dr.Web Cureit.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Copy and paste that log in the next reply. You can use Notepad to open the DrWeb.cvs report.

NOTE. During the scan, pop-up window will open asking for full version purchase. Simply close the window by clicking on X in upper right corner.

Post fresh HijackThis log as well.

jewelianne · 2009/10/03

I can't post a DrWeb Curit log because when I clicked file the 'Save Report List' was greyed out. However, nothing popped up to ask me to cure/move anything. It did state that no viruses had been found.
I would like to add something that concerns me that I forgot to mention. When I start or shutdown my computer there is a rectangular box that pops up briefly with a red circle and an X in the center and it says WinVNC Error "No password has been set & this machine has been preconfigured to prevent users from setting their own. You must contact a System Administrator to configure WinVNC properly. "
Since I have gotten my Desktop back Thank you, my icons and background behave oddly in the sense that, they frequently disappear for a fraction of a second (as if refreshing themselves) and then reappear.
I am including the HijackThis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:10:33 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\sistray.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: uvnc_service - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 6371 bytes

broni · 2009/10/03

Please, uninstall AskBarDis through Add\Remove.

==================================================================

Do you use WinVNC?

=================================================================

Print this post out, since you won't have an access to it, at some point.

1. Open HijackThis.

2. Close all windows, except for HijackThis.

3. Put checkmarks next to the following HijackThis entries:

- O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE

4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):

- O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
- O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
- O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
- O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

5. Click on Fix checked button.

6. Restart computer.

7. Post new HijackThis log.

jewelianne · 2009/10/03

I do not use WinVNC. I do not even know what it is and I am not able to locate it.

broni · 2009/10/03

Run all instructions from my previous post, then...

Go Start>Run, type in:
services.msc
Click OK.

In services window, find:
uvnc_service (it may be listed as UltraVNC)
Right click on it, click "Properties ".
Under "Startup type ", select "Disable" from drop-down menu.
OK your way out.

Restart computer and post fresh HJT log.

jewelianne · 2009/10/03

I went to Add/Remove programs and looked for AskBarDis and it was not there.
After restarting my computer I was happy to see the WinVNC error is gone. Thank you

Here is my HijackThis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:01 PM, on 10/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\NetZero DSL\ConnectionCenter.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.net/s/search?action=minisearch&source=minisearch_dsl&mn=86998934
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NetZero DSL\SearchEnh1.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Pop-up Blocker - {4224FF33-C2EB-4039-B8C8-6EED565B9D96} - C:\Program Files\NetZero DSL\PopupBlocker.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: NetZero DSL - {8E613EAF-E16E-415C-BD39-F71D6A3B5518} - C:\Program Files\NetZero DSL\Toolbar.dll
O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [PD0620 STISvc] RunDLL32.exe P0620Pin.dll,RunDLL32EP 513
O4 - HKLM\..\Run: [NetZeroDSL] "C:\Program Files\NetZero DSL\ConnectionCenter.exe "
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 5785 bytes

broni · 2009/10/03

Run HJT one more time and checkmark:
- O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
- O3 - Toolbar: ZoneAlarm Spy Blocker Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
Click "Fix checked" button.

Go Start>Run (Vista users - "Start search "), type in:
cmd
Click OK (Vista users - hold CTRL, and SHIFT keys, press Enter).

Command Prompt window will open.
Type in:
sc stop ASKService
Press Enter.
Wait for the service to be stopped.

Type in:
sc delete ASKService
Press Enter.
Wait for confirmation.

Restart computer.

Post fresh HJT log.

Log in or Sign up

Solved Computer shutting down on its own

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Computer shutting down on its own

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

jewelianne Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches