WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


JIT Debugger constantly appears

2 posters

descriptionJIT Debugger constantly appears EmptyJIT Debugger constantly appears4th May 2011, 2:46 pm

more_horiz
Hello,

I have a system where the JIT Debugger constantly pops up. If I close it, it will reappear. If I tell it to debug, it will bring up the MS Script Editor and I a few webpages appear (as source). The web source code seems like a popup ad in nature, but not sure too exactly why svchost.exe the process that is causing it to appear, and the pid of the offending process takes a sizeable memory footprint (~125 mb)

It is a Dell PWS 390. Windows XP Pro SP3, joined on a corporate domain.

I ran hijack this, found really nothing of interest (at least to me), i ran malware bytes, adaware, spybot, full SAV scan, combofix.

It appears this just started recently, nothing was installed or changed on the system as I can tell, though.

I really can't think of anything else to add here, so please let me know if you need anything else to help me!

Your assistance is greatly appreciated!

Attached are hijackthis, combofix logs and also the three files the debugger is attempting to debug.

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears4th May 2011, 2:47 pm

more_horiz
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:46 PM, on 5/3/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17096)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\IBM\Lotus\Notes\nsd.exe
C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\IBM\Lotus\Notes\NLNOTES.EXE
C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Program Files\IBM\Lotus\Notes\ntaskldr.EXE
C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\VS7JIT.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\lminnich\Desktop\setup-spybotsd162.exe
C:\DOCUME~1\lminnich\LOCALS~1\Temp\is-BL9II.tmp\setup-spybotsd162.tmp
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\lminnich\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/mywaybiz
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"
O4 - HKLM\..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://intranet
O15 - Trusted Zone: http://*.intranet
O15 - Trusted Zone: *.techni-tool.com
O15 - Trusted Zone: *.ups.com
O15 - Trusted IP range: 192.168.10.100
O15 - Trusted IP range: 10.1.2.2
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vriwayne01.local
O17 - HKLM\Software\..\Telephony: DomainName = vriwayne01.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = vriwayne01.local
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lotus Notes Diagnostics - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nsd.exe
O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.29 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe

--
End of file - 13309 bytes

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears4th May 2011, 3:34 pm

more_horiz
OTL logfile created on: 5/4/2011 11:16:00 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\lminnich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.89 Gb Total Space | 102.05 Gb Free Space | 68.54% Space Free | Partition Type: NTFS
Drive H: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive I: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive K: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive Q: | 558.75 Gb Total Space | 334.91 Gb Free Space | 59.94% Space Free | Partition Type: NTFS
Drive R: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive S: | 33.34 Gb Total Space | 8.82 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive T: | 557.75 Gb Total Space | 140.39 Gb Free Space | 25.17% Space Free | Partition Type: NTFS
Drive V: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive Y: | 558.75 Gb Total Space | 334.91 Gb Free Space | 59.94% Space Free | Partition Type: NTFS
Drive Z: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: LMINNICH-DT2 | User Name: lminnich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 11:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lminnich\Desktop\OTL.com
PRC - [2011/03/23 05:36:12 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
PRC - [2011/03/23 05:35:40 | 000,062,856 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe
PRC - [2011/03/23 05:35:22 | 003,417,480 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2011/03/18 13:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/08/16 14:42:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/04/14 09:34:36 | 000,159,616 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe
PRC - [2010/04/05 11:19:50 | 000,034,232 | ---- | M] (Broadcom Corporation) -- C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
PRC - [2010/03/29 12:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
PRC - [2010/03/29 12:45:46 | 000,132,456 | ---- | M] (Wave Systems Corp.) -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe
PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 20:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 11:40:54 | 000,657,920 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
PRC - [2009/02/04 21:26:38 | 000,128,232 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/22 23:24:02 | 000,620,152 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
PRC - [2006/09/27 20:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 19:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 11:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lminnich\Desktop\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/03/23 05:36:12 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2011/03/23 05:35:40 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2011/03/23 05:35:22 | 003,417,480 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2010/08/16 14:42:47 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/29 12:45:48 | 001,164,648 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/02/03 17:24:20 | 001,032,192 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV - [2008/11/12 13:25:48 | 001,273,856 | ---- | M] () [Auto | Stopped] -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/09/27 20:33:38 | 000,116,464 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 20:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 20:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 16:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 16:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 19:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 19:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 17:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/05/03 16:37:34 | 000,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/04/18 09:48:50 | 001,393,144 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVEX15.SYS -- (NAVEX15)
DRV - [2011/04/18 09:48:50 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20110504.002\NAVENG.SYS -- (NAVENG)
DRV - [2010/01/19 12:46:26 | 000,233,856 | ---- | M] (Wave Systems Corp.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\WavxDMgr.sys -- (WavxDMgr)
DRV - [2009/11/05 13:32:54 | 000,166,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) Intel(R)
DRV - [2009/10/14 11:29:54 | 000,030,880 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2008/06/04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\PBADRV.sys -- (PBADRV)
DRV - [2008/03/28 07:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2006/09/18 17:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 14:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 14:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 16:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006/08/07 16:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006/04/11 17:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://g.msn.com/USREL/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://g.msn.com/USREL/1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://intranet/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..network.proxy.autoconfig_url: "http://proxy:8095/web"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/03 15:19:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/03 15:19:56 | 000,000,000 | ---D | M]

[2010/08/16 17:29:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lminnich\Application Data\Mozilla\Extensions
[2011/05/03 07:05:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\lminnich\Application Data\Mozilla\Firefox\Profiles\aepyyss8.default\extensions
[2011/03/16 14:18:51 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\lminnich\Application Data\Mozilla\Firefox\Profiles\aepyyss8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/03 15:19:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/08/03 11:10:23 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

Hosts file not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DellControlPoint] C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe (Dell Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe (Broadcom Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr.exe (Wave Systems Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk = C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideShutdownScripts = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: MaxGPOScriptWait = 120
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O15 - HKCU\..Trusted Domains: aol.com ([login.oscar] * in Trusted sites)
O15 - HKCU\..Trusted Domains: google.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.18.2.2 10.18.2.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = vriwayne01.local
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\lminnich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\lminnich\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/04/25 17:29:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 11:16:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lminnich\Application Data\smkits
[2011/05/04 11:15:48 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\lminnich\Desktop\OTL.com
[2011/05/03 16:50:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lminnich\Application Data\Malwarebytes
[2011/05/03 16:49:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/03 16:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/03 16:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/03 16:49:55 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/03 16:49:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/03 16:48:32 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\lminnich\Desktop\451.exe
[2011/05/03 16:37:10 | 000,109,744 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/05/03 16:37:10 | 000,048,816 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/05/03 16:37:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Symantec Client Security
[2011/05/03 16:37:06 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011/05/03 16:29:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation
[2011/05/03 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lotus Applications
[2011/05/03 15:20:31 | 423,726,560 | ---- | C] (IBM ) -- C:\Documents and Settings\lminnich\Desktop\852-client.exe
[2011/05/03 15:19:49 | 118,571,016 | ---- | C] (IBM ) -- C:\Documents and Settings\lminnich\Desktop\lotus_notes852FP2_win.exe
[2011/05/03 15:15:01 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec AntiVirus
[2011/05/03 12:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011/05/03 12:53:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2011/05/03 12:47:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2011/05/03 12:41:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\lminnich\backups
[2011/05/03 12:37:33 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/03 12:31:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/05/03 12:30:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/03 12:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/03 12:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/03 12:29:47 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\lminnich\Desktop\HijackThis.exe
[2011/05/03 12:05:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/03 12:05:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/03 12:05:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/03 12:05:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/03 12:05:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/03 12:04:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/03 12:04:33 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
[2011/05/03 11:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/05/03 11:07:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/04/13 11:09:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2011/04/13 06:54:05 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscover.exe
[2011/04/13 06:53:37 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dnsrslvr.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/04 11:15:48 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\lminnich\Desktop\OTL.com
[2011/05/04 11:12:17 | 000,048,319 | ---- | M] () -- C:\Documents and Settings\lminnich\install.xml
[2011/05/04 09:43:11 | 000,005,263 | ---- | M] () -- C:\Documents and Settings\lminnich\Desktop\notes.ini
[2011/05/04 09:29:43 | 000,000,247 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/05/04 09:29:08 | 000,527,962 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/04 09:29:08 | 000,096,640 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/04 09:27:40 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\lminnich\Local Settings\Application Data\WavXMapDrive.bat
[2011/05/04 09:27:39 | 000,254,073 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011/05/04 09:27:26 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/04 09:24:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/04 09:23:54 | 3487,117,312 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/04 08:42:57 | 000,002,010 | -H-- | M] () -- C:\Documents and Settings\lminnich\My Documents\Default.rdp
[2011/05/03 16:49:58 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 16:48:54 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\lminnich\Desktop\451.exe
[2011/05/03 16:02:43 | 000,001,872 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2011/05/03 16:00:10 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2011/05/03 15:19:58 | 000,000,744 | ---- | M] () -- C:\Documents and Settings\lminnich\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/03 15:19:58 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/05/03 12:47:20 | 000,000,814 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Paint.NET.lnk
[2011/05/03 12:30:18 | 000,000,953 | ---- | M] () -- C:\Documents and Settings\lminnich\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/03 12:30:18 | 000,000,935 | ---- | M] () -- C:\Documents and Settings\lminnich\Desktop\Spybot - Search & Destroy.lnk
[2011/05/03 12:29:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\lminnich\Desktop\HijackThis.exe
[2011/05/03 12:08:59 | 000,000,000 | ---- | M] () -- C:\WINDOWS\vpc32.INI
[2011/05/03 10:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Tfipoxebuxeyaki.dat
[2011/05/03 10:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Bjigo.bin
[2011/05/03 06:48:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/19 12:07:00 | 118,571,016 | ---- | M] (IBM ) -- C:\Documents and Settings\lminnich\Desktop\lotus_notes852FP2_win.exe
[2011/04/14 06:51:04 | 000,146,016 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/13 11:08:27 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 09:41:10 | 000,010,588 | ---- | C] () -- C:\Documents and Settings\lminnich\Desktop\user.id
[2011/05/03 16:49:58 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/03 16:02:43 | 000,001,872 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Lotus Notes 8.5.lnk
[2011/05/03 15:19:58 | 000,000,732 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/03 12:30:18 | 000,000,953 | ---- | C] () -- C:\Documents and Settings\lminnich\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/05/03 12:30:18 | 000,000,935 | ---- | C] () -- C:\Documents and Settings\lminnich\Desktop\Spybot - Search & Destroy.lnk
[2011/05/03 12:08:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2011/05/03 12:05:34 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/03 12:05:33 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/03 12:05:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/03 12:05:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/03 12:05:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/03 10:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Tfipoxebuxeyaki.dat
[2011/05/03 10:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bjigo.bin
[2010/08/17 08:56:58 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/08/16 17:09:42 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\lminnich\Local Settings\Application Data\PUTTY.RND
[2010/08/16 16:39:46 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\lminnich\Local Settings\Application Data\WavXMapDrive.bat
[2010/08/16 14:30:27 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/08/13 15:32:38 | 000,000,247 | ---- | C] () -- C:\WINDOWS\hpbafd.ini
[2010/08/13 15:29:53 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/13 15:00:30 | 000,065,800 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/08/03 14:49:59 | 001,604,482 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/08/03 14:49:40 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/08/03 14:48:39 | 000,001,154 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/08/03 11:28:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/08/03 11:13:02 | 000,080,368 | ---- | C] () -- C:\WINDOWS\System32\pbadrvdll.dll
[2010/03/02 12:46:38 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\Wavx_ESC_Logging.dll
[2010/02/04 11:18:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_th.dll
[2010/02/04 11:18:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-HK.dll
[2010/02/04 11:18:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sl.dll
[2010/02/04 11:18:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sk.dll
[2010/02/04 11:18:18 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hr.dll
[2010/02/04 11:18:12 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ro.dll
[2010/02/04 11:18:12 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_tr.dll
[2010/02/04 11:18:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt-BR.dll
[2010/02/04 11:18:10 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_hu.dll
[2010/02/04 11:18:08 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fi.dll
[2010/02/04 11:18:08 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_he.dll
[2010/02/04 11:18:06 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_el.dll
[2010/02/04 11:18:06 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_cs.dll
[2010/02/04 11:18:04 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ar.dll
[2010/02/04 11:18:04 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHT.dll
[2010/02/04 11:18:02 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_zh-CHS.dll
[2010/02/04 11:18:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_sv.dll
[2010/02/04 11:18:00 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ru.dll
[2010/02/04 11:17:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pt.dll
[2010/02/04 11:17:58 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_pl.dll
[2010/02/04 11:17:56 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_nl.dll
[2010/02/04 11:17:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_no.dll
[2010/02/04 11:17:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ko.dll
[2010/02/04 11:17:54 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_ja.dll
[2010/02/04 11:17:52 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_it.dll
[2010/02/04 11:17:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_fr.dll
[2010/02/04 11:17:50 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_es.dll
[2010/02/04 11:17:48 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_de.dll
[2010/02/04 11:17:46 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\Internationalization_da.dll
[2010/01/19 12:44:30 | 000,249,856 | ---- | C] () -- C:\WINDOWS\System32\wxvault.dll
[2009/11/06 15:27:22 | 000,839,680 | ---- | C] () -- C:\WINDOWS\System32\DemoLicense.dll
[2009/08/26 16:25:08 | 000,917,504 | ---- | C] () -- C:\WINDOWS\System32\lmgr10.dll
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/04/25 17:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 17:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 17:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 12:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 12:16:22 | 000,527,962 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 12:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 12:16:22 | 000,096,640 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 12:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 12:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 12:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 12:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 12:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 12:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 12:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 12:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 05:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 05:21:52 | 000,146,016 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/03/25 09:46:00 | 000,077,536 | ---- | C] () -- C:\WINDOWS\System32\xltZlib.dll
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/06/30 12:58:44 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\bioapi_mds300.dll
[2006/06/30 12:58:44 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\bioapi100.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears4th May 2011, 3:34 pm

more_horiz
OTL Extras logfile created on: 5/4/2011 11:16:01 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\lminnich\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 61.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.89 Gb Total Space | 102.05 Gb Free Space | 68.54% Space Free | Partition Type: NTFS
Drive H: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive I: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive K: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive Q: | 558.75 Gb Total Space | 334.91 Gb Free Space | 59.94% Space Free | Partition Type: NTFS
Drive R: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive S: | 33.34 Gb Total Space | 8.82 Gb Free Space | 26.45% Space Free | Partition Type: NTFS
Drive T: | 557.75 Gb Total Space | 140.39 Gb Free Space | 25.17% Space Free | Partition Type: NTFS
Drive V: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS
Drive Y: | 558.75 Gb Total Space | 334.91 Gb Free Space | 59.94% Space Free | Partition Type: NTFS
Drive Z: | 1.20 Gb Total Space | 1.15 Gb Free Space | 96.01% Space Free | Partition Type: NTFS

Computer Name: LMINNICH-DT2 | User Name: lminnich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe" = C:\Program Files\IBM\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe:*:Enabled:Lotus Notes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"{11107A2A-AD44-4BC8-ABB5-E88E63BCA785}" = Intel(R) Network Connections 14.8.43.0
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32BAA3AE-458F-46CC-9D3C-64EC21C039D9}" = SO32MMWrapper
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{34588D7D-2B47-4E47-96E2-0304F0472B38}" = Dell Control Point
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A6BE9F4-5FC8-44BB-BE7B-32A29607FEF6}" = Preboot Manager
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A553AB2-A652-47FD-8BEF-3795A961C56A}" = Wave Infrastructure Installer
"{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{62BFB4C2-8C4E-4D91-BD7D-81C06EAAC3C0}" = Windows Rights Management Client with Service Pack 2
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{791E3589-57B2-4F09-87EA-3C20B8174007}" = DCP32MMWrapper
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A44413DC-17D5-4F0B-A128-8B590B20323C}" = Windows Messenger 5.1
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8DD74DC-14C4-4BA0-8DF7-D84524D0B0D2}" = ST Microelectronics TPM Driver Installer
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Dell Embassy Trust Suite by Wave Systems
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB93D30B-B395-44BB-A9ED-A0E057F07E53}" = NTRU TCG Software Stack
"{BC52E419-B185-488F-9973-049A88E5DCBE}" = Gemalto
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BA}" = WinZip 14.0
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DDD6BE8C-9AFA-48F1-A6AE-3BD596E2EB0B}" = Trusted Drive Manager
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{ECCA150B-31A5-412E-B8D0-4CB5DDA900D3}" = Adobe Shockwave Player 11.5
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4487649-7368-4217-AEA3-1E04DB3E2C5C}" = Dell ControlPoint Security Manager
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"35858E766EFC35B58A45C301DD358D503119A8FA" = Windows Driver Package - STMicroelectronics (stmtpm) System (05/24/2007 1.00.04.15)
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Windows Driver Package - Dell Inc. PBADRV System (09/11/2009 1.0.1.6)
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{0B0A2153-58A6-4244-B458-25EDF5FCD809}" = Private Information Manager
"InstallShield_{51AE9E42-640D-4C14-A9B6-43F64AA4E3E2}" = Document Manager Lite
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"InstallShield_{EC84E3E6-C2D6-4DFB-81E0-448324C8FDF4}" = Security Wizards
"InstallShield_{EEAFE1E5-076B-430A-96D9-B567792AFA88}" = EMBASSY Security Center
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/3/2011 4:30:20 PM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 108
Description = Failed to apply changes to software installation settings. Software
changes could not be applied. A previous log entry with details should exist.
The error was : %1603

Error - 5/3/2011 4:30:20 PM | Computer Name = LMINNICH-DT2 | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Software Installation failed
to execute. Please look for any errors reported earlier by that extension.

Error - 5/4/2011 6:50:53 AM | Computer Name = LMINNICH-DT2 | Source = MsiInstaller | ID = 11714
Description = Product: Adobe Flash Player 10 ActiveX -- Error 1714.The older version
of Adobe Flash Player 10 ActiveX cannot be removed. Contact your technical support
group. System Error 1612.

Error - 5/4/2011 6:50:53 AM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 102
Description = The install of application Adobe Flash Player 10 ActiveX (2) from
policy Adobe Flash Shock failed. The error was : %1603

Error - 5/4/2011 6:50:53 AM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 109
Description = Application Adobe Flash Player 10 ActiveX (2) from policy Adobe Flash
Shock was configured to upgrade application Adobe Flash Player 10 ActiveX from
policy Adobe Flash Shock. The assignment or install of the upgrade application
Adobe Flash Player 10 ActiveX (2) from policy Adobe Flash Shock failed with error
: %1603 The upgrade will be aborted.

Error - 5/4/2011 6:50:53 AM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 108
Description = Failed to apply changes to software installation settings. Software
changes could not be applied. A previous log entry with details should exist.
The error was : %1603

Error - 5/4/2011 6:50:53 AM | Computer Name = LMINNICH-DT2 | Source = Userenv | ID = 1085
Description = The Group Policy client-side extension Software Installation failed
to execute. Please look for any errors reported earlier by that extension.

Error - 5/4/2011 9:27:10 AM | Computer Name = LMINNICH-DT2 | Source = MsiInstaller | ID = 11714
Description = Product: Adobe Flash Player 10 ActiveX -- Error 1714.The older version
of Adobe Flash Player 10 ActiveX cannot be removed. Contact your technical support
group. System Error 1612.

Error - 5/4/2011 9:27:11 AM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 102
Description = The install of application Adobe Flash Player 10 ActiveX (2) from
policy Adobe Flash Shock failed. The error was : %1603

Error - 5/4/2011 9:27:11 AM | Computer Name = LMINNICH-DT2 | Source = Application Management | ID = 109
Description = Application Adobe Flash Player 10 ActiveX (2) from policy Adobe Flash
Shock was configured to upgrade application Adobe Flash Player 10 ActiveX from
policy Adobe Flash Shock. The assignment or install of the upgrade application
Adobe Flash Player 10 ActiveX (2) from policy Adobe Flash Shock failed with error
: %1603 The upgrade will be aborted.

[ System Events ]
Error - 5/3/2011 4:59:03 PM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 6:50:46 AM | Computer Name = LMINNICH-DT2 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.

Error - 5/4/2011 8:44:30 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 8:45:07 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 8:45:43 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 8:46:21 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 8:47:20 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 8:47:56 AM | Computer Name = LMINNICH-DT2 | Source = DCOM | ID = 10010
Description = The server {D40DAF26-8F39-4430-97B9-D3E1A42426C8} did not register
with DCOM within the required timeout.

Error - 5/4/2011 9:25:05 AM | Computer Name = LMINNICH-DT2 | Source = Service Control Manager | ID = 7024
Description = The Symantec SPBBCSvc service terminated with service-specific error
4294967295 (0xFFFFFFFF).

Error - 5/4/2011 9:27:07 AM | Computer Name = LMINNICH-DT2 | Source = Service Control Manager | ID = 7022
Description = The Automatic Updates service hung on starting.


< End of report >

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears4th May 2011, 10:17 pm

more_horiz
Hello.

Please download aswMBR from here

  • Save aswMBR.exe to your Desktop
  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan as illustrated below

JIT Debugger constantly appears AswMBR_Scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

  • Once the scan finishes click Save log to save the log to your Desktop
    JIT Debugger constantly appears AswMBR_SaveLog

  • Copy and paste the contents of aswMBR.txt back here for review

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 2:03 pm

more_horiz
aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-05 10:01:36
-----------------------------
10:01:36.923 OS Version: Windows 5.1.2600 Service Pack 3
10:01:36.923 Number of processors: 2 586 0x170A
10:01:36.923 ComputerName: LMINNICH-DT2 UserName: lminnich
10:01:37.345 Initialize success
10:01:39.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
10:01:39.001 Disk 0 Vendor: Intel___ 1.0. Size: 152585MB BusType: 8
10:01:39.001 Disk 0 MBR read successfully
10:01:39.001 Disk 0 MBR scan
10:01:39.001 Disk 0 TDL4@MBR code has been found
10:01:39.001 Disk 0 MBR hidden
10:01:39.001 Disk 0 MBR [TDL4] **ROOTKIT**
10:01:39.001 Disk 0 trace - called modules:
10:01:39.001 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x88be3730]<<
10:01:39.001 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a6a8ab8]
10:01:39.001 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> [0x88bbb8c8]
10:01:39.001 \Driver\iaStor[0x8a6b0c58] -> IRP_MJ_CREATE -> 0x88be3730
10:01:39.001 Scan finished successfully
10:01:52.469 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\lminnich\Desktop\MBR.dat"
10:01:52.484 The log file has been saved successfully to "C:\Documents and Settings\lminnich\Desktop\aswMBR.txt"


descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 6:35 pm

more_horiz
Hello.

Please download TDSSKiller from here and save it to your Desktop.

  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 7:35 pm

more_horiz
2011/05/05 15:21:35.0248 1520 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/05 15:21:36.0107 1520 ================================================================================
2011/05/05 15:21:36.0107 1520 SystemInfo:
2011/05/05 15:21:36.0107 1520
2011/05/05 15:21:36.0107 1520 OS Version: 5.1.2600 ServicePack: 3.0
2011/05/05 15:21:36.0107 1520 Product type: Workstation
2011/05/05 15:21:36.0107 1520 ComputerName: LMINNICH-DT2
2011/05/05 15:21:36.0107 1520 UserName: lminnich
2011/05/05 15:21:36.0107 1520 Windows directory: C:\WINDOWS
2011/05/05 15:21:36.0107 1520 System windows directory: C:\WINDOWS
2011/05/05 15:21:36.0107 1520 Processor architecture: Intel x86
2011/05/05 15:21:36.0107 1520 Number of processors: 2
2011/05/05 15:21:36.0107 1520 Page size: 0x1000
2011/05/05 15:21:36.0107 1520 Boot type: Normal boot
2011/05/05 15:21:36.0107 1520 ================================================================================
2011/05/05 15:21:36.0107 1520 SetPrivileges failed!
2011/05/05 15:21:36.0279 1520 Initialize success
2011/05/05 15:21:38.0310 5740 ================================================================================
2011/05/05 15:21:38.0310 5740 Scan started
2011/05/05 15:21:38.0310 5740 Mode: Manual;
2011/05/05 15:21:38.0310 5740 ================================================================================
2011/05/05 15:21:39.0169 5740 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/05/05 15:21:39.0216 5740 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/05/05 15:21:39.0216 5740 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/05/05 15:21:39.0279 5740 ADIHdAudAddService (9d13680a2f0a4d61870da624e8e2f305) C:\WINDOWS\system32\drivers\ADIHdAud.sys
2011/05/05 15:21:39.0294 5740 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/05/05 15:21:39.0325 5740 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/05/05 15:21:39.0372 5740 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/05/05 15:21:39.0372 5740 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/05/05 15:21:39.0388 5740 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/05/05 15:21:39.0388 5740 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/05/05 15:21:39.0404 5740 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/05/05 15:21:39.0419 5740 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/05/05 15:21:39.0435 5740 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/05/05 15:21:39.0435 5740 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/05/05 15:21:39.0450 5740 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/05/05 15:21:39.0450 5740 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/05/05 15:21:39.0450 5740 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/05/05 15:21:39.0466 5740 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/05/05 15:21:39.0466 5740 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/05/05 15:21:39.0497 5740 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/05/05 15:21:39.0497 5740 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/05/05 15:21:39.0529 5740 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/05/05 15:21:39.0529 5740 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/05/05 15:21:39.0544 5740 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/05/05 15:21:39.0575 5740 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/05/05 15:21:39.0607 5740 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/05/05 15:21:39.0607 5740 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/05/05 15:21:39.0622 5740 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/05/05 15:21:39.0638 5740 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/05/05 15:21:39.0654 5740 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/05/05 15:21:39.0669 5740 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/05/05 15:21:39.0716 5740 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/05/05 15:21:39.0716 5740 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/05/05 15:21:39.0732 5740 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/05/05 15:21:39.0732 5740 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/05/05 15:21:39.0747 5740 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/05/05 15:21:39.0763 5740 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/05/05 15:21:39.0763 5740 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/05/05 15:21:39.0779 5740 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/05/05 15:21:39.0810 5740 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/05/05 15:21:39.0810 5740 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/05/05 15:21:39.0810 5740 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/05/05 15:21:39.0841 5740 e1kexpress (c08a912bc3257859516d2b71f5e29802) C:\WINDOWS\system32\DRIVERS\e1k5132.sys
2011/05/05 15:21:39.0982 5740 eeCtrl (089296aedb9b72b4916ac959752bdc89) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/05 15:21:40.0028 5740 EraserUtilDrvI10 (850259334652d392e33ee3412562e583) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI10.sys
2011/05/05 15:21:40.0075 5740 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/05/05 15:21:40.0122 5740 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/05/05 15:21:40.0138 5740 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/05/05 15:21:40.0138 5740 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/05/05 15:21:40.0185 5740 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/05/05 15:21:40.0185 5740 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/05/05 15:21:40.0200 5740 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/05/05 15:21:40.0247 5740 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/05/05 15:21:40.0247 5740 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/05/05 15:21:40.0278 5740 HidBatt (748031ff4fe45ccc47546294905feab8) C:\WINDOWS\system32\DRIVERS\HidBatt.sys
2011/05/05 15:21:40.0294 5740 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/05/05 15:21:40.0325 5740 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/05/05 15:21:40.0388 5740 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/05/05 15:21:40.0403 5740 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/05/05 15:21:40.0419 5740 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/05/05 15:21:40.0466 5740 iaStor (26541a068572f650a2fa490726fe81be) C:\WINDOWS\system32\drivers\iaStor.sys
2011/05/05 15:21:40.0482 5740 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/05/05 15:21:40.0497 5740 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/05/05 15:21:40.0497 5740 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/05/05 15:21:40.0513 5740 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/05/05 15:21:40.0528 5740 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/05/05 15:21:40.0544 5740 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/05/05 15:21:40.0560 5740 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/05/05 15:21:40.0575 5740 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/05/05 15:21:40.0591 5740 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/05/05 15:21:40.0607 5740 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/05/05 15:21:40.0607 5740 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/05/05 15:21:40.0622 5740 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/05/05 15:21:40.0622 5740 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/05/05 15:21:40.0653 5740 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/05/05 15:21:40.0669 5740 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/05/05 15:21:40.0700 5740 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/05/05 15:21:40.0700 5740 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/05/05 15:21:40.0700 5740 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/05/05 15:21:40.0716 5740 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/05/05 15:21:40.0716 5740 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/05/05 15:21:40.0747 5740 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/05/05 15:21:40.0778 5740 MRxDAV (e3f17e1ea5256709d4e97ef0da04b3c9) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/05/05 15:21:40.0825 5740 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/05/05 15:21:40.0841 5740 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/05/05 15:21:40.0872 5740 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/05/05 15:21:40.0903 5740 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/05/05 15:21:40.0919 5740 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/05/05 15:21:40.0919 5740 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/05/05 15:21:40.0935 5740 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/05/05 15:21:40.0982 5740 NAL (cbbbbcace1abda7336410df4ab3c74d7) C:\WINDOWS\system32\Drivers\iqvw32.sys
2011/05/05 15:21:41.0075 5740 NAVENG (c34e2a884ccca8b5567d0c2752527073) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110505.003\naveng.sys
2011/05/05 15:21:41.0200 5740 NAVEX15 (b3916eeec738dd4178f4fd6a44a32e36) C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20110505.003\navex15.sys
2011/05/05 15:21:41.0216 5740 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/05/05 15:21:41.0232 5740 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/05/05 15:21:41.0247 5740 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/05/05 15:21:41.0263 5740 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/05/05 15:21:41.0278 5740 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/05/05 15:21:41.0294 5740 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/05/05 15:21:41.0325 5740 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/05/05 15:21:41.0325 5740 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/05/05 15:21:41.0403 5740 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/05/05 15:21:41.0403 5740 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/05/05 15:21:41.0544 5740 nv (551f664b90d83e6822ddca0509b29bc5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/05/05 15:21:41.0638 5740 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/05/05 15:21:41.0653 5740 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/05/05 15:21:41.0669 5740 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/05/05 15:21:41.0685 5740 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/05/05 15:21:41.0716 5740 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/05/05 15:21:41.0731 5740 PBADRV (4088c1ecd1f54281a92fa663b0fdc36f) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
2011/05/05 15:21:41.0747 5740 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/05/05 15:21:41.0763 5740 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/05/05 15:21:41.0794 5740 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/05/05 15:21:41.0810 5740 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/05/05 15:21:41.0810 5740 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/05/05 15:21:41.0856 5740 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/05/05 15:21:41.0856 5740 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/05/05 15:21:41.0872 5740 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/05/05 15:21:41.0888 5740 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/05/05 15:21:41.0903 5740 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/05/05 15:21:41.0903 5740 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/05/05 15:21:41.0903 5740 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/05/05 15:21:41.0919 5740 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/05/05 15:21:41.0919 5740 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/05/05 15:21:41.0935 5740 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/05/05 15:21:41.0966 5740 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/05/05 15:21:41.0966 5740 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/05/05 15:21:41.0966 5740 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/05/05 15:21:41.0981 5740 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/05/05 15:21:41.0997 5740 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/05/05 15:21:41.0997 5740 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/05/05 15:21:42.0044 5740 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/05/05 15:21:42.0044 5740 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/05/05 15:21:42.0216 5740 SAVRT (12b6e269ef8ac8ea36122544c8a1b6d8) C:\Program Files\Symantec AntiVirus\savrt.sys
2011/05/05 15:21:42.0310 5740 SAVRTPEL (97e5b6f3f95465e1f59360b59d8ec64e) C:\Program Files\Symantec AntiVirus\Savrtpel.sys
2011/05/05 15:21:42.0356 5740 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/05/05 15:21:42.0356 5740 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/05/05 15:21:42.0372 5740 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/05/05 15:21:42.0388 5740 SFAUDIO (b6401608579b6431994425ba7653f774) C:\WINDOWS\system32\drivers\sfaudio.sys
2011/05/05 15:21:42.0388 5740 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/05/05 15:21:42.0419 5740 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/05/05 15:21:42.0450 5740 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/05/05 15:21:42.0513 5740 SPBBCDrv (677b10906838d3bfb1c07ac9087e4bf7) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
2011/05/05 15:21:42.0560 5740 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/05/05 15:21:42.0560 5740 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/05/05 15:21:42.0638 5740 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/05/05 15:21:42.0653 5740 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/05/05 15:21:42.0685 5740 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/05/05 15:21:42.0700 5740 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/05/05 15:21:42.0716 5740 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/05/05 15:21:42.0763 5740 SymEvent (de6d1102d55926354171ae4e73936725) C:\Program Files\Symantec\SYMEVENT.SYS
2011/05/05 15:21:42.0778 5740 SYMREDRV (6c0a85982f4e0d672b85a2bfb50a24b5) C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
2011/05/05 15:21:42.0810 5740 SYMTDI (cdda3ba3f7d5b63ff9f85cb478c11473) C:\WINDOWS\System32\Drivers\SYMTDI.SYS
2011/05/05 15:21:42.0825 5740 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/05/05 15:21:42.0841 5740 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/05/05 15:21:42.0856 5740 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/05/05 15:21:42.0888 5740 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/05/05 15:21:42.0903 5740 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/05/05 15:21:42.0919 5740 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/05/05 15:21:42.0919 5740 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/05/05 15:21:42.0919 5740 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/05/05 15:21:42.0934 5740 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/05/05 15:21:42.0934 5740 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/05/05 15:21:42.0981 5740 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/05/05 15:21:43.0013 5740 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/05/05 15:21:43.0044 5740 usbehci (4bac8df07f1d8434fc640e677a62204e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/05/05 15:21:43.0059 5740 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/05/05 15:21:43.0075 5740 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/05/05 15:21:43.0091 5740 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/05/05 15:21:43.0106 5740 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/05/05 15:21:43.0122 5740 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/05/05 15:21:43.0153 5740 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/05/05 15:21:43.0169 5740 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/05/05 15:21:43.0216 5740 WavxDMgr (81f117b7834fa0b78c2354208d185528) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
2011/05/05 15:21:43.0247 5740 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/05/05 15:21:43.0278 5740 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/05/05 15:21:43.0325 5740 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/05/05 15:21:43.0325 5740 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/05/05 15:21:43.0356 5740 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/05/05 15:21:43.0356 5740 ================================================================================
2011/05/05 15:21:43.0356 5740 Scan finished
2011/05/05 15:21:43.0356 5740 ================================================================================
2011/05/05 15:21:43.0372 2216 Detected object count: 1
2011/05/05 15:21:47.0231 2216 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/05/05 15:21:47.0231 2216 \HardDisk0 - ok
2011/05/05 15:21:47.0231 2216 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 7:48 pm

more_horiz
Hello.

  • Download combofix from here
    Link 1

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:

    JIT Debugger constantly appears CF_download_FF

    JIT Debugger constantly appears CF_download_rename

    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See HERE for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.

    JIT Debugger constantly appears Cf410

  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes

    JIT Debugger constantly appears Cf510

  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 8:33 pm

more_horiz
ComboFix 11-05-04.04 - lminnich 05/05/2011 16:19:26.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2776 [GMT -4:00]
Running from: c:\documents and settings\lminnich\Desktop\Combo-Fix.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-04-05 to 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 20:15 . 2011-05-05 20:16 -------- d-----r- C:\32788R22FWJFW
2011-05-03 20:50 . 2011-05-03 20:50 -------- d-----w- c:\documents and settings\lminnich\Application Data\Malwarebytes
2011-05-03 20:49 . 2011-05-03 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-03 20:49 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-03 20:49 . 2011-05-03 20:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-03 20:49 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 20:37 . 2011-05-05 20:12 -------- d-----w- c:\program files\Symantec
2011-05-03 20:29 . 2011-05-03 20:29 -------- d-----w- c:\program files\Common Files\Intel Corporation
2011-05-03 19:19 . 2011-05-05 20:13 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-03 19:19 . 2011-05-05 20:13 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-03 19:19 . 2011-05-05 20:13 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-03 19:19 . 2011-05-05 20:13 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-03 19:19 . 2011-05-05 20:13 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-03 19:19 . 2011-05-05 20:13 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-03 19:19 . 2011-05-05 20:13 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-03 19:19 . 2011-05-05 20:13 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-03 19:15 . 2011-05-05 20:12 -------- d-----w- c:\program files\Symantec AntiVirus
2011-05-03 16:53 . 2011-05-03 17:13 -------- d-----w- c:\program files\Lavasoft
2011-05-03 16:53 . 2011-05-03 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-03 16:47 . 2011-05-03 16:56 -------- d-----w- c:\windows\SxsCaPendDel
2011-05-03 16:41 . 2011-05-03 16:41 -------- d-----w- c:\documents and settings\lminnich\backups
2011-05-03 16:30 . 2011-05-03 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-03 16:30 . 2011-05-03 16:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-03 14:58 . 2011-05-03 14:58 0 ----a-w- c:\windows\Bjigo.bin
2011-05-03 10:50 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{023726F6-DB3D-43A6-AC98-9E2EBD8C8A0D}\mpengine.dll
2011-04-13 15:09 . 2011-04-13 15:09 -------- d-----w- c:\windows\ServicePackFiles
2011-04-13 10:54 . 2011-02-11 13:25 229888 -c----w- c:\windows\system32\dllcache\fxscover.exe
2011-04-13 10:53 . 2009-04-20 17:17 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-05 19:32 . 2010-08-16 20:39 0 ----a-w- c:\documents and settings\lminnich\Local Settings\Application Data\WavXMapDrive.bat
2011-04-11 07:04 . 2010-08-14 06:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-03-07 05:33 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-05 17:39 . 2011-03-05 17:39 323624 ----a-w- c:\windows\system32\wiaaut.dll
2011-03-04 06:45 . 2008-04-25 16:16 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:27 . 2008-04-25 16:16 1866880 ----a-w- c:\windows\system32\win32k.sys
2011-02-17 19:00 . 2008-04-25 16:16 832512 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 19:00 . 2008-04-25 16:16 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 19:00 . 2008-04-25 16:16 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-02-17 19:00 . 2008-04-25 16:16 17408 ----a-w- c:\windows\system32\corpol.dll
2011-02-17 13:18 . 2008-04-25 16:16 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2008-04-25 16:16 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2009-11-03 22:26 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-17 11:44 . 2008-04-25 16:16 389120 ----a-w- c:\windows\system32\html.iec
2011-02-15 12:56 . 2008-04-25 16:16 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-11 13:25 . 2008-04-25 21:26 229888 ----a-w- c:\windows\system32\fxscover.exe
2011-02-09 13:53 . 2008-04-25 16:16 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2008-04-25 16:16 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 23:03 . 2008-04-25 16:16 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-08 13:33 . 2008-04-25 16:16 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-05-05 20:13 . 2011-05-03 19:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-03_16.16.27 )))))))))))))))))))))))))))))))))))))))))
.
- 2010-04-25 20:53 . 2010-04-25 20:53 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 10:07 . 2008-07-29 10:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a\vcomp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 56656 c:\windows\WinSxS\amd64_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_22d6ba8a\vcomp90.dll
+ 2011-05-05 19:28 . 2011-05-05 19:28 16384 c:\windows\Temp\Perflib_Perfdata_4d8.dat
+ 2011-05-03 20:07 . 2011-05-03 20:29 48708 c:\windows\system32\Restore\rstrlog.dat
+ 2008-04-25 16:16 . 2011-05-05 19:34 96640 c:\windows\system32\perfc009.dat
- 2008-04-25 16:16 . 2011-05-03 15:46 96640 c:\windows\system32\perfc009.dat
+ 2011-05-03 16:47 . 2011-05-03 16:47 77610 c:\windows\Installer\{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}\_853F67D554F05449430E7E.exe
+ 2010-08-13 19:02 . 2011-05-05 19:28 77824 c:\windows\Installer\{922E8525-AC7E-4294-ACAA-43712D4423C0}\ARPPRODUCTICON.exe
- 2010-08-13 19:02 . 2011-05-03 15:42 77824 c:\windows\Installer\{922E8525-AC7E-4294-ACAA-43712D4423C0}\ARPPRODUCTICON.exe
- 2010-08-13 19:32 . 2010-08-13 19:32 40960 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2011-05-03 20:37 . 2011-05-03 20:37 40960 c:\windows\Installer\{33CFCF98-F8D6-4549-B469-6F4295676D83}\DTIcon.ECFEE69D_DA66_4F00_ABE5_54E931059C01.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 45056 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\NSD.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 81920 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\Notes.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 81920 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\NMinder.exe
+ 2011-05-03 16:47 . 2011-05-03 16:47 24576 c:\windows\assembly\NativeImages_v2.0.50727_32\WiaProxy32\532129adc468bdf4195e5b25a09907a9\WiaProxy32.ni.exe
- 2011-04-13 16:20 . 2011-04-13 16:20 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\cf20d6f118507cdab44b3ce19452f640\Interop.WIA.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\Interop.WIA\cf20d6f118507cdab44b3ce19452f640\Interop.WIA.ni.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 07:54 . 2008-07-29 07:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2010-04-25 20:53 . 2010-04-25 20:53 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
- 2010-04-25 20:53 . 2010-04-25 20:53 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2011-03-05 17:39 . 2011-03-05 17:39 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
- 2010-04-25 20:54 . 2010-04-25 20:54 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2008-04-25 16:16 . 2011-05-05 19:34 527962 c:\windows\system32\perfh009.dat
- 2008-04-25 16:16 . 2011-05-03 15:46 527962 c:\windows\system32\perfh009.dat
+ 2011-05-03 16:53 . 2011-05-03 16:53 236032 c:\windows\Installer\1ca0d5.msi
+ 2011-05-03 16:47 . 2011-05-03 16:47 490496 c:\windows\Installer\1ca0ce.msi
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\SymphonySpreadshee_D331AD7AD6014BEA9A187971BA261297.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\SymphonyPresentati_1ECCD1367CBB42BC820233B3739C4798.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\SymphonyDoc_AAC178BAA5E04D969A1A482B48036634.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\DesktopSymphonySpr_18DEE151C1BB490D8D834E9A0A89EF87.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\DesktopSymphonyPre_D5E2A700C3EB4D76B9237901B828BF50.exe
+ 2011-05-03 19:51 . 2011-05-03 19:51 372526 c:\windows\Installer\{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}\DesktopSymphonyDoc_E969461C078743B7A812E13505EB270E.exe
+ 2011-05-03 16:47 . 2011-05-03 16:47 900096 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\c32eba445e6640bfc465cac59c0271ba\PaintDotNet.SystemLayer.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 161280 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.SystemL#\3c57f5d32cb471d396bb7a304318d2cb\PaintDotNet.SystemLayer.Native.x86.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 388608 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Resourc#\73348fe40ea2d408366f74ae78b65bd0\PaintDotNet.Resources.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 813056 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Effects\b99487ca282a09e1f63ad11beb0027d7\PaintDotNet.Effects.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 568832 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Data\93c057b65c12b64f3017f0fb1f9efc11\PaintDotNet.Data.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 816128 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Base\a9ef3fb4de6a3204e56e0360dfeba511\PaintDotNet.Base.ni.dll
+ 2011-05-03 16:47 . 2011-05-03 16:47 547840 c:\windows\assembly\NativeImages_v2.0.50727_32\ICSharpCode.SharpZi#\3cb07e90616718a52c7b49129bb47c92\ICSharpCode.SharpZipLib.ni.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 12:05 . 2008-07-29 12:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2010-08-11 16:36 . 2010-08-11 16:36 6756352 c:\windows\Installer\6fdd.msi
+ 2011-05-03 19:51 . 2011-05-03 19:51 6753280 c:\windows\Installer\2eb73.msi
+ 2011-05-03 16:47 . 2011-05-03 16:47 3192832 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet\9ac4376f36a56ab3d0f70e32cf7a05d4\PaintDotNet.ni.exe
+ 2011-05-03 16:47 . 2011-05-03 16:47 1850880 c:\windows\assembly\NativeImages_v2.0.50727_32\PaintDotNet.Core\0cb76270ad755bebad3eb936bf70ba7f\PaintDotNet.Core.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 16:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-03-04 1657448]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-10 13918208]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-04-14 159616]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-04-05 34232]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-23 620152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)
"HideShutdownScripts"= 1 (0x1)
"MaxGPOScriptWait"= 120 (0x78)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-261478967-725345543-1241\Scripts\Logon\0\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-261478967-725345543-2652\Scripts\Logon\0\0]
"Script"=Launchapp.wsf
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2052111302-261478967-725345543-2652\Scripts\Logon\1\0]
"Script"=login.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [8/3/2010 2:49 PM 24064]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [8/3/2010 11:14 AM 13336]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\IBM\Lotus\Notes\nsd.exe [8/11/2010 10:26 AM 3417480]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [8/3/2010 2:49 PM 166568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/25/2008 12:16 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
*Deregistered* - SAVRT
*Deregistered* - SAVRTPEL
*Deregistered* - SPBBCDrv
*Deregistered* - SymEvent
*Deregistered* - SYMREDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://intranet
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: aol.com\login.oscar
Trusted Zone: google.com
Trusted Zone: microsoft.com
Trusted Zone: yahoo.com
FF - ProfilePath - c:\documents and settings\lminnich\Application Data\Mozilla\Firefox\Profiles\aepyyss8.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://intranet/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-05 16:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.EXE'(3192)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinZip\wzshlstb.dll
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\ContextMenuItem.dll
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\VaultServer.dll
c:\windows\system32\wxvault.dll
c:\program files\Adobe\Acrobat 8.0\Acrobat Elements\ContextMenu.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
Completion time: 2011-05-05 16:22:29
ComboFix-quarantined-files.txt 2011-05-05 20:22
ComboFix2.txt 2011-05-03 16:20
.
Pre-Run: 110,040,719,360 bytes free
Post-Run: 110,686,695,424 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 756F5C7CAEF3912892441AD364EB0B84

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 8:57 pm

more_horiz
Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :files
    c:\windows\Bjigo.bin


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 9:20 pm

more_horiz
========== FILES ==========
c:\windows\Bjigo.bin moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 05052011_172004

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears5th May 2011, 9:52 pm

more_horiz
Hello.

Run ESET Online Scan
Please do an online scan with ESET Online Scanner. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears6th May 2011, 7:33 pm

more_horiz
I am unsure what yo mean, you said to tick the remove threats, but since it was already ticked, i unticked it, but after spending all that time, i assume you meant make sure it was ticked or not?

Anyway, this is the log.

Should I redo it and make sure remove is ticked this time around?

C:\Qoobox\Quarantine\C\WINDOWS\msvcul.dll.vir a variant of Win32/Kryptik.NKH trojan
C:\Qoobox\Quarantine\C\WINDOWS\uqeboxagijo.dll.vir a variant of Win32/Kryptik.NKG trojan
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP110\A0019479.dll a variant of Win32/Kryptik.NKH trojan
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP110\A0019480.dll a variant of Win32/Kryptik.NKG trojan

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears6th May 2011, 7:49 pm

more_horiz
Hello.

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Java(TM) 6 Update 20

Just need to update a few programs now.

Updating Java:

  • Download the latest version of Java SE Runtime Environment (JRE) 6 Update 25.
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select your platform, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u25-windows-i586.exe that you downloaded to install the newest version.

Please download Firefox 4.0.1 and install it. It will install over version 4.0 you currently have installed, so you won't lose any bookmarked websites.

How is the machine running now?

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears6th May 2011, 7:57 pm

more_horiz
I haven;t seen any JIT alerts as of the last root kit removal, but those trojans eset found are worrisome, especiall; the ones in the system restore points. i'll run those commands now. any i need to do after those aforementioned steps to get those removed? i think i need to remove our group policies as our domain doesnt allow the turning off of restore points. the first thing i trtied was an earlier restore point as a few days ago, norton stopped updating itself, but eeach time, it failed, it would seeminly do it, then give a generic error saying oit failed pelase try another day.

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears6th May 2011, 8:19 pm

more_horiz
Hello.
The files ESET found were the Combofix quarantine and system restore. The Combofix quarantine is harmless, the Combofix /uninstall will remove them.

You can put your policies back after, but system restore needs resetting to remove the infected restore points.

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears6th May 2011, 9:05 pm

more_horiz
So after updating those things, there shouldn't be anything left for me to do?

Please advise b/c it seems much better actually!

Much thanks to you!

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears7th May 2011, 2:05 pm

more_horiz
Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • SpywareBlaster
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
  • Spybot - Search & Destroy.
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:
Thank you for choosing GeekPolice. Please leave feedback!

............................................................................................

Site Admin / Security Administrator

Virus Removal ~ OS Support ~ Have we helped you? Help us! ~ GeekChat
- Please PM me if I fail to respond within 24hrs.
JIT Debugger constantly appears DXwU4
JIT Debugger constantly appears VvYDg

descriptionJIT Debugger constantly appears EmptyRe: JIT Debugger constantly appears

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum