Jump to content

Dave Aponte

Members
  • Content Count

    13
  • Joined

  • Last visited

About Dave Aponte

  • Rank
    Member

Previous Fields

  • System Specifications:
    Dell 4600 WIN XP Home Edition 32bit, 2.4GB, HD 120GB, CDRW,
  1. Sweet tech, Thank you for all your help I really appreciate it. You can officially close the thread.
  2. Sweet Tech, Here is the information you requested. 1) So after performing all these scans is the computer safe and all the malware, anti-spyware, ad aware, and viruses cleaned? Is it back to normal? Is it recommended to run a defrag? 2)Here is the log for malware-bytes: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4304 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/11/2010 9:40:07 PM mbam-log-2010-07-11 (21-40-07).txt Scan type: Quick scan Objects scanned: 159138 Time elapsed: 15 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 3) Here is the log for ESET Scan log: C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir Win32/Olmarik.ZC trojan 4 Here is the log for Security Check scan log: Results of screen317's Security Check version 0.99.4 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 Trend Micro Internet Security ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware Java 6 Update 21 Out of date Java installed! Adobe Flash Player 10.1.53.64 Adobe Reader 8.1.1 Adobe Reader 9.3.3 Mozilla Firefox (3.6.6) ```````````````````````````````` Process Check: objlist.exe by Laurent Trend Micro Internet Security SfCtlCom.exe Trend Micro Internet Security TmProxy.exe Trend Micro Internet Security TmPfw.exe Trend Micro Internet Security UfSeAgnt.exe Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe Trend Micro BM TMBMSRV.exe Trend Micro Internet Security UfNavi.exe Trend Micro Internet Security UfUpdUi.exe ```````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) ``````````End of Log```````````` 5) Here is the log for the OTL Custom scan: OTL logfile created on: 7/12/2010 8:07:56 PM - Run 2 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 159.00 Mb Available Physical Memory | 21.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 35.47 Gb Free Space | 47.61% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded Drive F: | 121.28 Mb Total Space | 120.21 Mb Free Space | 99.12% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-CL3SQDQ9W3 Current User Name: Victor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\UfNavi.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe () PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company) PRC - C:\WINDOWS\system32\ScsiAccess.EXE () PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio) PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll () MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.) MOD - C:\Documents and Settings\Victor\Local Settings\TempIadHide3.dll (BackWeb) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company) SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE () ========== Driver Services (SafeList) ========== DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (catchme) -- C:\ComboFix\catchme.sys File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company) DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company) DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company) DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company) DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company) DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company) DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio) DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio) DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio) DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio) DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio) DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.google.com/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..network.proxy.no_proxies_on: "localhost" FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/11 13:59:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 16:26:10 | 000,000,000 | ---D | M] [2010/07/11 14:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions [2008/10/01 23:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions\home2@tomtom.com [2005/09/01 22:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions [2005/09/01 22:28:08 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/11 14:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\764a4cfu.default\extensions [2010/07/11 16:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/07/11 16:26:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010/07/11 16:25:49 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2010/07/11 19:43:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.) O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.) O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe () O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe (Trend Micro Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: bing.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: firefox.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: mozilla.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir (MetaStreamCtl Class) O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB (Controller Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation) Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point (17183528496136192) ========== Files/Folders - Created Within 30 Days ========== [2010/07/11 21:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2010/07/11 20:59:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2010/07/11 19:58:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll [2010/07/11 19:15:08 | 000,000,000 | RHSD | C] -- C:\cmdcons [2010/07/11 19:09:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2010/07/11 19:09:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2010/07/11 19:09:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2010/07/11 19:09:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2010/07/11 19:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/07/11 19:06:55 | 000,000,000 | ---D | C] -- C:\Qoobox [2010/07/11 17:29:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/07/11 17:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp [2010/07/11 17:15:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7 [2010/07/11 16:47:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\OTL.exe [2010/07/11 16:46:54 | 000,000,000 | ---D | C] -- C:\New Folder [2010/07/11 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2010/07/11 16:26:10 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010/07/11 16:26:10 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010/07/11 16:26:10 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010/07/11 16:26:10 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe [2010/07/11 16:26:10 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010/07/11 16:10:18 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Victor\Desktop\jre-6u21-windows-i586.exe [2010/07/11 14:43:16 | 000,000,000 | ---D | C] -- C:\_OTL [2010/07/11 01:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\GMER [2010/07/11 00:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\OTL [2010/07/10 00:09:05 | 000,000,000 | ---D | C] -- C:\HJT [2010/07/07 22:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Malwarebytes [2010/07/07 22:31:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/07/07 22:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/07/07 22:30:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/07/07 22:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/07/07 21:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\SUPERAntiSpyware.com [2010/07/07 21:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com [2010/07/07 21:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware [2010/07/07 21:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\My Documents\Downloads [2010/07/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe [2010/07/04 13:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\My Pictures [2010/07/04 12:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2010/07/02 14:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2010/07/02 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2010/07/02 14:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP [2010/07/01 22:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Registry Mechanic [2010/06/30 22:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010/06/30 21:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic [2010/06/27 18:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2010/06/27 18:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Local Settings\Application Data\Yahoo [2010/06/27 14:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Yahoo! [2010/06/26 23:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun [2010/06/26 23:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Local Settings\Application Data\Mozilla [2010/06/26 21:42:21 | 000,402,432 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211BU.sys [2010/06/26 21:42:20 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPN50.DLL [2010/06/26 21:42:20 | 000,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50.sys [2010/06/26 21:42:20 | 000,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50.sys [2010/06/26 21:42:20 | 000,017,151 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPNDIS5.SYS [2010/06/26 21:42:19 | 000,031,744 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50a64.sys [2010/06/26 21:42:19 | 000,029,184 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50a64.sys [2010/06/26 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\ZyDAS Technology Corporation [2010/06/26 20:44:25 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys [2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/07/12 20:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job [2010/07/12 20:14:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8788D58D-8F45-4012-8C2E-7A7CFCAEFCDE}.job [2010/07/12 19:52:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/07/12 19:47:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3F2F4CB4-F961-4B94-85B3-45E624F5CC1D}.job [2010/07/12 19:43:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/07/12 19:43:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/07/12 19:41:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/07/12 19:41:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/07/12 19:41:33 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys [2010/07/11 23:56:28 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Victor\ntuser.dat [2010/07/11 23:56:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Victor\ntuser.ini [2010/07/11 21:17:56 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Internet explorer.lnk [2010/07/11 20:53:06 | 001,038,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/07/11 20:50:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/07/11 19:43:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini [2010/07/11 19:43:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/07/11 19:15:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2010/07/11 17:39:24 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to Internet Explorer.lnk [2010/07/11 17:36:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to IE8-Setup-Full.lnk [2010/07/11 16:25:48 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll [2010/07/11 16:25:48 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe [2010/07/11 16:25:48 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe [2010/07/11 16:25:48 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe [2010/07/11 16:25:48 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl [2010/07/11 16:12:52 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Victor\Desktop\jre-6u21-windows-i586.exe [2010/07/11 13:58:25 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/11 13:58:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/07/11 12:35:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job [2010/07/11 00:09:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010/07/10 14:40:21 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\Welcome to IE8.url [2010/07/10 01:00:16 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk [2010/07/07 22:31:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/07 22:14:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/07/07 21:17:23 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/07/06 14:36:33 | 3144,386,349 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\2010 Backup-2010-Jul-06.ZIP [2010/07/05 18:25:24 | 000,000,000 | ---- | M] () -- C:\MY BACKUP-2010-Jul-05Disk#1 [2010/06/30 21:59:22 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010/06/27 21:19:23 | 000,570,214 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/06/27 21:19:23 | 000,469,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/06/27 21:19:23 | 000,092,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/06/26 21:42:22 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/07/11 21:18:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\Welcome to IE8.url [2010/07/11 21:17:15 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Internet explorer.lnk [2010/07/11 19:15:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2010/07/11 19:15:10 | 000,260,272 | ---- | C] () -- C:\cmldr [2010/07/11 19:09:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe [2010/07/11 19:09:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2010/07/11 19:09:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2010/07/11 19:09:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe [2010/07/11 19:09:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2010/07/11 17:39:24 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to Internet Explorer.lnk [2010/07/11 17:36:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to IE8-Setup-Full.lnk [2010/07/11 13:58:25 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/07/11 13:58:25 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk [2010/07/10 00:14:03 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk [2010/07/07 22:31:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/07/07 21:17:23 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk [2010/07/06 14:22:03 | 3144,386,349 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\2010 Backup-2010-Jul-06.ZIP [2010/07/05 18:25:24 | 000,000,000 | ---- | C] () -- C:\MY BACKUP-2010-Jul-05Disk#1 [2010/06/30 22:47:04 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/06/30 22:47:03 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/06/27 18:56:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk [2010/06/27 10:50:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job [2010/06/26 21:42:22 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk [2010/06/26 21:42:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe [2010/06/26 21:42:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll [2010/06/26 21:42:17 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL [2008/12/18 20:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI [2008/09/16 03:05:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2007/09/04 00:49:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI [2007/08/06 18:56:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\pccillin.ini [2007/04/01 22:07:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2006/10/25 20:31:04 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI [2006/03/17 19:31:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Victor.ini [2006/01/09 23:01:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini [2005/11/02 23:10:30 | 000,002,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2005/05/17 21:55:17 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll [2005/05/17 21:55:17 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini [2005/05/17 21:54:38 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini [2005/04/23 22:57:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2005/04/23 22:57:14 | 000,000,665 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2005/04/23 22:07:25 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/04/22 22:04:56 | 000,000,563 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI [2005/04/22 21:53:33 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI [2005/04/22 21:34:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll [2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll [2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll [2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll [2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll [2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll [2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll [2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2002/11/26 21:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll [2002/11/26 21:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll [2002/11/26 21:11:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll [2002/11/26 21:11:38 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll [2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini [2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini [2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll [2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll [1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini [1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll [1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2006/03/20 23:01:50 | 000,030,539 | ---- | M] () -- C:\22_21A.jpg [2006/07/06 19:13:02 | 021,290,704 | ---- | M] ( ) -- C:\AdbeRdr708_en_US.exe [2009/05/03 01:57:45 | 000,001,846 | ---- | M] () -- C:\ASLog.txt [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2010/05/24 20:21:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak [2010/07/11 19:15:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr [2010/07/11 19:55:07 | 000,022,959 | ---- | M] () -- C:\ComboFix.txt [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2007/03/13 21:28:16 | 000,000,770 | ---- | M] () -- C:\devicetable.log [2010/07/12 19:41:33 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys [2007/02/06 13:21:28 | 000,000,170 | ---- | M] () -- C:\INSTALL.LOG [2005/04/22 20:45:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2010/07/11 16:40:09 | 000,000,643 | ---- | M] () -- C:\JavaRa.log [2005/04/23 22:43:40 | 000,000,017 | ---- | M] () -- C:\log.txt [2005/04/22 20:45:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2010/07/05 18:25:24 | 000,000,000 | ---- | M] () -- C:\MY BACKUP-2010-Jul-05Disk#1 [2008/12/15 21:51:06 | 000,000,571 | ---- | M] () -- C:\NTDClient.log [2005/05/09 23:01:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2008/09/22 13:11:13 | 000,250,048 | ---- | M] () -- C:\ntldr [2010/07/11 00:09:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe [2010/07/12 19:41:32 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys [2006/07/06 19:11:44 | 007,050,552 | ---- | M] (Adobe Systems, Inc. ) -- C:\psa30se_en_us.exe [2007/01/27 21:47:48 | 000,037,283 | ---- | M] () -- C:\VETlog.dmp [2007/01/27 21:47:48 | 000,002,130 | ---- | M] () -- C:\VETlog.txt [2009/07/07 21:16:38 | 003,953,152 | ---- | M] () -- C:\WonderfulWorldofColors.pps [2006/07/06 19:11:16 | 000,762,512 | ---- | M] () -- C:\ytb612_efgsip.exe < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2005/04/22 20:45:28 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp > < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2006/05/01 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD87.DLL [2006/05/01 01:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP87.DLL < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > [2005/01/30 11:50:26 | 000,012,151 | ---- | M] () -- C:\WINDOWS\system32\logoxp.jpg < %systemroot%\*.scr > < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > [2010/06/27 10:43:12 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\LastFlashConfig.WFC < %PROGRAMFILES%\*.* > [2006/02/11 11:38:09 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll [2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll [2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2005/04/22 16:35:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav [2005/04/22 16:35:41 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2005/04/22 16:35:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav < %systemroot%\system32\user32.dll /md5 > [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-12 00:50:29 < > < End of report > 6) The computer seems to be running fine. I don't see those previous issues with the browsers.
  3. I was able to download and run COMBOFIX and here is the log. I ComboFix 10-07-11.03 - Victor 07/11/2010 19:27:01.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.519 [GMT -4:00] Running from: c:\documents and settings\Victor\My Documents\Downloads\ComboFix.exe AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\back4win\zipsfx32.bin c:\documents and settings\Victor\GoToAssistDownloadHelper.exe c:\program files\Internet Explorer\OLD83.tmp c:\program files\Internet Explorer\OLDB9.tmp c:\program files\Internet Explorer\OLDCD.tmp C:\Thumbs.db c:\windows\Downloaded Program Files\RdxIE.dll c:\windows\jestertb.dll c:\windows\patch.exe c:\windows\system32\service c:\windows\system32\service\18062009_TIS17_SfFniAU.log c:\windows\xpsp1hfm.log Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected Restored copy from - Kitty had a snack . ((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 ))))))))))))))))))))))))))))))) . 2010-07-11 23:39 . 2010-07-11 23:39 -------- d-----w- c:\windows\LastGood 2010-07-11 21:29 . 2010-07-11 21:30 -------- dc-h--w- c:\windows\ie8 2010-07-11 21:28 . 2010-07-11 21:32 -------- d--h--w- c:\windows\msdownld.tmp 2010-07-11 20:47 . 2010-07-11 04:09 574976 ----a-w- C:\OTL.exe 2010-07-11 20:46 . 2010-07-11 20:46 -------- d-----w- C:\New Folder 2010-07-11 20:26 . 2010-07-11 20:26 -------- d-----w- c:\program files\Common Files\Java 2010-07-11 20:26 . 2010-07-11 20:25 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-11 18:43 . 2010-07-11 21:10 -------- d-----w- C:\_OTL 2010-07-10 04:09 . 2010-07-10 04:14 -------- d-----w- C:\HJT 2010-07-08 02:32 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\Victor\Application Data\Malwarebytes 2010-07-08 02:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 02:30 . 2010-07-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-07-08 02:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 02:30 . 2010-07-08 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com 2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-07-05 02:42 . 2010-07-11 23:36 -------- d-----w- c:\documents and settings\back4win 2010-07-05 02:42 . 2010-07-05 02:42 1735 ----a-w- c:\documents and settings\back4win\unins000.dat 2010-07-04 16:32 . 2010-07-04 16:33 -------- d-----w- c:\windows\system32\NtmsData 2010-07-02 18:00 . 2010-07-02 18:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-07-02 18:00 . 2010-07-02 18:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-07-02 18:00 . 2010-07-02 18:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-02 02:11 . 2010-07-02 02:11 -------- d-----w- c:\documents and settings\Victor\Application Data\Registry Mechanic 2010-06-27 22:43 . 2010-06-27 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-06-27 22:09 . 2010-06-27 22:09 -------- d-----w- c:\documents and settings\Victor\Local Settings\Application Data\Yahoo 2010-06-27 18:12 . 2010-06-27 18:12 -------- d-----w- c:\documents and settings\Victor\Application Data\Yahoo! 2010-06-27 03:07 . 2010-06-27 03:07 -------- d-----w- c:\documents and settings\Victor\Local Settings\Application Data\Mozilla 2010-06-27 01:42 . 2005-10-28 15:38 402432 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys 2010-06-27 01:42 . 2005-06-08 22:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys 2010-06-27 01:42 . 2004-10-25 17:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys 2010-06-27 01:42 . 2004-01-14 15:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS 2010-06-27 01:42 . 2004-01-14 15:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL 2010-06-27 01:42 . 2005-06-08 22:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys 2010-06-27 01:42 . 2005-03-18 19:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys 2010-06-27 01:42 . 2003-03-14 16:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe 2010-06-27 01:42 . 2010-06-27 01:42 -------- d-----w- c:\program files\ZyDAS Technology Corporation 2010-06-27 01:42 . 2005-07-12 18:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL 2010-06-27 01:42 . 2004-03-23 20:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll 2010-06-27 00:44 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-06-27 00:44 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-06-12 03:29 . 2010-06-12 03:29 -------- d-----w- c:\windows\system32\wbem\Repository . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-11 20:39 . 2006-07-16 03:11 -------- d-----w- c:\program files\Java 2010-07-11 20:26 . 2010-07-11 20:26 503808 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\msvcp71.dll 2010-07-11 20:26 . 2010-07-11 20:26 499712 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\jmc.dll 2010-07-11 20:26 . 2010-07-11 20:26 348160 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\msvcr71.dll 2010-07-11 20:26 . 2010-07-11 20:26 61440 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4230c3f0-n\decora-sse.dll 2010-07-11 20:26 . 2010-07-11 20:26 12800 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4230c3f0-n\decora-d3d.dll 2010-07-10 04:14 . 2010-07-10 04:14 388096 ----a-r- c:\documents and settings\Victor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-07-08 01:19 . 2010-07-08 01:19 63488 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll 2010-07-08 01:19 . 2010-07-08 01:19 52224 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll 2010-07-08 01:19 . 2010-07-08 01:19 117760 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2010-07-05 02:42 . 2002-02-10 05:00 72835 ----a-w- c:\documents and settings\back4win\unins000.exe 2010-07-02 18:00 . 2010-04-29 04:07 -------- d-----w- c:\program files\Common Files\PC Tools 2010-07-02 18:00 . 2009-01-01 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2010-07-02 18:00 . 2005-06-07 00:52 -------- d-----w- c:\program files\Yahoo! 2010-07-02 17:59 . 2005-10-24 23:24 -------- d-----w- c:\program files\Google 2010-06-27 22:49 . 2008-06-12 13:51 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-06-27 22:44 . 2010-06-27 22:44 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-06-27 02:25 . 2010-06-09 22:08 -------- d-----w- c:\program files\Ask.com 2010-06-27 01:42 . 2005-04-23 01:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-12 03:28 . 2010-06-09 22:36 -------- d-----w- c:\documents and settings\Victor\Application Data\BitTorrent 2010-05-15 13:12 . 2006-09-14 02:12 -------- d-----w- c:\documents and settings\Diane\Application Data\Apple Computer 2010-05-04 01:53 . 2009-03-02 19:31 1 ----a-w- c:\documents and settings\Victor\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-04-13 00:40 . 2010-04-13 00:40 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe 2010-04-13 00:10 . 2010-04-13 00:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe 2006-02-11 15:38 . 2006-02-11 15:38 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920] "OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-12-17 53248] "BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632] "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-20 227328] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760] "Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920] "UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] c:\documents and settings\Diane\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-4-9 598150] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-3-13 16384] tisspwiz.lnk - c:\program files\Trend Micro\Internet Security\tisspwiz.exe [2009-11-29 1094408] ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2010-6-26 495616] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656] R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/29/2009 2:39 AM 36368] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:24 PM 24652] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/29/2009 2:39 AM 339984] R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/29/2009 2:52 AM 50704] R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [11/29/2009 2:53 AM 497008] R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/29/2009 2:53 AM 689416] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 10:47 PM 135664] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-07-11 c:\windows\Tasks\Disk Cleanup.job - c:\windows\system32\cleanmgr.exe [2008-09-16 00:12] 2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 02:46] 2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 02:46] 2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{3F2F4CB4-F961-4B94-85B3-45E624F5CC1D}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] 2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{8788D58D-8F45-4012-8C2E-7A7CFCAEFCDE}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] 2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = localhost Trusted Zone: bing.com\www Trusted Zone: firefox.com Trusted Zone: microsoft.com\*.update Trusted Zone: microsoft.com\*.windowsupdate Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: mozilla.com Trusted Zone: windowsupdate.com Trusted Zone: windowsupdate.com\download FF - ProfilePath - c:\documents and settings\Victor\Application Data\Mozilla\Firefox\Profiles\764a4cfu.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-11 19:43 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1220945662-113007714-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(972) c:\program files\SUPERAntiSpyware\SASWINLO.DLL - - - - - - - > 'explorer.exe'(3920) c:\docume~1\Victor\LOCALS~1\TempIadHide3.dll c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll c:\program files\Common Files\Motive\McciContextHook_DSR.dll c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\drivers\KodakCCS.exe c:\program files\Common Files\Motive\McciCMService.exe c:\windows\system32\ScsiAccess.EXE c:\program files\Trend Micro\Internet Security\SfCtlCom.exe c:\windows\system32\fxssvc.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\program files\Trend Micro\BM\TMBMSRV.exe c:\windows\BCMSMMSG.exe c:\program files\Microsoft ActiveSync\wcescomm.exe c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2010-07-11 19:55:06 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-11 23:55 Pre-Run: 38,849,363,968 bytes free Post-Run: 38,655,004,672 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 2F51BA9CA98F638B76C87F669E103BDC I will now attempt to open my browser and try to surf the net to see if the problem has been resolved. I also need to find my Internet Explorer Icon is not on my desktop or my start Menu. How can I put it in my Start menu or create a shortcut?
  4. So i have tried to download the zip version TDSSKiller but to no avail. Then when I down load the tdsskiller.exe and i go to save it, doesn't allow me. Any other suggestions?
  5. Here is the log for OTL Fix. All processes killed ========== SERVICES/DRIVERS ========== ========== OTL ========== Prefs.js: "http://localhost,127.0.0.1" removed from network.proxy.no_proxies_on Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Motive SmartBridge deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sonic RecordNow! deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully. Starting removal of ActiveX control {74D05D43-3236-11D4-BDCD-00C04F9A3B61} C:\WINDOWS\Downloaded Program Files\xscan.inf not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found. Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found. Starting removal of ActiveX control {C32F59BF-180B-416A-ABF7-161060990A88} C:\WINDOWS\Downloaded Program Files\cVOLUpdate.inf moved successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C32F59BF-180B-416A-ABF7-161060990A88}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C32F59BF-180B-416A-ABF7-161060990A88}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C32F59BF-180B-416A-ABF7-161060990A88}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C32F59BF-180B-416A-ABF7-161060990A88}\ not found. File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found. Starting removal of ActiveX control Microsoft XML Parser for Java Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF . Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b450097-e026-11dc-96e3-0007e9540d2b}\ not found. File G:\InstallTomTomHOME.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{906b98ba-e416-11dc-96e5-0007e9540d2b}\ not found. File F:\setupSNK.exe not found. ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: back4win User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Diane ->Temp folder emptied: 8376893 bytes ->Temporary Internet Files folder emptied: 260023122 bytes ->Java cache emptied: 43707 bytes ->Flash cache emptied: 8824 bytes User: Guest ->Temp folder emptied: 319577 bytes ->Temporary Internet Files folder emptied: 250975632 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 3959 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 1659913 bytes User: NetworkService ->Temp folder emptied: 1866 bytes ->Temporary Internet Files folder emptied: 32598039 bytes ->Flash cache emptied: 2021 bytes User: Robert ->Temp folder emptied: 6896481 bytes ->Temporary Internet Files folder emptied: 140777809 bytes ->Flash cache emptied: 16707 bytes User: Victor ->Temp folder emptied: 271882811 bytes ->Temporary Internet Files folder emptied: 48077487 bytes ->Java cache emptied: 452911 bytes ->FireFox cache emptied: 61723589 bytes ->Flash cache emptied: 551929 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1165502 bytes %systemroot%\System32 .tmp files removed: 27139849 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 76890087 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes RecycleBin emptied: 1965818 bytes Total Files Cleaned = 1,137.00 mb [EMPTYFLASH] User: All Users User: back4win User: Default User ->Flash cache emptied: 0 bytes User: Diane ->Flash cache emptied: 0 bytes User: Guest ->Flash cache emptied: 0 bytes User: LocalService User: NetworkService ->Flash cache emptied: 0 bytes User: Robert ->Flash cache emptied: 0 bytes User: Victor ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0.00 mb OTL by OldTimer - Version 3.2.9.0 log created on 07112010_164850 Files\Folders moved on Reboot... Registry entries deleted on Reboot... I have been unable to download the TDSSKiller from the link you provided. S
  6. Sweet Tech, My Trend Micro Internet Security has found the 5 TDSSKILLER.exe Virus. It's called Cryp.XED -16. It has been quarantine. Should I now delete them? If so, once deleted do you still want me to run the TDSS Killer? Here is the OTL Fix Log. All processes killed Error: Unable to interpret <:Services:OTLFF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1"O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not foundO4 - HKCU..\Run: [sonic RecordNow!] File not foundO4 - HKLM..\RunOnceEx: [] File not foundO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (Reg Error: Key error.)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.veri...pdate_1-0-0.cab (Reg Error: Value error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O33 - MountPoints2\{2b450097-e026-11dc-96e3-> in the current context! Error: Unable to interpret <0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not foundO33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found:Reg:Files:Commands[purity][emptytemp][EMPTYFLASH][start explorer][Reboot]> in the current context! Error: Unable to interpret <3.Push > in the current context! OTL by OldTimer - Version 3.2.9.0 log created on 07112010_144316 Files\Folders moved on Reboot... Registry entries deleted on Reboot... Please let me know what else to do.
  7. Sweet Tech, Here is the Error message I receive on my browser. Maybe this piece of information might help you expedite the problem quicker. http://www.bing.com/search?q=2%C2%A4@*%08+%23%E2%80%98%07W%C2%90%25%12%C3%BF%C2%AF%C3%ABl%C2%90%C2%BB%22R%3CQ%C3%94%C3%91%C2%B8%C2%BC%C2%AA%24%15%E2%80%98%7Fu%C5%A0d%0B%25%C2%A9h%E2%80%98v%E2%80%9DxE%C2%ACb%E2%80%A1%C3%A5&src=IE-SearchBox&FORM=IE8SRC
  8. Hi Sweet Tech, Thank you for taking the time and opportunity to assist me with this issue. I will answer your questions in the order they were asked. 1)After running the OTL and GMER scans it appears that the issue still persists. I opened my browser and it was populated with the homepage that seemed okay. When i entered a search using bing (search engine) i received the exact error message as previously mentioned. 2) Here are the logs for OTL after the scan was performed. a) EXTRAS: OTL Extras logfile created on: 7/11/2010 12:10:38 AM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 18.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 35.38 Gb Free Space | 47.49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-CL3SQDQ9W3 Current User Name: Victor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- () "C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- () "C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- () "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971 -- () "C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found "C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found "C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- () "C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger -- File not found "C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Disabled:Logitech Harmony Remote Software V5 -- () "C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Disabled:Logitech Harmony Remote Software V5 -- () "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{014AC2FE-4BA4-48EE-B8B8-388AC91D591C}" = ArcSoft Software Suite "{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi "{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004 "{050ED764-D5FD-4D33-8FCD-AC48250C0798}" = LeadTool "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600 "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004 "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0 "{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11 "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime "{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0 "{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9 "{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis "{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx "{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel "{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11 "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support "{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB "{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5 "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic "{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0 "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK "{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security "{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0 "{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5 "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! "{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5 "{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync "{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes "{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp "{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9 "{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0 "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari "{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2 "{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore "{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support "{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU "{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR "{C42C10A8-F2F4-4846-B772-ABD1912A2E85}" = PCDrdsho "{C4DCAD15-B754-4FD9-8035-713FE919B118}" = PrintMaster Gold 17 "{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2 "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD "{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9 "{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack "{e2dd006a-362e-11d3-81ab-00c04fb932ba}" = Microsoft Home Publishing Express 2000 "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX "{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0 "{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com "{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit "040a_5005" = USB MassStorage CardReader "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Back4WinXP_is1" = Back4WinXP "BCM V.92 56K Modem" = BCM V.92 56K Modem "Canon MP600 User Registration" = Canon MP600 User Registration "CanonMyPrinter" = Canon My Printer "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "cvo_screensaver" = cvo_screensaver "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "Easy-WebPrint" = Easy-WebPrint "Google Desktop" = Google Desktop "HOTLLAMA Media Player" = HOTLLAMA Media Player "HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update "iDEN Download Apps Utility" = iDEN Download Apps Utility "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "ie8" = Windows Internet Explorer 8 "InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00 "InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01 "InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0 "InstallShield_{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5 "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "MP Navigator 3.0" = Canon MP Navigator 3.0 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MSNINST" = MSN "MVApplication1" = SureThing CD Labeler SE - Sonic "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01 "PCFriendly" = PCFriendly "PictureIt_POD_v9" = Microsoft Picture It! Library 9 "PictureIt_v9" = Microsoft Picture It! Express 9 "PROSet" = Intel® PRO Network Adapters and Drivers "Quicken 2002 New User Edition" = Quicken 2002 New User Edition "RealArcade 1.2" = RealArcade "RealPlayer 6.0" = RealPlayer "Revo Uninstaller" = Revo Uninstaller 1.40 "SatCalc" = SatCalc 1.2 "Sears 1.0" = Sears "Shockwave" = Shockwave "TomTom HOME" = TomTom HOME 2.6.2.1586 "Unlocker" = Unlocker 1.8.5 "Verizon Help and Support" = Verizon Help and Support Tool "Verizon High Speed Internet_is1" = Verizon High Speed Internet "Viewpoint Manager" = Viewpoint Manager (Remove Only) "ViewpointMediaPlayer" = Viewpoint Media Player "WebPost" = Microsoft Web Publishing Wizard 1.52 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 3 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XP Codec Pack" = XP Codec Pack ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "RadioSure" = RadioSure ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 7/6/2010 1:52:49 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20 Description = Error - 7/6/2010 2:52:19 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20 Description = Error - 7/7/2010 7:52:05 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20 Description = Error - 7/7/2010 8:52:06 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20 Description = Error - 7/10/2010 2:38:27 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Application Error | ID = 1000 Description = Faulting application extexport.exe, version 8.0.6001.18702, faulting module sqlite3.dll, version 3.6.22.0, fault address 0x0001072b. Error - 7/10/2010 2:38:35 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Application Error | ID = 1001 Description = Fault bucket 1817646763. Error - 7/10/2010 8:27:36 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 7/10/2010 8:27:36 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. Error - 7/10/2010 11:38:59 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The connection with the server was terminated abnormally Error - 7/10/2010 11:38:59 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080 Description = Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist. [ System Events ] Error - 7/7/2010 10:03:44 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 7/9/2010 11:21:16 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 7/9/2010 11:21:16 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 7/9/2010 11:26:29 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Windows Update Agent | ID = 16 Description = Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection. Error - 7/10/2010 1:39:59 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 7/10/2010 1:39:59 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 7/10/2010 1:54:00 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 7/10/2010 1:54:00 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. Error - 7/10/2010 1:23:50 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189 Description = The system could not sucessfully load the crash dump driver. Error - 7/10/2010 1:23:50 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193 Description = Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. < End of report > OTL: OTL logfile created on: 7/11/2010 12:10:38 AM - Run 1 OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 767.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 18.00% Memory free 2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free Paging file location(s): C:\pagefile.sys 1152 2304 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 74.50 Gb Total Space | 35.38 Gb Free Space | 47.49% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: HOME-CL3SQDQ9W3 Current User Name: Victor Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools) PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\Verizon\McciBrowser.exe (Motive Communications, Inc.) PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation) PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation) PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe () PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.) PRC - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company) PRC - C:\WINDOWS\system32\ScsiAccess.EXE () PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio) PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe () ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll () MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.) MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation) MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.) MOD - C:\Documents and Settings\Victor\Local Settings\TempIadHide3.dll (BackWeb) ========== Win32 Services (SafeList) ========== SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.) SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.) SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.) SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google) SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation) SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation) SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation) SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation) SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company) SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE () ========== Driver Services (SafeList) ========== DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com) DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions) DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions) DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation) DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA)) DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.) DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation) DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation) DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions) DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions) DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions) DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions) DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions) DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions) DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions) DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions) DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions) DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions) DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions) DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions) DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions) DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company) DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company) DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company) DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company) DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company) DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company) DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio) DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio) DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio) DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio) DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio) DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation) DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://dslstart.verizon.net/" FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1" [2010/07/10 20:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions [2008/10/01 23:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions\home2@tomtom.com [2005/09/01 22:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions [2005/09/01 22:28:08 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2010/07/10 20:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll () O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found. O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google) O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.) O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.) O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.) O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.) O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.) O4 - HKCU..\Run: [sonic RecordNow!] File not found O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe () O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe (Trend Micro Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKCU\..Trusted Domains: bing.com ([www] https in Trusted sites) O15 - HKCU\..Trusted Domains: firefox.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites) O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites) O15 - HKCU\..Trusted Domains: mozilla.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites) O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir (MetaStreamCtl Class) O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB (Controller Class) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop Components:1 (My Current Home Page) - About:Home O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found O33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation) Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation) Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.) Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.) Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax () Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll () Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax () Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll () Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation) Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation) Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\WINDOWS\S
  9. As previously mentioned my son's computer contracted a Trojan Horse as well as a Virus while downloading music from Limewire. I used the Superfree Antivirus scan as well as malwarebytes. It found numerous adaware and spyware and removed them. I previously used Trend Micro Internet Security to remove the viruses. It still appears that when the browser IE 8 or Firefox is opened it will display the normal page but open another window with Chinese Letters. I had disabled the ADD=ONS, uninstalled and reinstalled IE 8 as well as Firefox but to no avail. The problem still persists. I have attached the HJT file that I downloaded with the results. Hopefully someone can shine some light on this issue. DDS (Ver_10-03-17.01) - NTFSx86 Run by Victor at 23:43:55.90 on Fri 07/09/2010 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.141 [GMT -4:00] AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\WINDOWS\system32\ScsiAccess.EXE C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\dla\tfswctrl.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Verizon\McciTrayApp.exe C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Verizon\McciBrowser.exe C:\Program Files\Trend Micro\Internet Security\TmProxy.exe C:\Program Files\Trend Micro\Internet Security\TmPfw.exe C:\Program Files\Trend Micro\BM\TMBMSRV.exe C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe C:\Documents and Settings\Victor\My Documents\Downloads\dds.scr C:\WINDOWS\system32\wuauclt.exe ============== Pseudo HJT Report =============== uInternet Connection Wizard,ShellNext = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home uInternet Settings,ProxyOverride = hxxp://localhost;127.0.0.1;*.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [sonic RecordNow!] uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe" uRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe" uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [Motive SmartBridge] c:\progra~1\verizo~1\smartb~1\MotiveSB.exe mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe mRun: [bCMSMMSG] BCMSMMSG.exe mRun: [<NO NAME>] mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe" mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe" mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe" mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll Trusted Zone: bing.com\www DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - hxxp://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL LSA: Notification Packages = :\windows\syste mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\victor\applic~1\mozilla\firefox\profiles\fbwi5o7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R? BRGSp50;BRGSp50 NDIS Protocol Driver R? gupdate;Google Update Service (gupdate) S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? tmcfw;Trend Micro Common Firewall Service S? tmevtmgr;tmevtmgr S? TmPfw;Trend Micro Personal Firewall S? tmpreflt;tmpreflt S? TmProxy;Trend Micro Proxy Service S? TomTomHOMEService;TomTomHOMEService S? Viewpoint Manager Service;Viewpoint Manager Service =============== Created Last 30 ================ 2010-07-08 02:32:03 0 d-----w- c:\docume~1\victor\applic~1\Malwarebytes 2010-07-08 02:31:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-07-08 02:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-07-08 02:30:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-08 02:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-07-08 01:17:42 0 d-----w- c:\docume~1\victor\applic~1\SUPERAntiSpyware.com 2010-07-08 01:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com 2010-07-08 01:17:20 0 d-----w- c:\program files\SUPERAntiSpyware 2010-07-05 22:25:24 0 ----a-w- C:\MY BACKUP-2010-Jul-05Disk#1 2010-07-04 20:58:24 0 dc-h--w- c:\windows\ie8 2010-07-04 16:32:22 0 d-----w- c:\windows\system32\NtmsData 2010-07-02 02:11:47 0 d-----w- c:\docume~1\victor\applic~1\Registry Mechanic 2010-07-01 01:59:23 7168 --sha-w- c:\windows\Thumbs.db 2010-07-01 01:59:15 87040 --sha-w- C:\Thumbs.db 2010-06-27 18:09:05 0 d--h--w- c:\windows\msdownld.tmp 2010-06-27 01:42:21 402432 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys 2010-06-27 01:42:20 81920 ----a-w- c:\windows\system32\ZDPN50.DLL 2010-06-27 01:42:20 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys 2010-06-27 01:42:20 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys 2010-06-27 01:42:20 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS 2010-06-27 01:42:19 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys 2010-06-27 01:42:19 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys 2010-06-27 01:42:18 24576 ----a-w- c:\windows\system32\ZyDelReg.exe 2010-06-27 01:42:17 28672 ----a-w- c:\windows\system32\InsDrvZD.dll 2010-06-27 01:42:17 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL 2010-06-27 01:42:17 0 d-----w- c:\program files\ZyDAS Technology Corporation 2010-06-27 00:44:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2010-06-27 00:44:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2010-06-12 03:29:57 0 d-----w- c:\windows\system32\wbem\Repository ==================== Find3M ==================== 2006-02-11 15:38:09 774144 -c--a-w- c:\program files\RngInterstitial.dll 2008-09-22 17:38:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat ============= FINISH: 23:50:27.56 =============== DDS (Ver_10-03-17.01) Microsoft Windows XP Home Edition Boot Device: \Device\HarddiskVolume1 Install Date: 4/22/2005 8:50:49 PM System Uptime: 7/9/2010 11:20:25 PM (0 hours ago) Motherboard: Dell Computer Corp. | | 02Y832 Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz ==== Disk Partitions ========================= ==== Installed Programs ====================== Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Media Player Adobe Reader 8.1.1 Adobe Reader 9.3.3 Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoStudio 5.5 ArcSoft Software Suite aspi Back4WinXP BCM V.92 56K Modem Bonjour Britannica Ready Reference Canon MP Navigator 3.0 Canon MP600 Canon MP600 User Registration Canon My Printer Canon Utilities Easy-PhotoPrint CCHelp CCScore Critical Update for Windows Media Player 11 (KB959772) cvo_screensaver Dell ResourceCD DIGOpt DIGReqEx Easy-WebPrint Easy CD Creator 5 Basic ESSAdpt ESSANUP ESSCAM ESSCDBK ESScore ESSgui ESShelp ESSini ESSPCD ESSvpaht ESSvpot Google Desktop Google Toolbar for Internet Explorer Google Update Helper Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB915865) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB970653-v3) Hotfix for Windows XP (KB976098-v2) Hotfix for Windows XP (KB979306) Hotfix for Windows XP (KB981793) HOTLLAMA Media Player HOTLLAMA Media Player - Update iDEN Download Apps Utility IKEA Home Planner Intel® PRO Network Adapters and Drivers iTunes J2SE Runtime Environment 5.0 Update 10 J2SE Runtime Environment 5.0 Update 11 J2SE Runtime Environment 5.0 Update 3 J2SE Runtime Environment 5.0 Update 6 J2SE Runtime Environment 5.0 Update 9 Java Auto Updater Java 6 Update 11 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Java SE Runtime Environment 6 Update 1 Kodak EasyShare software KSU LeadTool Logitech Harmony Remote Software V5 Macromedia Shockwave Player Malwarebytes' Anti-Malware MathPlayer MediaFACE 4.0 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB953297) Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Encarta Encyclopedia Standard 2004 Microsoft Home Publishing Express 2000 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money 2004 Microsoft Money 2004 System Pack Microsoft National Language Support Downlevel APIs Microsoft Picture It! Express 9 Microsoft Picture It! Library 9 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Web Publishing Wizard 1.52 MobileMe Control Panel Mozilla Firefox (3.6.6) MSN MSN Encarta Plus Support Files MSN Toolbar MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK Notifier OLYMPUS Master 2 OLYMPUS muvee theaterPack OpenMG AAC Add-on Module 1.0.00 OpenMG Limited Patch 4.5-06-05-12-01 OpenMG Secure Module 4.5.01 OpenOffice.org 3.0 OTtBP PCDADDIN PCDHELP PCDLNCH PCDrdsho PCFriendly PowerDVD PrintMaster Gold 17 Quicken 2002 New User Edition QuickTime RadioSure RealArcade RealPlayer Revo Uninstaller 1.40 Roxio PhotoSuite 5 Safari SatCalc 1.2 ScanSoft OmniPage SE 4.0 Sears Security Update for CAPICOM (KB931906) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 7 (KB953838) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB958215) Security Update for Windows Internet Explorer 7 (KB960714) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 7 (KB969897) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB968816) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player 10 (KB936782) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows Media Player 9 (KB911565) Security Update for Windows Media Player 9 (KB917734) Security Update for Windows Media Player 9 (KB936782) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB938464) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951376) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953839) Security Update for Windows XP (KB954211) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956391) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957095) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961371) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB968537) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB969898) Security Update for Windows XP (KB969947) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971486) Security Update for Windows XP (KB971557) Security Update for Windows XP (KB971633) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973346) Security Update for Windows XP (KB973354) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973525) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977165) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978251) Security Update for Windows XP (KB978262) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB980232) SFR SFR2 Shockwave Skype™ 4.0 Sonic DLA Sonic RecordNow! Sonic Update Manager SonicStage 4.0 SoundMAX SUPERAntiSpyware SureThing CD Labeler SE - Sonic TomTom HOME 2.6.2.1586 TomTom HOME Visual Studio Merge Modules Trend Micro Internet Security Unlocker 1.8.5 Update for Windows XP (KB951072-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) USB MassStorage CardReader Verizon Help and Support Tool Verizon High Speed Internet Verizon Online Viewpoint Manager (Remove Only) Viewpoint Media Player VoiceOver Kit WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Media Format 11 runtime Windows Media Player 10 Hotfix - KB894476 Windows Media Player 11 Windows XP Service Pack 3 WordPerfect Office 11 XP Codec Pack ZyDAS IEEE 802.11 b+g Wireless LAN - USB ==== End Of File ===========================
  10. has not set their status

×
×
  • Create New...