Inactive Error 12029 - problems accessing certain websites/programs

pjschman · 2010/01/31

[Inactive] Error 12029 - problems accessing certain websites/programs

Hello,

I have been having trouble with my computer lately. Certain programs that were working are no longer working, and I can't access certain websites (most often secure websites). I ran the Windows Network Diagnostics and saw that error #12029 was coming up; a Google search led me to a post on your website. I tried a number of the fixes suggested on your site and others (rebooting router, LAN settings etc.). I have also ran several additional antivirus and antimalware programs. None of those have fixed the problem, so I ran the DDS tool and am posting my results here. Any assistance you can provide would be greatly appreciated!

Here are the log results ... first the DDS log and then the Attach log.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Paul Schmanski at 11:27:13.67 on Sun 01/31/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.145 [GMT -6:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning enabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Paul Schmanski\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe "
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_1_0
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe "
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Search Protection] "c:\program files\yahoo!\search protection\SearchProtection.exe "
uRun: [EPSON Stylus CX8400 Series] "c:\windows\system32\spool\drivers\w32x86\3\e_faticea.exe" /fu "c:\windows\temp\E_S2DA.tmp" /EF "HKCU "
uRun: [AutoStartNPSAgent] "c:\program files\samsung\samsung new pc studio\NPSAgent.exe "
uRun: [Google Update] "c:\documents and settings\paul schmanski\local settings\application data\google\update\GoogleUpdate.exe" /c
uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockw~1\SWHELP~1.EXE" -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" - "http://www.nickjr.com/playtime/cats/games/music/blue_instruments.jhtml "
mRun: [ehTray] "c:\windows\ehome\ehtray.exe "
mRun: [LaunchApp] "Alaunch "
mRun: [NvCplDaemon] "RUNDLL32.EXE" c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] "nwiz.exe" /install
mRun: [RTHDCPL] "RTHDCPL.EXE "
mRun: [SkyTel] "SkyTel.EXE "
mRun: [Alcmtr] "ALCMTR.EXE "
mRun: [ntiMUI] "c:\program files\newtech infosystems\nti cd & dvd-maker 7\ntiMUI.exe "
mRun: [<NO NAME>]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] "c:\windows\ime\imkr6_1\IMEKRMIG.EXE "
mRun: [MSPY2002] "c:\windows\system32\ime\pintlgnt\ImScInst.exe" /SYNC
mRun: [PHIME2002ASync] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /SYNC
mRun: [PHIME2002A] "c:\windows\system32\ime\tintlgnt\TINTSETP.EXE" /IMEName
mRun: [NvMediaCenter] "RUNDLL32.EXE" c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acer Empowering Technology Monitor] "c:\windows\system32\SysMonitor.exe "
mRun: [eDataSecurity Loader] "c:\acer\empowering technology\edatasecurity\eDSloader.exe" 0
mRun: [eRecoveryService] "c:\acer\empowering technology\erecovery\eRAgent.exe "
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe "
mRun: [PC Pitstop Optimize Scheduler] "c:\program files\pcpitstop\optimize\PCPOptimize.exe" -boot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [NPSStartup]
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
mRun: [MsmqIntCert] "regsvr32" /s mqrt.dll
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
StartupFolder: c:\docume~1\paulsc~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerem~1.lnk - c:\acer\empowering technology\Acer.Empowering.Framework.Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acerwl~1.lnk - c:\program files\acer wlan 11g usb dongle\ZDWlan.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} - hxxp://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://www.evite.com/html/imageUpload/ImageUploader5.cab
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} -
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - hxxp://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.dotphoto.com/ImageUploader4.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-1-22 64288]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-2-25 29808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-5-8 233472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-12-2 1181328]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-4-3 1201640]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-5-8 36608]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]

=============== Created Last 30 ================

2010-01-31 13:56:11 0 d-----w- c:\program files\common files\PC Tools
2010-01-30 13:32:41 0 d-----w- c:\docume~1\paulsc~1\applic~1\Malwarebytes
2010-01-30 13:32:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 13:32:11 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-30 13:32:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 13:32:02 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 13:10:05 0 d-----w- c:\program files\Secunia
2010-01-23 15:03:43 0 d-----w- c:\windows\IIS Temporary Compressed Files
2010-01-23 15:01:54 0 d-----w- c:\windows\system32\Cache
2010-01-23 14:59:59 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2010-01-23 14:59:59 43520 ----a-w- c:\windows\system32\fcachdll.dll
2010-01-23 14:59:20 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-01-23 14:59:11 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-01-23 14:59:11 5632 ----a-w- c:\windows\system32\adsiisex.dll
2010-01-23 14:55:59 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-23 06:28:23 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-23 04:13:43 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-01-23 03:49:17 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
2010-01-23 03:48:02 0 d-----w- c:\program files\Lavasoft
2010-01-22 12:03:08 0 d-----w- c:\program files\Bodog Poker
2010-01-18 04:03:32 0 d-----w- c:\program files\DeductionPro 2009
2010-01-18 03:59:52 0 d-----w- c:\program files\HRBlock2009
2010-01-13 05:14:28 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

==================== Find3M ====================

2010-01-31 13:04:54 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-01-31 13:04:49 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-24 18:45:10 69 ----a-w- c:\documents and settings\paul schmanski\jagex_runescape_preferences2.dat
2009-12-24 18:37:39 39 ----a-w- c:\documents and settings\paul schmanski\jagex_runescape_preferences.dat
2009-11-06 21:19:42 1563008 ----a-w- c:\windows\WRSetup.dll
2006-12-02 23:18:02 251 ----a-w- c:\program files\wt3d.ini
2009-10-15 08:46:57 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat
2008-09-06 13:30:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090620080907\index.dat

============= FINISH: 11:28:02.17 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2006 3:04:38 PM
System Uptime: 1/31/2010 7:04:25 AM (4 hours ago)

Motherboard: Acer | | EM61SM/EM61PM
Processor: AMD Athlon(tm) 64 Processor 3500+ | Socket M2 | 1789/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 71 GiB total, 22.416 GiB free.
D: is FIXED (FAT32) - 72 GiB total, 2.105 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
K: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP520: 11/2/2009 6:48:18 PM - System Checkpoint
RP521: 11/3/2009 7:33:38 PM - System Checkpoint
RP522: 11/4/2009 7:15:37 PM - Installed Java(TM) 6 Update 17
RP523: 11/5/2009 4:00:29 AM - Software Distribution Service 3.0
RP524: 11/6/2009 4:59:42 AM - System Checkpoint
RP525: 11/7/2009 5:27:05 AM - System Checkpoint
RP526: 11/8/2009 5:27:02 AM - System Checkpoint
RP527: 11/9/2009 8:00:52 PM - System Checkpoint
RP528: 11/10/2009 8:21:53 PM - System Checkpoint
RP529: 11/10/2009 11:09:29 PM - Software Distribution Service 3.0
RP530: 11/12/2009 5:35:55 PM - System Checkpoint
RP531: 11/13/2009 7:25:18 PM - System Checkpoint
RP532: 11/14/2009 8:47:13 PM - System Checkpoint
RP533: 11/15/2009 9:13:00 PM - System Checkpoint
RP534: 11/17/2009 8:55:24 PM - System Checkpoint
RP535: 11/18/2009 9:38:34 PM - System Checkpoint
RP536: 11/19/2009 10:05:23 PM - System Checkpoint
RP537: 11/20/2009 11:52:45 PM - System Checkpoint
RP538: 11/22/2009 7:50:44 AM - System Checkpoint
RP539: 11/23/2009 3:10:41 PM - System Checkpoint
RP540: 11/24/2009 7:57:38 PM - System Checkpoint
RP541: 11/24/2009 10:26:21 PM - Software Distribution Service 3.0
RP542: 11/25/2009 10:49:15 PM - System Checkpoint
RP543: 11/26/2009 11:48:57 PM - System Checkpoint
RP544: 11/28/2009 12:48:56 AM - System Checkpoint
RP545: 11/29/2009 12:50:30 AM - System Checkpoint
RP546: 11/30/2009 5:24:44 PM - System Checkpoint
RP547: 12/1/2009 8:45:09 PM - System Checkpoint
RP548: 12/3/2009 6:59:07 PM - System Checkpoint
RP549: 12/4/2009 8:15:31 PM - System Checkpoint
RP550: 12/5/2009 9:15:05 PM - System Checkpoint
RP551: 12/6/2009 10:15:06 PM - System Checkpoint
RP552: 12/7/2009 10:22:47 PM - System Checkpoint
RP553: 12/8/2009 10:57:48 PM - System Checkpoint
RP554: 12/9/2009 3:00:31 AM - Software Distribution Service 3.0
RP555: 12/10/2009 3:04:02 AM - System Checkpoint
RP556: 12/11/2009 3:54:44 AM - System Checkpoint
RP557: 12/12/2009 4:12:38 AM - System Checkpoint
RP558: 12/13/2009 5:12:41 AM - System Checkpoint
RP559: 12/15/2009 12:31:17 AM - System Checkpoint
RP560: 12/16/2009 1:12:36 AM - System Checkpoint
RP561: 12/17/2009 1:51:58 AM - System Checkpoint
RP562: 12/18/2009 2:47:08 AM - System Checkpoint
RP563: 12/19/2009 8:31:34 AM - System Checkpoint
RP564: 12/20/2009 8:42:13 AM - System Checkpoint
RP565: 12/21/2009 6:36:07 PM - System Checkpoint
RP566: 12/23/2009 10:43:46 PM - System Checkpoint
RP567: 12/24/2009 11:29:33 PM - System Checkpoint
RP568: 12/26/2009 12:29:36 AM - System Checkpoint
RP569: 12/27/2009 1:29:28 AM - System Checkpoint
RP570: 12/28/2009 2:29:30 AM - System Checkpoint
RP571: 12/29/2009 6:54:45 AM - System Checkpoint
RP572: 12/30/2009 7:08:29 PM - System Checkpoint
RP573: 12/31/2009 7:57:26 PM - System Checkpoint
RP574: 1/1/2010 8:01:52 PM - System Checkpoint
RP575: 1/2/2010 9:01:50 PM - System Checkpoint
RP576: 1/5/2010 9:24:32 PM - System Checkpoint
RP577: 1/7/2010 9:37:35 AM - System Checkpoint
RP578: 1/8/2010 7:22:13 PM - System Checkpoint
RP579: 1/9/2010 7:54:27 PM - System Checkpoint
RP580: 1/10/2010 8:21:35 PM - System Checkpoint
RP581: 1/11/2010 8:53:15 PM - System Checkpoint
RP582: 1/12/2010 10:05:57 PM - System Checkpoint
RP583: 1/13/2010 3:00:29 AM - Software Distribution Service 3.0
RP584: 1/14/2010 8:23:20 PM - System Checkpoint
RP585: 1/15/2010 9:42:26 PM - System Checkpoint
RP586: 1/16/2010 10:21:14 PM - System Checkpoint
RP587: 1/17/2010 9:59:43 PM - Installed H&R Block Deluxe + Efile + State 2009.
RP588: 1/17/2010 10:03:29 PM - Installed DeductionPro 2009
RP589: 1/18/2010 11:08:29 PM - System Checkpoint
RP590: 1/20/2010 6:56:43 AM - System Checkpoint
RP591: 1/20/2010 6:34:12 PM - Removed ooVoo
RP592: 1/21/2010 7:50:28 PM - System Checkpoint
RP593: 1/22/2010 11:32:25 PM - System Checkpoint
RP594: 1/23/2010 8:46:50 AM - Removed Bonjour
RP595: 1/23/2010 8:50:49 AM - Removed MSN Toolbar
RP596: 1/23/2010 8:52:22 AM - Removed muvee Plugin 1.0
RP597: 1/24/2010 8:57:53 AM - System Checkpoint
RP598: 1/25/2010 7:28:28 PM - System Checkpoint
RP599: 1/26/2010 7:58:19 PM - System Checkpoint
RP600: 1/28/2010 8:40:22 PM - System Checkpoint
RP601: 1/29/2010 8:51:01 PM - System Checkpoint
RP602: 1/31/2010 8:43:12 AM - System Checkpoint

==== Installed Programs ======================

3D Groove Playback Engine
3DVIA Player 4.1
3ivx MPEG-4 5.0.3 (remove only)
Acer eDataSecurity Management
Acer eDataSecurity Management 2.0.3077
Acer Empowering Technology
Acer ePerformance Management
Acer WLAN 11g USB Dongle
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.2
Adobe Shockwave Player 11.5
Amazon MP3 Downloader 1.0.5
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Audacity 1.2.6
BetUS Poker
Bodog Poker
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon PIXMA iP4000
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Easy-PhotoPrint
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
Choice Guard
commercial
Critical Update for Windows Media Player 11 (KB959772)
DeductionPro 2008
DeductionPro 2009
DV Network Software
Easy-WebPrint
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ESPN Version 2.0.7.19
FlipShare
Free Mp3 Wma Converter V 1.81
Full Tilt Poker
Google Talk Plugin
Google Toolbar for Internet Explorer
H&R Block Deluxe + Efile + State 2009
Hauppauge WinTV-PVR 150 Drivers
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
iTunes
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 17
Java(TM) 6 Update 5
Java(TM) 6 Update 7
LAME v3.98.2 for Audacity
LightScribe 1.4.74.1
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MovieEdit Task
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
NTI Backup NOW! 4
NTI CD & DVD-Maker
NVIDIA Drivers
OCA Client history tool install
Odds Maker
PC Connectivity Solution
PC Pitstop Optimize 1.5
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
PhotoStitch
Poker Wingman
PokerStars
PowerDVD
QuickTime
RAW Image Task
Realtek High Definition Audio Driver
RemoteCapture Task 1.1
Safari
SAMSUNG Mobile Composite Device Software
Samsung Mobile phone USB driver Software
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung New PC Studio
SamsungConnectivityCableDriver
Secunia PSI
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Segoe UI
Sonic Encoders
SpadeClub Poker
Spelling Dictionaries Support For Adobe Reader 9
Spy Sweeper Core
TaxCut Premium + Efile 2008
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Outlook 2007 Junk Email Filter (kb977839)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webroot AntiVirus with Spy Sweeper
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Driver Package - AMD System (04/06/2006 1.0.1.0)
Windows Driver Package - MobileTop (sshpmdm) Modem (02/23/2007 2.5.0.0)
Windows Driver Package - MobileTop (sshpusb) USB (02/23/2007 2.5.0.0)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Messenger 5.1
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/25/2010 6:31:22 AM, error: ssidrv [26] - Failed to set monitor event rule.

==== End Of File ===========================

broni · 2010/01/31

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

STEP 1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Click Scan your Computer... button.
* Click Scanning Preferences/Control Center... button.
* Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.

Terminate memory threats before quarantining.

* Click the Close button to leave the control center screen.
* On the left, make sure you check C:\Fixed Drive.
* On the right, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.

Click Preferences, then click the Statistics/Logs tab.

Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.

Please copy and paste the Scan Log results in your next reply.

* Click Close to exit the program.
Post SUPERAntiSpyware log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

STEP 4. Download HijackThis:
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackThis log.
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Do NOT attempt to "fix" anything!

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

pjschman · 2010/01/31

Log from SUPERAntiSpyware. Others will be posted as run, in accordance with the post above ...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/31/2010 at 09:57 PM

Application Version : 4.33.1000

Core Rules Database Version : 4542
Trace Rules Database Version: 2354

Scan type : Complete Scan
Total Scan Time : 02:45:46

Memory items scanned : 250
Memory threats detected : 0
Registry items scanned : 6786
Registry threats detected : 0
File items scanned : 124279
File threats detected : 1

Adware.Vundo/Variant-MSFake
D:\DATA FILES\PROGRAM INSTALLATION FILES\POKER.COM\ATL98.DLL

pjschman · 2010/02/01

Log from MBAM:

Malwarebytes' Anti-Malware 1.44
Database version: 3662
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

2/1/2010 6:10:59 AM
mbam-log-2010-02-01 (06-10-58).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 283352
Time elapsed: 1 hour(s), 5 minute(s), 52 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

pjschman · 2010/02/01

Problem here ... I downloaded GMER and tried to install it. After double-clicking on the saved .exe file, the screen went blank and my computer rebooted. This happened twice. I was notified by Windows that I had a "serious error" - this is what was shown when I clicked the log for the error:

BCCode : 19 BCP1 : 00000020 BCP2 : 84317000 BCP3 : 84317828
BCP4 : 1B050000 OSVer : 5_1_2600 SP : 3_0 Product : 256_1

Please advise before I attempt the installation again. Thank you.

broni · 2010/02/01

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

pjschman · 2010/02/02

HijackThis log (before running combofix):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:13:15 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\DOCUME~1\PAULSC~1\LOCALS~1\Temp\Google Toolbar\gtb1C.tmp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_E85CDE7661A53A6A.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Google\Google Toolbar\Component\GoogleUpdateSetup_0002B5AEB6C5B612.exe
C:\WINDOWS\TEMP\GUM38.tmp\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe "
O4 - HKLM\..\Run: [LaunchApp] "Alaunch "
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE "
O4 - HKLM\..\Run: [SkyTel] "SkyTel.EXE "
O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE "
O4 - HKLM\..\Run: [ntiMUI] "c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE "
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\WINDOWS\system32\SysMonitor.exe "
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 0
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll
O4 - HKLM\..\Run: [KernelFaultCheck] "%systemroot%\system32\dumprep" 0 -k
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe "
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_S2DA.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" - "http://www.nickjr.com/playtime/cats/games/music/blue_instruments.jhtml "
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Paul Schmanski\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13350 bytes

pjschman · 2010/02/02

ComboFix was running, made it through "stage 50" or something like that, then my computer suddenly rebooted. I received the "Windows has recovered from a serious error" message again. There is no file called c:\combofix.txt.

Please advise.

Hijackthis log (after failed combofix execution):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:50:57 PM, on 2/2/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe "
O4 - HKLM\..\Run: [LaunchApp] "Alaunch "
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE "
O4 - HKLM\..\Run: [SkyTel] "SkyTel.EXE "
O4 - HKLM\..\Run: [Alcmtr] "ALCMTR.EXE "
O4 - HKLM\..\Run: [ntiMUI] "c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE "
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\WINDOWS\system32\SysMonitor.exe "
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 0
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Search Protection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe "
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE" /FU "C:\WINDOWS\TEMP\E_S2DA.tmp" /EF "HKCU "
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" - "http://www.nickjr.com/playtime/cats/games/music/blue_instruments.jhtml "
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Paul Schmanski\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 13169 bytes

broni · 2010/02/03

Try to re-run Combofix.
Post HJT from after running Combofix (if successful, if not, let me know).

pjschman · 2010/02/03

No dice with ComboFix - same story. Reached "Completed Stage_50 ", the words "deleting files" showed up in the program box, then my computer rebooted and told me I had a "serious error. "

broni · 2010/02/03

OK.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run Combofix.

pjschman · 2010/02/03

Downloaded Rkill from the first link, ran it, and it seemed to work, but when I ran combofix after that it did the same reboot thing. Here is the Rkill log. I will try it again from another one of the links.

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Paul Schmanski on 02/03/2010 at 22:25:38.

Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\RUNDLL32.EXE

Rkill completed on 02/03/2010 at 22:25:41.

broni · 2010/02/03

Delete your Combofix file.
Download fresh one from HERE and try to run it again.
I renamed the file for a reason.
If normal mode gives you problems again, run Combofix from Safe Mode.

pjschman · 2010/02/03

Finally a breakthrough! New combofix file did the same thing until I ran it in safe mode, then it completed. Here is the log. I will run HJT now and post the log shortly.

ComboFix 10-02-03.04 - Paul Schmanski 02/03/2010 23:10:11.6.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.266 [GMT -6:00]
Running from: c:\documents and settings\Paul Schmanski\Desktop\4co9ty6sd4.exe
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\kb913800.exe
c:\windows\system32\Cache
c:\windows\system32\uninstall.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 02:43 . 2010-02-03 02:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 02:13 . 2010-02-03 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-03 02:12 . 2010-02-03 02:12 -------- d-----w- c:\program files\Trend Micro
2010-02-01 00:11 . 2010-02-01 00:11 52224 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 00:10 . 2010-02-01 00:51 117760 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 00:09 . 2010-02-01 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 00:07 . 2010-02-01 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 00:07 . 2010-02-01 00:07 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Malwarebytes
2010-01-30 13:32 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 13:32 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 13:10 . 2010-01-30 13:10 -------- d-----w- c:\program files\Secunia
2010-01-30 02:15 . 2010-01-30 13:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-01-23 15:29 . 2010-01-23 15:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-23 15:29 . 2010-01-23 15:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-23 15:03 . 2010-01-23 15:03 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-01-23 15:00 . 2001-08-18 04:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2010-01-23 15:00 . 2001-08-18 04:36 7168 ----a-w- c:\windows\system32\snprfdll.dll
2010-01-23 15:00 . 2001-08-18 04:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2010-01-23 15:00 . 2001-08-18 04:36 12288 ----a-w- c:\windows\system32\smtpctrs.dll
2010-01-23 15:00 . 2001-08-18 04:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-01-23 15:00 . 2001-08-18 04:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-01-23 15:00 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2010-01-23 15:00 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\regtrace.exe
2010-01-23 15:00 . 2001-08-18 04:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-01-23 15:00 . 2001-08-18 04:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2010-01-23 14:59 . 2001-08-18 04:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2010-01-23 14:59 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\fcachdll.dll
2010-01-23 14:59 . 2001-08-18 04:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-01-23 14:59 . 2001-08-18 04:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-01-23 14:59 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\adsiisex.dll
2010-01-23 14:55 . 2004-08-10 20:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-23 14:55 . 2004-08-10 20:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-01-23 14:55 . 2004-08-10 20:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-01-23 14:55 . 2004-08-10 20:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-01-23 14:55 . 2010-01-23 15:00 -------- d-----w- c:\windows\system32\msmq
2010-01-23 14:55 . 2010-01-23 15:24 -------- d-----w- C:\Inetpub
2010-01-23 03:48 . 2010-02-02 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-23 03:48 . 2010-01-23 03:48 -------- d-----w- c:\program files\Lavasoft
2010-01-22 12:03 . 2010-01-22 12:03 -------- d-----w- c:\program files\Bodog Poker
2010-01-18 04:06 . 2010-01-18 04:07 14246464 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30025501xupd.exe
2010-01-18 04:03 . 2010-01-18 04:04 -------- d-----w- c:\program files\DeductionPro 2009
2010-01-18 03:59 . 2010-01-18 04:01 -------- d-----w- c:\program files\HRBlock2009
2010-01-13 05:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 05:08 . 2009-05-23 15:13 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-04 05:04 . 2008-06-10 22:32 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-02-03 02:13 . 2006-12-02 23:22 -------- d-----w- c:\program files\Google
2010-02-01 04:07 . 2008-09-28 19:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 00:04 . 2009-03-28 23:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-31 14:12 . 2009-06-01 20:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 14:53 . 2006-08-11 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 14:50 . 2009-11-30 00:56 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Move Networks
2010-01-21 00:34 . 2009-08-29 19:42 -------- d-----w- c:\program files\ooVoo
2010-01-19 04:34 . 2008-10-25 04:17 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-19 03:22 . 2008-07-26 12:26 -------- d-----w- c:\program files\BetUSPoker
2010-01-19 03:20 . 2008-08-09 01:56 -------- d-----w- c:\program files\ESPN
2010-01-19 03:17 . 2008-07-27 11:18 -------- d-----w- c:\program files\PokerStars
2010-01-19 02:09 . 2008-06-08 20:30 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Apple Computer
2010-01-18 03:53 . 2008-12-28 20:59 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\TaxCut
2010-01-18 03:52 . 2009-02-14 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-18 03:51 . 2008-12-28 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut
2010-01-13 09:05 . 2008-06-08 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-29 12:03 . 2009-08-29 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- c:\program files\Free Audio Pack
2009-12-24 18:45 . 2009-09-03 00:54 69 ----a-w- c:\documents and settings\Paul Schmanski\jagex_runescape_preferences2.dat
2009-12-24 18:37 . 2008-11-15 01:12 39 ----a-w- c:\documents and settings\Paul Schmanski\jagex_runescape_preferences.dat
2009-12-17 13:32 . 2009-12-17 13:32 -------- d-----w- c:\program files\Flip Video
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-11-30 00:57 . 2009-04-04 02:12 164 ----a-w- c:\windows\install.dat
2009-11-26 23:37 . 2006-12-03 00:34 92368 ----a-w- c:\documents and settings\Bennett Schmanski\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-10 20:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 17:14 . 2009-11-19 17:14 4732800 ----a-w- c:\documents and settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
2009-11-06 21:19 . 2009-04-04 02:18 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 18:00 . 2009-02-25 20:24 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 18:00 . 2009-02-25 20:24 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 18:00 . 2009-02-25 20:24 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2006-12-02 23:18 . 2006-12-02 23:18 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 22:02 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AutoStartNPSAgent "= "c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-02-05 98304]
"Google Update "= "c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"nwiz "= "nwiz.exe" [2006-07-11 1519616]
"RTHDCPL "= "RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel "= "SkyTel.EXE" [2006-05-16 2879488]
"ntiMUI "= "c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"Acer Empowering Technology Monitor "= "c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"PC Pitstop Optimize Scheduler "= "c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MsmqIntCert "= "mqrt.dll" [2008-04-14 177152]

c:\documents and settings\Paul Schmanski\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\Bennett Schmanski\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-7-1 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-2 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 2:24 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/3/2009 8:20 PM 1201640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [5/8/2009 5:55 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:13 PM 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [5/8/2009 5:55 AM 36608]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 6:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:12]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:12]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219848602-1497303551-2650097853-1005Core.job
- c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 15:50]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219848602-1497303551-2650097853-1005UA.job
- c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 15:50]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{5F70A072-6834-4256-981C-C6E93EC5E991}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]

2010-01-30 c:\windows\Tasks\wrSpySweeper_L05385BC6FD244F1682357E851F4922B0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-04 21:19]

2010-01-30 c:\windows\Tasks\wrSpySweeper_L05385BC6FD244F1682357E851F4922B0.job
- c:\program files\Webroot\WebrootSecurity\SpySweeperUI.exe [2009-04-04 21:19]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-Search Protection - c:\program files\Yahoo!\Search Protection\SearchProtection.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-KB913433 - c:\windows\system32\MacroMed\Flash\genuinst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 23:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-03 23:20:41
ComboFix-quarantined-files.txt 2010-02-04 05:20

Pre-Run: 24,731,205,632 bytes free
Post-Run: 24,921,038,848 bytes free

- - End Of File - - C0F21A297683ACF34D9DC8F9001A2580

pjschman · 2010/02/03

After Combofix HJT log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:45 PM, on 2/3/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe "
O4 - HKLM\..\Run: [LaunchApp] "Alaunch "
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE "
O4 - HKLM\..\Run: [SkyTel] "SkyTel.EXE "
O4 - HKLM\..\Run: [ntiMUI] "c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE "
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\WINDOWS\system32\SysMonitor.exe "
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 0
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" - "http://www.nickjr.com/playtime/cats/games/music/blue_instruments.jhtml "
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Paul Schmanski\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 12664 bytes

broni · 2010/02/03

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
File::
c:\windows\system32\drivers\logiflt.iad
c:\windows\system32\drivers\lvuvc.hs


Folder::

Driver::

Registry::

RegLockDel::
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

A new HijackThis log.

pjschman · 2010/02/04

One more thing ... I checked a couple of the same websites/programs that alerted me to the problem initially, and they still do not work. I ran the Windows Network Diagnostics again; the log is posted below.

FYI - you can probably tell from some of the logs but I am running Windows XP Media Center edition. I am running it over a cable modem and through a wireless router. The computer that is giving me trouble is wired, not wireless; I have two other computers that run perfectly fine through both the wired and wireless connections.

If I haven't mentioned it yet, thank you very much for your assistance.

PS - how soon before I scrap this whole thing and either do a clean install or throw the computer out the window?!?!?

Last diagnostic run time: 02/04/10 06:34:51 Gateway Diagnostic
Gateway
info The following proxy configuration is being used by IE: Automatically Detect Settingsisabled Automatic Configuration Script: Proxy Server: Proxy Bypass list:
info This computer has the following default gateway entry(ies): 192.168.0.1
info This computer has the following IP address(es): 192.168.0.102
info The default gateway is in the same subnet as this computer
info The default gateway entry is a valid unicast address
info The default gateway address was resolved via ARP in 1 try(ies)
info The default gateway was reached via ICMP Ping in 1 try(ies)
info TCP port 80 on host 207.46.19.190 was successfully reached
info The Internet host www.microsoft.com was successfully reached
info The default gateway is OK
DNS Client Diagnostic
DNS - Not a home user scenario
info Using Web Proxy: no
info Resolving name ok for (www.microsoft.com): yes
No DNS servers
DNS failure
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
info HTTP: Successfully connected to www.microsoft.com.
info FTP (Passive): Successfully connected to ftp.microsoft.com.
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTPS: Error 12002 connecting to www.microsoft.com: The operation timed out
error Could not make an HTTPS connection.
info Redirecting user to support call
Wireless Diagnostic
Wireless - Service disabled
Wireless - User SSID
Wireless - First time setup
Wireless - Radio off
Wireless - Out of range
Wireless - Hardware issue
Wireless - Novice user
Wireless - Ad-hoc network
Wireless - Less preferred
Wireless - 802.1x enabled
Wireless - Configuration mismatch
Wireless - Low SNR
IP Configuration Diagnostic
Invalid IP address
info Valid IP address detected: 192.168.0.102
IP Layer Diagnostic
Corrupted IP routing table
info The default route is valid
info The loopback route is valid
info The local host route is valid
info The local subnet route is valid
Invalid ARP cache entries
action The ARP cache has been flushed
WinSock Diagnostic
WinSock status
info All base service provider entries are present in the Winsock catalog.
info The Winsock Service provider chains are valid.
info Provider entry MSAFD Tcpip [TCP/IP] passed the loopback communication test.
info Provider entry MSAFD Tcpip [UDP/IP] passed the loopback communication test.
info Provider entry RSVP UDP Service Provider passed the loopback communication test.
info Provider entry RSVP TCP Service Provider passed the loopback communication test.
info Connectivity is valid for all Winsock service providers.
Network Adapter Diagnostic
Network location detection
info Using home Internet connection
Network adapter identification
info Network connection: Name=Local Area Connection, Device=Generic Marvell Yukon Chipset based Ethernet Controller, MediaType=LAN, SubMediaType=LAN
info Network connection: Name=1394 Connection, Device=1394 Net Adapter, MediaType=LAN, SubMediaType=1394
info Ethernet connection selected
Network adapter status
info Network connection status: Connected
HTTP, HTTPS, FTP Diagnostic
HTTP, HTTPS, FTP connectivity
info FTP (Passive): Successfully connected to ftp.microsoft.com.
info HTTP: Successfully connected to www.microsoft.com.
warn HTTPS: Error 12029 connecting to www.passport.net: A connection with the server could not be established
warn HTTPS: Error 12002 connecting to www.microsoft.com: The operation timed out
error Could not make an HTTPS connection.

pjschman · 2010/02/04

Sorry - I posted the response above before I saw yours at the top of the page (I didn't realize the thread wrapped to page 2 already). I did run the text file on top of the revised combofix *.exe that you sent me (with the changed name) and I had the same problem with the rebooting after stage 50. Do you want me to run it that way in safe mode?

broni · 2010/02/04

Do you want me to run it that way in safe mode?
Click to expand...

Please do.

pjschman · 2010/02/04

OK - combofix with cfscript ran in safe mode, and then I ran HJT. Here are the two logs:

ComboFix 10-02-03.06 - Paul Schmanski 02/04/2010 17:23:33.8.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.447.267 [GMT -6:00]
Running from: c:\documents and settings\Paul Schmanski\Desktop\4co9ty6sd4.exe
Command switches used :: c:\documents and settings\Paul Schmanski\Desktop\CFScript.txt
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}

FILE ::
"c:\windows\system32\drivers\logilft.iad "
"c:\windows\system32\drivers\lvuvc.hs "
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\lvuvc.hs

.
((((((((((((((((((((((((( Files Created from 2010-01-04 to 2010-02-04 )))))))))))))))))))))))))))))))
.

2010-02-03 02:43 . 2010-02-03 02:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-03 02:13 . 2010-02-03 02:13 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-03 02:12 . 2010-02-03 02:12 -------- d-----w- c:\program files\Trend Micro
2010-02-01 00:11 . 2010-02-01 00:11 52224 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-01 00:10 . 2010-02-01 00:51 117760 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-01 00:09 . 2010-02-01 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-01 00:07 . 2010-02-01 00:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-01 00:07 . 2010-02-01 00:07 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\SUPERAntiSpyware.com
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Malwarebytes
2010-01-30 13:32 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-30 13:32 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-30 13:32 . 2010-01-30 13:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-30 13:10 . 2010-01-30 13:10 -------- d-----w- c:\program files\Secunia
2010-01-30 02:15 . 2010-01-30 13:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-01-23 15:29 . 2010-01-23 15:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-01-23 15:29 . 2010-01-23 15:29 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-23 15:03 . 2010-01-23 15:03 -------- d-----w- c:\windows\IIS Temporary Compressed Files
2010-01-23 15:00 . 2001-08-18 04:36 7168 -c--a-w- c:\windows\system32\dllcache\EXCH_snprfdll.dll
2010-01-23 15:00 . 2001-08-18 04:36 7168 ----a-w- c:\windows\system32\snprfdll.dll
2010-01-23 15:00 . 2001-08-18 04:36 12288 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpctrs.dll
2010-01-23 15:00 . 2001-08-18 04:36 12288 ----a-w- c:\windows\system32\smtpctrs.dll
2010-01-23 15:00 . 2001-08-18 04:36 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-01-23 15:00 . 2001-08-18 04:36 57856 -c--a-w- c:\windows\system32\dllcache\EXCH_scripto.dll
2010-01-23 15:00 . 2001-08-18 04:36 23040 -c--a-w- c:\windows\system32\dllcache\EXCH_regtrace.exe
2010-01-23 15:00 . 2001-08-18 04:36 23040 ----a-w- c:\windows\system32\regtrace.exe
2010-01-23 15:00 . 2001-08-18 04:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-01-23 15:00 . 2001-08-18 04:36 65536 -c--a-w- c:\windows\system32\dllcache\EXCH_mailmsg.dll
2010-01-23 14:59 . 2001-08-18 04:36 43520 -c--a-w- c:\windows\system32\dllcache\EXCH_fcachdll.dll
2010-01-23 14:59 . 2001-08-18 04:36 43520 ----a-w- c:\windows\system32\fcachdll.dll
2010-01-23 14:59 . 2001-08-18 04:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-01-23 14:59 . 2001-08-18 04:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-01-23 14:59 . 2001-08-18 04:36 5632 ----a-w- c:\windows\system32\adsiisex.dll
2010-01-23 14:55 . 2004-08-10 20:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-01-23 14:55 . 2004-08-10 20:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-01-23 14:55 . 2004-08-10 20:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-01-23 14:55 . 2004-08-10 20:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-01-23 14:55 . 2010-01-23 15:00 -------- d-----w- c:\windows\system32\msmq
2010-01-23 14:55 . 2010-01-23 15:24 -------- d-----w- C:\Inetpub
2010-01-23 03:48 . 2010-02-02 12:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-23 03:48 . 2010-01-23 03:48 -------- d-----w- c:\program files\Lavasoft
2010-01-22 12:03 . 2010-01-22 12:03 -------- d-----w- c:\program files\Bodog Poker
2010-01-18 04:06 . 2010-01-18 04:07 14246464 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30025501xupd.exe
2010-01-18 04:03 . 2010-01-18 04:04 -------- d-----w- c:\program files\DeductionPro 2009
2010-01-18 03:59 . 2010-01-18 04:01 -------- d-----w- c:\program files\HRBlock2009
2010-01-13 05:14 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-04 23:13 . 2009-05-23 15:13 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-02-03 02:13 . 2006-12-02 23:22 -------- d-----w- c:\program files\Google
2010-02-01 04:07 . 2008-09-28 19:33 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-02-01 00:04 . 2009-03-28 23:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-31 14:12 . 2009-06-01 20:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 14:53 . 2006-08-11 21:04 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-23 14:50 . 2009-11-30 00:56 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Move Networks
2010-01-21 00:34 . 2009-08-29 19:42 -------- d-----w- c:\program files\ooVoo
2010-01-19 04:34 . 2008-10-25 04:17 -------- d-----w- c:\program files\Full Tilt Poker
2010-01-19 03:22 . 2008-07-26 12:26 -------- d-----w- c:\program files\BetUSPoker
2010-01-19 03:20 . 2008-08-09 01:56 -------- d-----w- c:\program files\ESPN
2010-01-19 03:17 . 2008-07-27 11:18 -------- d-----w- c:\program files\PokerStars
2010-01-19 02:09 . 2008-06-08 20:30 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\Apple Computer
2010-01-18 03:53 . 2008-12-28 20:59 -------- d-----w- c:\documents and settings\Paul Schmanski\Application Data\TaxCut
2010-01-18 03:52 . 2009-02-14 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2010-01-18 03:51 . 2008-12-28 20:36 -------- d-----w- c:\documents and settings\All Users\Application Data\TaxCut
2010-01-13 09:05 . 2008-06-08 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-29 12:03 . 2009-08-29 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-25 19:38 . 2009-12-25 19:38 -------- d-----w- c:\program files\Free Audio Pack
2009-12-24 18:45 . 2009-09-03 00:54 69 ----a-w- c:\documents and settings\Paul Schmanski\jagex_runescape_preferences2.dat
2009-12-24 18:37 . 2008-11-15 01:12 39 ----a-w- c:\documents and settings\Paul Schmanski\jagex_runescape_preferences.dat
2009-12-17 13:32 . 2009-12-17 13:32 -------- d-----w- c:\program files\Flip Video
2009-12-04 16:03 . 2009-12-04 16:03 251376 ----a-w- c:\documents and settings\Paul Schmanski\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-11-30 00:57 . 2009-04-04 02:12 164 ----a-w- c:\windows\install.dat
2009-11-26 23:37 . 2006-12-03 00:34 92368 ----a-w- c:\documents and settings\Bennett Schmanski\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 15:51 . 2004-08-10 20:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 17:14 . 2009-11-19 17:14 4732800 ----a-w- c:\documents and settings\All Users\Application Data\Flip Video\FlipShare\Updates\FirmwareExec_Windows_en-US_83.06_83.07\FlipVideoFWUpdate.exe
2006-12-02 23:18 . 2006-12-02 23:18 251 ----a-w- c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( SnapShot@2010-02-04_05.17.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 20:56 . 2010-02-04 12:27 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-02 20:56 . 2010-02-03 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-12-02 20:56 . 2010-02-04 12:27 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-02 20:56 . 2010-02-03 23:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-04 05:30 . 2010-02-04 12:27 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-01-23 15:01 . 2010-02-04 23:12 214746 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@= "{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} "
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 22:02 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-19 68856]
"MsnMsgr "= "c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"AutoStartNPSAgent "= "c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-02-05 98304]
"Google Update "= "c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-23 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp "= "Alaunch" [X]
"ehTray "= "c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"nwiz "= "nwiz.exe" [2006-07-11 1519616]
"RTHDCPL "= "RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel "= "SkyTel.EXE" [2006-05-16 2879488]
"ntiMUI "= "c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-12 45056]
"IMJPMIG8.1 "= "c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1 "= "c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002 "= "c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A "= "c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"Acer Empowering Technology Monitor "= "c:\windows\system32\SysMonitor.exe" [2006-04-19 49152]
"eDataSecurity Loader "= "c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService "= "c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"AppleSyncNotifier "= "c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-04 111936]
"PC Pitstop Optimize Scheduler "= "c:\program files\PCPitstop\Optimize\PCPOptimize.exe" [2008-03-26 2577120]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"LogitechQuickCamRibbon "= "c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched "= "c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"MsmqIntCert "= "mqrt.dll" [2008-04-14 177152]

c:\documents and settings\Paul Schmanski\Start Menu\Programs\Startup\
Secunia PSI.lnk - c:\program files\Secunia\PSI\psi.exe [2009-8-21 900816]

c:\documents and settings\Bennett Schmanski\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-7-1 256000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-2 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@= "Service "

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe "=
"c:\\WINDOWS\\network diagnostic\\xpnetdiag.exe "=
"c:\\WINDOWS\\system32\\mqsvc.exe "=

R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 2:24 PM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [4/3/2009 8:20 PM 1201640]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [5/8/2009 5:55 AM 233472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 8:13 PM 135664]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [5/8/2009 5:55 AM 36608]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 6:20 AM 12648]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:12]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-03 02:12]

2010-01-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219848602-1497303551-2650097853-1005Core.job
- c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 15:50]

2010-02-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4219848602-1497303551-2650097853-1005UA.job
- c:\documents and settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-23 15:50]

2010-02-04 c:\windows\Tasks\User_Feed_Synchronization-{5F70A072-6834-4256-981C-C6E93EC5E991}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://espn.go.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-04 17:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(228)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2010-02-04 17:31:40
ComboFix-quarantined-files.txt 2010-02-04 23:31
ComboFix2.txt 2010-02-04 05:20

Pre-Run: 24,948,367,360 bytes free
Post-Run: 24,916,590,592 bytes free

- - End Of File - - D7396F4FF95A751F2490280892F52A27

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:21 PM, on 2/4/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://espn.go.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [ehTray] "C:\WINDOWS\ehome\ehtray.exe "
O4 - HKLM\..\Run: [LaunchApp] "Alaunch "
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [RTHDCPL] "RTHDCPL.EXE "
O4 - HKLM\..\Run: [SkyTel] "SkyTel.EXE "
O4 - HKLM\..\Run: [ntiMUI] "c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe "
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] "C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE "
O4 - HKLM\..\Run: [MSPY2002] "C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] "C:\WINDOWS\system32\SysMonitor.exe "
O4 - HKLM\..\Run: [eDataSecurity Loader] "C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" 0
O4 - HKLM\..\Run: [eRecoveryService] "C:\Acer\Empowering Technology\eRecovery\eRAgent.exe "
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] "C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe" -boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe "
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
O4 - HKLM\..\Run: [MsmqIntCert] "regsvr32" /s mqrt.dll
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AutoStartNPSAgent] "C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe "
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Paul Schmanski\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE" -Update -1100465 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; GTB6; .NET CLR 1.0.3705; .NET CLR 1.1.4322; Media Center PC 4.0)" - "http://www.nickjr.com/playtime/cats/games/music/blue_instruments.jhtml "
O4 - S-1-5-18 Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (User 'Default user')
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Odds Maker - b3cab7b9-eb43-46a2-8e15-02cc298dec71 - C:\Documents and Settings\Paul Schmanski\Start Menu\Programs\Odds Maker\Odds Maker.lnk (HKCU)
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} (JordanUploader Class) - http://www.seehere.com/ips-opdata/layout/fujius02/objects/jordan-canvasx.cab
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/testActiveX/built/signed/DisneyOnlineGames.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://www.evite.com/html/imageUpload/ImageUploader5.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.dotphoto.com/ImageUploader4.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: FlipShare Service - Unknown owner - C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
O23 - Service: FsUsbExService - Teruten - C:\WINDOWS\system32\FsUsbExService.Exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 10925 bytes

Log in or Sign up

Inactive Error 12029 - problems accessing certain websites/programs

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Error 12029 - problems accessing certain websites/programs

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

pjschman Inactive Thread Starter

broni Moderator Malware Analyst

pjschman Inactive Thread Starter

Share This Page

Useful Searches