Jump to content
Sign in to follow this  
Dave Aponte

Browser Issues

Recommended Posts

As previously mentioned my son's computer contracted a Trojan Horse as well as a Virus while downloading music from Limewire. I used the Superfree Antivirus scan as well as malwarebytes. It found numerous adaware and spyware and removed them. I previously used Trend Micro Internet Security to remove the viruses. It still appears that when the browser IE 8 or Firefox is opened it will display the normal page but open another window with Chinese Letters. I had disabled the ADD=ONS, uninstalled and reinstalled IE 8 as well as Firefox but to no avail. The problem still persists. I have attached the HJT file that I downloaded with the results. Hopefully someone can shine some light on this issue.

 

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Victor at 23:43:55.90 on Fri 07/09/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.141 [GMT -4:00]

 

AV: Trend Micro Internet Security *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\drivers\KodakCCS.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\WINDOWS\system32\ScsiAccess.EXE

C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\Program Files\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\system32\fxssvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Canon\MyPrinter\BJMyPrt.exe

C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Verizon\McciTrayApp.exe

C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe

C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe

C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Verizon\McciBrowser.exe

C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

C:\Program Files\Trend Micro\Internet Security\TmPfw.exe

C:\Program Files\Trend Micro\BM\TMBMSRV.exe

C:\Program Files\Trend Micro\Internet Security\UfUpdUi.exe

C:\Documents and Settings\Victor\My Documents\Downloads\dds.scr

C:\WINDOWS\system32\wuauclt.exe

 

============== Pseudo HJT Report ===============

 

uInternet Connection Wizard,ShellNext = hxxp://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_home

uInternet Settings,ProxyOverride = hxxp://localhost;127.0.0.1;*.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll

BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll

BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No File

TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll

TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {4E7BD74F-2B8D-469E-D0FC-E57AF4D5FA7D} - No File

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [sonic RecordNow!]

uRun: [MoneyAgent] "c:\program files\microsoft money\system\mnyexpr.exe"

uRun: [ssAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [OM2_Monitor] "c:\program files\olympus\olympus master 2\MMonitor.exe"

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [Motive SmartBridge] c:\progra~1\verizo~1\smartb~1\MotiveSB.exe

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [updateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [MediaFace Integration] c:\program files\fellowes\mediaface 4.0\SetHook.exe

mRun: [bCMSMMSG] BCMSMMSG.exe

mRun: [<NO NAME>]

mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"

mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"

mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"

mRun: [ufSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

dRun: [OE] c:\program files\trend micro\internet security\tmas_oe\TMAS_OEMon.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll

Trusted Zone: bing.com\www

DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab

DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir

DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - hxxps://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204

DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - hxxp://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/asquared.cab

DPF: {C32F59BF-180B-416A-ABF7-161060990A88} - hxxp://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab

DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = :\windows\syste

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\victor\applic~1\mozilla\firefox\profiles\fbwi5o7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com

FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll

FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

 

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R? BRGSp50;BRGSp50 NDIS Protocol Driver

R? gupdate;Google Update Service (gupdate)

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

S? tmcfw;Trend Micro Common Firewall Service

S? tmevtmgr;tmevtmgr

S? TmPfw;Trend Micro Personal Firewall

S? tmpreflt;tmpreflt

S? TmProxy;Trend Micro Proxy Service

S? TomTomHOMEService;TomTomHOMEService

S? Viewpoint Manager Service;Viewpoint Manager Service

 

=============== Created Last 30 ================

 

2010-07-08 02:32:03 0 d-----w- c:\docume~1\victor\applic~1\Malwarebytes

2010-07-08 02:31:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 02:30:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-07-08 02:30:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 02:30:00 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 01:17:42 0 d-----w- c:\docume~1\victor\applic~1\SUPERAntiSpyware.com

2010-07-08 01:17:42 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-07-08 01:17:20 0 d-----w- c:\program files\SUPERAntiSpyware

2010-07-05 22:25:24 0 ----a-w- C:\MY BACKUP-2010-Jul-05Disk#1

2010-07-04 20:58:24 0 dc-h--w- c:\windows\ie8

2010-07-04 16:32:22 0 d-----w- c:\windows\system32\NtmsData

2010-07-02 02:11:47 0 d-----w- c:\docume~1\victor\applic~1\Registry Mechanic

2010-07-01 01:59:23 7168 --sha-w- c:\windows\Thumbs.db

2010-07-01 01:59:15 87040 --sha-w- C:\Thumbs.db

2010-06-27 18:09:05 0 d--h--w- c:\windows\msdownld.tmp

2010-06-27 01:42:21 402432 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys

2010-06-27 01:42:20 81920 ----a-w- c:\windows\system32\ZDPN50.DLL

2010-06-27 01:42:20 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys

2010-06-27 01:42:20 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys

2010-06-27 01:42:20 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS

2010-06-27 01:42:19 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys

2010-06-27 01:42:19 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys

2010-06-27 01:42:18 24576 ----a-w- c:\windows\system32\ZyDelReg.exe

2010-06-27 01:42:17 28672 ----a-w- c:\windows\system32\InsDrvZD.dll

2010-06-27 01:42:17 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL

2010-06-27 01:42:17 0 d-----w- c:\program files\ZyDAS Technology Corporation

2010-06-27 00:44:25 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-06-27 00:44:25 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-06-12 03:29:57 0 d-----w- c:\windows\system32\wbem\Repository

 

==================== Find3M ====================

 

2006-02-11 15:38:09 774144 -c--a-w- c:\program files\RngInterstitial.dll

2008-09-22 17:38:26 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092220080923\index.dat

 

============= FINISH: 23:50:27.56 ===============

 

 

 

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 4/22/2005 8:50:49 PM

System Uptime: 7/9/2010 11:20:25 PM (0 hours ago)

 

Motherboard: Dell Computer Corp. | | 02Y832

Processor: Intel® Pentium® 4 CPU 2.40GHz | Microprocessor | 2394/533mhz

 

==== Disk Partitions =========================

 

 

==== Installed Programs ======================

 

Acrobat.com

Adobe AIR

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Media Player

Adobe Reader 8.1.1

Adobe Reader 9.3.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ArcSoft PhotoStudio 5.5

ArcSoft Software Suite

aspi

Back4WinXP

BCM V.92 56K Modem

Bonjour

Britannica Ready Reference

Canon MP Navigator 3.0

Canon MP600

Canon MP600 User Registration

Canon My Printer

Canon Utilities Easy-PhotoPrint

CCHelp

CCScore

Critical Update for Windows Media Player 11 (KB959772)

cvo_screensaver

Dell ResourceCD

DIGOpt

DIGReqEx

Easy-WebPrint

Easy CD Creator 5 Basic

ESSAdpt

ESSANUP

ESSCAM

ESSCDBK

ESScore

ESSgui

ESShelp

ESSini

ESSPCD

ESSvpaht

ESSvpot

Google Desktop

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Windows Internet Explorer 7 (KB947864)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915865)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

Hotfix for Windows XP (KB981793)

HOTLLAMA Media Player

HOTLLAMA Media Player - Update

iDEN Download Apps Utility

IKEA Home Planner

Intel® PRO Network Adapters and Drivers

iTunes

J2SE Runtime Environment 5.0 Update 10

J2SE Runtime Environment 5.0 Update 11

J2SE Runtime Environment 5.0 Update 3

J2SE Runtime Environment 5.0 Update 6

J2SE Runtime Environment 5.0 Update 9

Java Auto Updater

Java 6 Update 11

Java 6 Update 2

Java 6 Update 3

Java 6 Update 5

Java 6 Update 7

Java SE Runtime Environment 6 Update 1

Kodak EasyShare software

KSU

LeadTool

Logitech Harmony Remote Software V5

Macromedia Shockwave Player

Malwarebytes' Anti-Malware

MathPlayer

MediaFACE 4.0

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB953297)

Microsoft ActiveSync

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Encarta Encyclopedia Standard 2004

Microsoft Home Publishing Express 2000

Microsoft Internationalized Domain Names Mitigation APIs

Microsoft Money 2004

Microsoft Money 2004 System Pack

Microsoft National Language Support Downlevel APIs

Microsoft Picture It! Express 9

Microsoft Picture It! Library 9

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Web Publishing Wizard 1.52

MobileMe Control Panel

Mozilla Firefox (3.6.6)

MSN

MSN Encarta Plus Support Files

MSN Toolbar

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

Notifier

OLYMPUS Master 2

OLYMPUS muvee theaterPack

OpenMG AAC Add-on Module 1.0.00

OpenMG Limited Patch 4.5-06-05-12-01

OpenMG Secure Module 4.5.01

OpenOffice.org 3.0

OTtBP

PCDADDIN

PCDHELP

PCDLNCH

PCDrdsho

PCFriendly

PowerDVD

PrintMaster Gold 17

Quicken 2002 New User Edition

QuickTime

RadioSure

RealArcade

RealPlayer

Revo Uninstaller 1.40

Roxio PhotoSuite 5

Safari

SatCalc 1.2

ScanSoft OmniPage SE 4.0

Sears

Security Update for CAPICOM (KB931906)

Security Update for Windows Internet Explorer 7 (KB929969)

Security Update for Windows Internet Explorer 7 (KB933566)

Security Update for Windows Internet Explorer 7 (KB937143)

Security Update for Windows Internet Explorer 7 (KB938127)

Security Update for Windows Internet Explorer 7 (KB939653)

Security Update for Windows Internet Explorer 7 (KB942615)

Security Update for Windows Internet Explorer 7 (KB944533)

Security Update for Windows Internet Explorer 7 (KB950759)

Security Update for Windows Internet Explorer 7 (KB953838)

Security Update for Windows Internet Explorer 7 (KB956390)

Security Update for Windows Internet Explorer 7 (KB958215)

Security Update for Windows Internet Explorer 7 (KB960714)

Security Update for Windows Internet Explorer 7 (KB961260)

Security Update for Windows Internet Explorer 7 (KB963027)

Security Update for Windows Internet Explorer 7 (KB969897)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB911565)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows Media Player 9 (KB936782)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464-v2)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951376)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB980232)

SFR

SFR2

Shockwave

Skype™ 4.0

Sonic DLA

Sonic RecordNow!

Sonic Update Manager

SonicStage 4.0

SoundMAX

SUPERAntiSpyware

SureThing CD Labeler SE - Sonic

TomTom HOME 2.6.2.1586

TomTom HOME Visual Studio Merge Modules

Trend Micro Internet Security

Unlocker 1.8.5

Update for Windows XP (KB951072-v2)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB955839)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

USB MassStorage CardReader

Verizon Help and Support Tool

Verizon High Speed Internet

Verizon Online

Viewpoint Manager (Remove Only)

Viewpoint Media Player

VoiceOver Kit

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage v1.3.0254.0

Windows Genuine Advantage Validation Tool (KB892130)

Windows Installer Clean Up

Windows Internet Explorer 7

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 10 Hotfix - KB894476

Windows Media Player 11

Windows XP Service Pack 3

WordPerfect Office 11

XP Codec Pack

ZyDAS IEEE 802.11 b+g Wireless LAN - USB

 

==== End Of File ===========================

Share this post


Link to post
Share on other sites

Hello,

 

My name is SweetTech. I would be glad to take a look at your log and help you with solving any malware problems.

 

If you have already received help elsewhere please inform me so that this topic can be closed.

 

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:

 

  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
  • Please make sure to carefully read any instruction that I give you.

    Reading too lightly will cause you to miss important steps, which could have destructive effects.

  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. It's important to note that these instructions are not suitable for any other computer, even if the issues are fairly similar.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    Because of this, you must reply within three days

    failure to reply will result in the topic being closed!
  • Please do not PM me directly for help. If you have any questions, post them in this topic. The only time you can and should PM me is when I have not been replying to you for several days (usually around 3 days) and you need an explanation. If that's the case, just send me a message on here. ;)
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.

    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.

____________________________________________________

 

 

OTL Custom Scan

  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under Custom Scan paste this in

    netsvcs

    drivers32 /all

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.wt

    %systemroot%\system32\*.ruy

    %systemroot%\Fonts\*.com

    %systemroot%\Fonts\*.dll

    %systemroot%\Fonts\*.ini

    %systemroot%\Fonts\*.ini2

    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

    %systemroot%\REPAIR\*.bak1

    %systemroot%\REPAIR\*.ini

    %systemroot%\system32\*.jpg

    %systemroot%\*.scr

    %systemroot%\*._sy

    %APPDATA%\Adobe\Update\*.*

    %ALLUSERSPROFILE%\Favorites\*.*

    %APPDATA%\Microsoft\*.*

    %PROGRAMFILES%\*.dat

    %APPDATA%\Update\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\user32.dll /md5

    %systemroot%\system32\ws2_32.dll /md5

    %systemroot%\system32\ws2help.dll /md5

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may need two posts to fit them both in.

 

NEXT:

 

 

 

Scanning with GMER

 

Please download GMER from one of the following locations and save it to your desktop:

  • Main Mirror

    This version will download a randomly named file (Recommended)

  • Zipped Mirror

    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

     

    Posted Image

  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.

-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning

.

 

 

 

NEXT:

 

 

 

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

2. The logs that were produced after running the OTL scans. (OTL.txt & Extras.txt)

3. The log that was produced after running GMER

4. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

Share this post


Link to post
Share on other sites

Hi Sweet Tech,

Thank you for taking the time and opportunity to assist me with this issue. I will answer your questions in the order they were asked.

 

1)After running the OTL and GMER scans it appears that the issue still persists. I opened my browser and it was populated with the homepage that seemed okay. When i entered a search using bing (search engine) i received the exact error message as previously mentioned.

 

2) Here are the logs for OTL after the scan was performed.

a) EXTRAS:

 

OTL Extras logfile created on: 7/11/2010 12:10:38 AM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

767.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 18.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 35.38 Gb Free Space | 47.49% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME-CL3SQDQ9W3

Current User Name: Victor

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Extra Registry (SafeList) ==========

 

 

========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 

========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Enabled:Logitech Harmony Remote Software V5 -- ()

"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Enabled:Logitech Harmony Remote Software V5 -- ()

"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- File not found

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe:*:Enabled:backWeb-7288971 -- ()

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire -- File not found

"C:\StubInstaller.exe" = C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer -- File not found

"C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe" = C:\Program Files\Logitech\Harmony Remote\PatchHelper.exe:*:Enabled:Remote Control Software Patch Helper -- ()

"C:\WINDOWS\system32\fxsclnt.exe" = C:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Disabled:Logitech Desktop Messenger -- File not found

"C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient.exe:*:Disabled:Logitech Harmony Remote Software V5 -- ()

"C:\Program Files\Logitech\Harmony Remote\HarmonyClient" = C:\Program Files\Logitech\Harmony Remote\HarmonyClient:*:Disabled:Logitech Harmony Remote Software V5 -- ()

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"F:\Program Files\iTunes\iTunes.exe" = F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- File not found

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

 

 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00000000-785F-478A-BAA2-87F1A136068C}" = MSN Encarta Plus Support Files

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{014AC2FE-4BA4-48EE-B8B8-388AC91D591C}" = ArcSoft Software Suite

"{015E4B8A-29B5-4AE3-BD08-38220FADFF4C}" = aspi

"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004

"{050ED764-D5FD-4D33-8FCD-AC48250C0798}" = LeadTool

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600" = Canon MP600

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004

"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0

"{25EF00BE-F17B-11D6-88EA-000476CD2443}" = Verizon Online

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 11

"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime

"{29D851C2-048C-4B5E-8D1F-25D473342BB5}" = ScanSoft OmniPage SE 4.0

"{3248F0A8-6813-11D6-A77B-00B0D0150030}" = J2SE Runtime Environment 5.0 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1

"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7

"{32F66A20-7614-11D4-BD11-00104BD3F987}" = MathPlayer

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01

"{45893FEB-30FD-4034-8661-3BA4238FE67A}" = Britannica Ready Reference

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{469730CC-78DF-4CD3-B286-562D459EA619}" = ESSCAM

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4F1CECBC-670F-4daa-81D6-944B12450917}" = DIGReqEx

"{51F96AEC-D902-4434-A0DC-B9692A21AE7C}" = MobileMe Control Panel

"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11

"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support

"{581CE7EA-A30D-0000-1211-088635773309}" = ZyDAS IEEE 802.11 b+g Wireless LAN - USB

"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5

"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69BD6399-3D8F-45B7-81D9-819361F5101D}" = PCDLNCH

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{718D791F-F4E8-4aa7-98A6-15FDED17BDD0}" = Trend Micro Internet Security

"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0

"{85309D89-7BE9-4094-BB17-24999C6118FC}" = ArcSoft PhotoStudio 5.5

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!

"{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes

"{9D1CF8B6-17B3-4832-B062-2C2DD0B57B04}" = CCHelp

"{9D2B0322-44AE-460E-9283-4D2D7A9205AE}" = Trend Micro Internet Security

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{9F7FC79B-3059-4264-9450-39EB368E3220}" = Microsoft Picture It! Library 9

"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.0

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari

"{A6F18A67-B771-4191-8A33-36D2E742D6D9}" = ESSANUP

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{ABE068DF-8DC4-4947-ABFC-DD2B40850225}" = SFR2

"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1

"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.3

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR

"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner

"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore

"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support

"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU

"{C354C9B6-A4E0-4BB0-A368-6DC6BCA0E314}" = SFR

"{C42C10A8-F2F4-4846-B772-ABD1912A2E85}" = PCDrdsho

"{C4DCAD15-B754-4FD9-8035-713FE919B118}" = PrintMaster Gold 17

"{C769B501-2BE8-46ed-9E69-118F008A0917}" = DIGOpt

"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CBC85F2E-1981-4C55-9418-908D08D2C6E8}" = OLYMPUS Master 2

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{D15E9DB5-6BEB-4534-901E-80C0A29BAB97}" = ESSAdpt

"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{DBA8B9E1-C6FF-4624-9598-73D3B41A0900}" = Microsoft Picture It! Express 9

"{DDDE47E5-C711-4D17-9FA6-E3D7C340192A}" = OLYMPUS muvee theaterPack

"{e2dd006a-362e-11d3-81ab-00c04fb932ba}" = Microsoft Home Publishing Express 2000

"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX

"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0

"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP

"{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com

"{FB26A501-6BA6-459B-89AA-9736730752FB}" = VoiceOver Kit

"040a_5005" = USB MassStorage CardReader

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Back4WinXP_is1" = Back4WinXP

"BCM V.92 56K Modem" = BCM V.92 56K Modem

"Canon MP600 User Registration" = Canon MP600 User Registration

"CanonMyPrinter" = Canon My Printer

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com

"cvo_screensaver" = cvo_screensaver

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"Easy-WebPrint" = Easy-WebPrint

"Google Desktop" = Google Desktop

"HOTLLAMA Media Player" = HOTLLAMA Media Player

"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update

"iDEN Download Apps Utility" = iDEN Download Apps Utility

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"ie8" = Windows Internet Explorer 8

"InstallShield_{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}" = OpenMG AAC Add-on Module 1.0.00

"InstallShield_{3633BA28-67CE-4AC8-A677-3406CA84C3D8}" = OpenMG Secure Module 4.5.01

"InstallShield_{7F581D1D-C9A7-4C77-B88A-27537173CEDF}" = MediaFACE 4.0

"InstallShield_{97218993-042B-4DEA-A39F-B5D7DEB7B0AF}" = Logitech Harmony Remote Software V5

"Macromedia Shockwave Player" = Macromedia Shockwave Player

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"MP Navigator 3.0" = Canon MP Navigator 3.0

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"MSNINST" = MSN

"MVApplication1" = SureThing CD Labeler SE - Sonic

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OpenMG HotFix4.5-06-05-10-01" = OpenMG Limited Patch 4.5-06-05-12-01

"PCFriendly" = PCFriendly

"PictureIt_POD_v9" = Microsoft Picture It! Library 9

"PictureIt_v9" = Microsoft Picture It! Express 9

"PROSet" = Intel® PRO Network Adapters and Drivers

"Quicken 2002 New User Edition" = Quicken 2002 New User Edition

"RealArcade 1.2" = RealArcade

"RealPlayer 6.0" = RealPlayer

"Revo Uninstaller" = Revo Uninstaller 1.40

"SatCalc" = SatCalc 1.2

"Sears 1.0" = Sears

"Shockwave" = Shockwave

"TomTom HOME" = TomTom HOME 2.6.2.1586

"Unlocker" = Unlocker 1.8.5

"Verizon Help and Support" = Verizon Help and Support Tool

"Verizon High Speed Internet_is1" = Verizon High Speed Internet

"Viewpoint Manager" = Viewpoint Manager (Remove Only)

"ViewpointMediaPlayer" = Viewpoint Media Player

"WebPost" = Microsoft Web Publishing Wizard 1.52

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"Windows XP Service Pack" = Windows XP Service Pack 3

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XP Codec Pack" = XP Codec Pack

 

========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"RadioSure" = RadioSure

 

========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 7/6/2010 1:52:49 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20

Description =

 

Error - 7/6/2010 2:52:19 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20

Description =

 

Error - 7/7/2010 7:52:05 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20

Description =

 

Error - 7/7/2010 8:52:06 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Google Update | ID = 20

Description =

 

Error - 7/10/2010 2:38:27 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Application Error | ID = 1000

Description = Faulting application extexport.exe, version 8.0.6001.18702, faulting

module sqlite3.dll, version 3.6.22.0, fault address 0x0001072b.

 

Error - 7/10/2010 2:38:35 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Application Error | ID = 1001

Description = Fault bucket 1817646763.

 

Error - 7/10/2010 8:27:36 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The connection with the server was terminated abnormally

 

Error - 7/10/2010 8:27:36 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

Error - 7/10/2010 11:38:59 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: The connection with the server was terminated abnormally

 

Error - 7/10/2010 11:38:59 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

 

[ System Events ]

Error - 7/7/2010 10:03:44 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 7/9/2010 11:21:16 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 7/9/2010 11:21:16 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 7/9/2010 11:26:29 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Windows Update Agent | ID = 16

Description = Unable to Connect: Windows is unable to connect to the automatic updates

service and therefore cannot download and install updates according to the set

schedule. Windows will continue to try to establish a connection.

 

Error - 7/10/2010 1:39:59 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 7/10/2010 1:39:59 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 7/10/2010 1:54:00 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 7/10/2010 1:54:00 AM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

Error - 7/10/2010 1:23:50 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262189

Description = The system could not sucessfully load the crash dump driver.

 

Error - 7/10/2010 1:23:50 PM | Computer Name = HOME-CL3SQDQ9W3 | Source = Ftdisk | ID = 262193

Description = Configuring the Page file for crash dump failed. Make sure there is

a page file on the boot partition and that is large enough to contain all physical

memory.

 

 

< End of report >

B) OTL:

OTL logfile created on: 7/11/2010 12:10:38 AM - Run 1

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

767.00 Mb Total Physical Memory | 137.00 Mb Available Physical Memory | 18.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 35.38 Gb Free Space | 47.49% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME-CL3SQDQ9W3

Current User Name: Victor

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Verizon\McciBrowser.exe (Motive Communications, Inc.)

PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)

PRC - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()

PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)

PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll ()

MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)

MOD - C:\Documents and Settings\Victor\Local Settings\TempIadHide3.dll (BackWeb)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)

DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)

DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)

DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)

DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)

DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

 

========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "http://dslstart.verizon.net/"

FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1"

 

 

[2010/07/10 20:57:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions

[2008/10/01 23:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions\home2@tomtom.com

[2005/09/01 22:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions

[2005/09/01 22:28:08 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/07/10 20:57:51 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

 

O1 HOSTS File: ([2003/07/16 16:29:34 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)

O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)

O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [sonic RecordNow!] File not found

O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe (Trend Micro Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: bing.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: firefox.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: mozilla.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir (MetaStreamCtl Class)

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB (Controller Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)

O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.verizon.net/sfp/Cabs/max_update/cVOLUpdate_1-0-0.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab (Java Plug-in 1.5.0_03)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Java Plug-in 1.5.0_10)

O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O33 - MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found

O33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax ()

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll ()

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\S

Share this post


Link to post
Share on other sites

Share this post


Link to post
Share on other sites

Hello,

 

OTL Fix

 

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word "Code"

     

    :Services
    :OTL
    FF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1"
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not found
    O4 - HKCU..\Run: [Sonic RecordNow!] File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.veri...pdate_1-0-0.cab (Reg Error: Value error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
    O33 - MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not found
    O33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [start explorer]
    [Reboot]
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

 

NEXT:

 

 

 

Running TDSSKiller

 

 

Please Note: If you have a previous version of TDSSKiller downloaded please delete it now and download a fresh copy using the links provided below.

 

 

Download TDSSKiller from one of the links below:

 

Zipped Version or Executable (Not Zipped) Version

 

 

Note: If you download the TDSSKiller.zip version you will first need to unzip (extract) the file to your computer before running it.

 

 

Please ensure that you save the TDSSKiller file to you desktop.

 

 

If TDSSKiller asks you to close all programs please allow it to do so.

 

 

If you see the following:

To finalize removal of infection and avoid loosing of data program will reboot your PC now.

Close all programs and choose Y to restart or N to continue.

 

Please enter Y and allow TDSSKiller to reboot your computer.

 

 

Once completed it will create a log in your C:\ drive. An example of a log file is: C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

 

 

Please post the content of the TDSSKiller log.

 

 

 

NEXT:

 

 

 

Java Outdated

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:

  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "JDK 6 Update 21 (JDK or JRE)".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version.
  • If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the Java Setup - Welcome window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.

-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.

 

Note:

The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.

To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.

Click Ok and reboot your computer.

 

 

NEXT

 

 

 

Clean Java Cache & Temporary Files

  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
  • Click OK on Delete Temporary Files Window

     

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

 

NEXT:

 

 

 

Please download JavaRa and unzip it to your desktop.

 

***Please close any instances of Internet Explorer before continuing!***

 

  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it in your next reply.

Share this post


Link to post
Share on other sites

You don't need to quote my posts. I'd actually prefer if you didn't do it, unless necessary. I'm going to go ahead and remove the one above and your previous one as well, just to keep this thread tidy.

Share this post


Link to post
Share on other sites

Sweet Tech,

 

My Trend Micro Internet Security has found the 5 TDSSKILLER.exe Virus. It's called Cryp.XED -16. It has been quarantine. Should I now delete them? If so, once deleted do you still want me to run the TDSS Killer? Here is the OTL Fix Log.

 

All processes killed

Error: Unable to interpret <:Services:OTLFF - prefs.js..network.proxy.no_proxies_on: "http://localhost,127.0.0.1"O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - No CLSID value found.O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe File not foundO4 - HKCU..\Run: [sonic RecordNow!] File not foundO4 - HKLM..\RunOnceEx: [] File not foundO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} http://a840.g.akamai...all/xscan53.cab (Reg Error: Key error.)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)O16 - DPF: {C32F59BF-180B-416A-ABF7-161060990A88} http://download.veri...pdate_1-0-0.cab (Reg Error: Value error.)O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)O33 - MountPoints2\{2b450097-e026-11dc-96e3-> in the current context!

Error: Unable to interpret <0007e9540d2b}\Shell\AutoRun\command - "" = G:\InstallTomTomHOME.exe -- File not foundO33 - MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\Shell\AutoRun\command - "" = F:\setupSNK.exe -- File not found:Reg:Files:Commands[purity][emptytemp][EMPTYFLASH][start explorer][Reboot]> in the current context!

Error: Unable to interpret <3.Push > in the current context!

 

OTL by OldTimer - Version 3.2.9.0 log created on 07112010_144316

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

Please let me know what else to do.

Share this post


Link to post
Share on other sites

Can you please attempt to re-run the OTL script above. You will want to ensure that you run it as a fix rather than as a scan.

 

Are you saying that Trend Micro is detecting TDSSKiller.exe as being infected? If that's the case please delete the current copy you have. Download a new copy, and then disable your Trend Micro, run TDSSKiller, reboot your machine, and re-enable Trend Micro.

Share this post


Link to post
Share on other sites

Here is the log for OTL Fix.

All processes killed

========== SERVICES/DRIVERS ==========

========== OTL ==========

Prefs.js: "http://localhost,127.0.0.1" removed from network.proxy.no_proxies_on

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Motive SmartBridge deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Sonic RecordNow! deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.

Starting removal of ActiveX control {74D05D43-3236-11D4-BDCD-00C04F9A3B61}

C:\WINDOWS\Downloaded Program Files\xscan.inf not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74D05D43-3236-11D4-BDCD-00C04F9A3B61}\ not found.

Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}

C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.

Starting removal of ActiveX control {C32F59BF-180B-416A-ABF7-161060990A88}

C:\WINDOWS\Downloaded Program Files\cVOLUpdate.inf moved successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{C32F59BF-180B-416A-ABF7-161060990A88}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C32F59BF-180B-416A-ABF7-161060990A88}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{C32F59BF-180B-416A-ABF7-161060990A88}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C32F59BF-180B-416A-ABF7-161060990A88}\ not found.

File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.

Starting removal of ActiveX control Microsoft XML Parser for Java

Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2b450097-e026-11dc-96e3-0007e9540d2b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2b450097-e026-11dc-96e3-0007e9540d2b}\ not found.

File G:\InstallTomTomHOME.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{906b98ba-e416-11dc-96e5-0007e9540d2b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{906b98ba-e416-11dc-96e5-0007e9540d2b}\ not found.

File F:\setupSNK.exe not found.

========== REGISTRY ==========

========== FILES ==========

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: back4win

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Diane

->Temp folder emptied: 8376893 bytes

->Temporary Internet Files folder emptied: 260023122 bytes

->Java cache emptied: 43707 bytes

->Flash cache emptied: 8824 bytes

 

User: Guest

->Temp folder emptied: 319577 bytes

->Temporary Internet Files folder emptied: 250975632 bytes

->Java cache emptied: 0 bytes

->Flash cache emptied: 3959 bytes

 

User: LocalService

->Temp folder emptied: 66016 bytes

->Temporary Internet Files folder emptied: 1659913 bytes

 

User: NetworkService

->Temp folder emptied: 1866 bytes

->Temporary Internet Files folder emptied: 32598039 bytes

->Flash cache emptied: 2021 bytes

 

User: Robert

->Temp folder emptied: 6896481 bytes

->Temporary Internet Files folder emptied: 140777809 bytes

->Flash cache emptied: 16707 bytes

 

User: Victor

->Temp folder emptied: 271882811 bytes

->Temporary Internet Files folder emptied: 48077487 bytes

->Java cache emptied: 452911 bytes

->FireFox cache emptied: 61723589 bytes

->Flash cache emptied: 551929 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1165502 bytes

%systemroot%\System32 .tmp files removed: 27139849 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 76890087 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33728 bytes

RecycleBin emptied: 1965818 bytes

 

Total Files Cleaned = 1,137.00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: back4win

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Diane

->Flash cache emptied: 0 bytes

 

User: Guest

->Flash cache emptied: 0 bytes

 

User: LocalService

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

User: Robert

->Flash cache emptied: 0 bytes

 

User: Victor

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0.00 mb

 

 

OTL by OldTimer - Version 3.2.9.0 log created on 07112010_164850

 

Files\Folders moved on Reboot...

 

Registry entries deleted on Reboot...

 

I have been unable to download the TDSSKiller from the link you provided. S

Share this post


Link to post
Share on other sites

So i have tried to download the zip version TDSSKiller but to no avail. Then when I down load the tdsskiller.exe and i go to save it, doesn't allow me. Any other suggestions?

Share this post


Link to post
Share on other sites

Running ComboFix

Download ComboFix from one of the following locations:

Link 1

Link 2

 

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

 

* IMPORTANT - Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

 

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the ComboFix log in your next reply as well as describe how your computer is running now

Share this post


Link to post
Share on other sites

I was able to download and run COMBOFIX and here is the log.

 

I ComboFix 10-07-11.03 - Victor 07/11/2010 19:27:01.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.767.519 [GMT -4:00]

Running from: c:\documents and settings\Victor\My Documents\Downloads\ComboFix.exe

AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}

FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\back4win\zipsfx32.bin

c:\documents and settings\Victor\GoToAssistDownloadHelper.exe

c:\program files\Internet Explorer\OLD83.tmp

c:\program files\Internet Explorer\OLDB9.tmp

c:\program files\Internet Explorer\OLDCD.tmp

C:\Thumbs.db

c:\windows\Downloaded Program Files\RdxIE.dll

c:\windows\jestertb.dll

c:\windows\patch.exe

c:\windows\system32\service

c:\windows\system32\service\18062009_TIS17_SfFniAU.log

c:\windows\xpsp1hfm.log

 

Infected copy of c:\windows\system32\drivers\serial.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2010-06-11 to 2010-07-11 )))))))))))))))))))))))))))))))

.

 

2010-07-11 23:39 . 2010-07-11 23:39 -------- d-----w- c:\windows\LastGood

2010-07-11 21:29 . 2010-07-11 21:30 -------- dc-h--w- c:\windows\ie8

2010-07-11 21:28 . 2010-07-11 21:32 -------- d--h--w- c:\windows\msdownld.tmp

2010-07-11 20:47 . 2010-07-11 04:09 574976 ----a-w- C:\OTL.exe

2010-07-11 20:46 . 2010-07-11 20:46 -------- d-----w- C:\New Folder

2010-07-11 20:26 . 2010-07-11 20:26 -------- d-----w- c:\program files\Common Files\Java

2010-07-11 20:26 . 2010-07-11 20:25 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-11 18:43 . 2010-07-11 21:10 -------- d-----w- C:\_OTL

2010-07-10 04:09 . 2010-07-10 04:14 -------- d-----w- C:\HJT

2010-07-08 02:32 . 2010-07-08 02:32 -------- d-----w- c:\documents and settings\Victor\Application Data\Malwarebytes

2010-07-08 02:31 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-08 02:30 . 2010-07-08 02:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-08 02:30 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-08 02:30 . 2010-07-08 02:31 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com

2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-07-08 01:17 . 2010-07-08 01:17 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-07-05 02:42 . 2010-07-11 23:36 -------- d-----w- c:\documents and settings\back4win

2010-07-05 02:42 . 2010-07-05 02:42 1735 ----a-w- c:\documents and settings\back4win\unins000.dat

2010-07-04 16:32 . 2010-07-04 16:33 -------- d-----w- c:\windows\system32\NtmsData

2010-07-02 18:00 . 2010-07-02 18:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-02 18:00 . 2010-07-02 18:00 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-02 18:00 . 2010-07-02 18:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-07-02 02:11 . 2010-07-02 02:11 -------- d-----w- c:\documents and settings\Victor\Application Data\Registry Mechanic

2010-06-27 22:43 . 2010-06-27 23:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-06-27 22:09 . 2010-06-27 22:09 -------- d-----w- c:\documents and settings\Victor\Local Settings\Application Data\Yahoo

2010-06-27 18:12 . 2010-06-27 18:12 -------- d-----w- c:\documents and settings\Victor\Application Data\Yahoo!

2010-06-27 03:07 . 2010-06-27 03:07 -------- d-----w- c:\documents and settings\Victor\Local Settings\Application Data\Mozilla

2010-06-27 01:42 . 2005-10-28 15:38 402432 ----a-w- c:\windows\system32\drivers\ZD1211BU.sys

2010-06-27 01:42 . 2005-06-08 22:44 20608 ----a-w- c:\windows\system32\drivers\BRGSp50.sys

2010-06-27 01:42 . 2004-10-25 17:40 17664 ----a-w- c:\windows\system32\drivers\ZDPSp50.sys

2010-06-27 01:42 . 2004-01-14 15:30 17151 ----a-w- c:\windows\system32\ZDPNDIS5.SYS

2010-06-27 01:42 . 2004-01-14 15:25 81920 ----a-w- c:\windows\system32\ZDPN50.DLL

2010-06-27 01:42 . 2005-06-08 22:44 29184 ----a-w- c:\windows\system32\drivers\BRGSp50a64.sys

2010-06-27 01:42 . 2005-03-18 19:35 31744 ----a-w- c:\windows\system32\drivers\ZDPSp50a64.sys

2010-06-27 01:42 . 2003-03-14 16:24 24576 ----a-w- c:\windows\system32\ZyDelReg.exe

2010-06-27 01:42 . 2010-06-27 01:42 -------- d-----w- c:\program files\ZyDAS Technology Corporation

2010-06-27 01:42 . 2005-07-12 18:44 15872 ----a-w- c:\windows\system32\InsDrvZD64.DLL

2010-06-27 01:42 . 2004-03-23 20:38 28672 ----a-w- c:\windows\system32\InsDrvZD.dll

2010-06-27 00:44 . 2001-08-17 17:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2010-06-27 00:44 . 2001-08-17 17:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2010-06-12 03:29 . 2010-06-12 03:29 -------- d-----w- c:\windows\system32\wbem\Repository

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-11 20:39 . 2006-07-16 03:11 -------- d-----w- c:\program files\Java

2010-07-11 20:26 . 2010-07-11 20:26 503808 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\msvcp71.dll

2010-07-11 20:26 . 2010-07-11 20:26 499712 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\jmc.dll

2010-07-11 20:26 . 2010-07-11 20:26 348160 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-13d7df01-n\msvcr71.dll

2010-07-11 20:26 . 2010-07-11 20:26 61440 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4230c3f0-n\decora-sse.dll

2010-07-11 20:26 . 2010-07-11 20:26 12800 ----a-w- c:\documents and settings\Victor\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4230c3f0-n\decora-d3d.dll

2010-07-10 04:14 . 2010-07-10 04:14 388096 ----a-r- c:\documents and settings\Victor\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-08 01:19 . 2010-07-08 01:19 63488 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-07-08 01:19 . 2010-07-08 01:19 52224 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-07-08 01:19 . 2010-07-08 01:19 117760 ----a-w- c:\documents and settings\Victor\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-07-05 02:42 . 2002-02-10 05:00 72835 ----a-w- c:\documents and settings\back4win\unins000.exe

2010-07-02 18:00 . 2010-04-29 04:07 -------- d-----w- c:\program files\Common Files\PC Tools

2010-07-02 18:00 . 2009-01-01 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!

2010-07-02 18:00 . 2005-06-07 00:52 -------- d-----w- c:\program files\Yahoo!

2010-07-02 17:59 . 2005-10-24 23:24 -------- d-----w- c:\program files\Google

2010-06-27 22:49 . 2008-06-12 13:51 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-06-27 22:44 . 2010-06-27 22:44 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-06-27 02:25 . 2010-06-09 22:08 -------- d-----w- c:\program files\Ask.com

2010-06-27 01:42 . 2005-04-23 01:21 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-06-12 03:28 . 2010-06-09 22:36 -------- d-----w- c:\documents and settings\Victor\Application Data\BitTorrent

2010-05-15 13:12 . 2006-09-14 02:12 -------- d-----w- c:\documents and settings\Diane\Application Data\Apple Computer

2010-05-04 01:53 . 2009-03-02 19:31 1 ----a-w- c:\documents and settings\Victor\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-04-13 00:40 . 2010-04-13 00:40 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-04-13 00:10 . 2010-04-13 00:10 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2006-02-11 15:38 . 2006-02-11 15:38 774144 -c--a-w- c:\program files\RngInterstitial.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MoneyAgent"="c:\program files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 200704]

"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-05-08 81920]

"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-11 95536]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-06-29 2403568]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"MediaFace Integration"="c:\program files\Fellowes\MediaFACE 4.0\SetHook.exe" [2002-12-17 53248]

"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 122880]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2006-03-22 1191936]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]

"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]

"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-06-19 684032]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2006-12-20 227328]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-01-30 1553920]

"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

 

c:\documents and settings\Diane\Start Menu\Programs\Startup\

OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2003-4-9 598150]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe [2002-3-13 16384]

tisspwiz.lnk - c:\program files\Trend Micro\Internet Security\tisspwiz.exe [2009-11-29 1094408]

ZDWLan Utility.lnk - c:\program files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe [2010-6-26 495616]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=

"c:\\Program Files\\Logitech\\Harmony Remote\\PatchHelper.exe"=

"c:\\WINDOWS\\system32\\fxsclnt.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Harmony Remote\\HarmonyClient.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]

R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [11/29/2009 2:39 AM 36368]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [4/8/2009 6:38 AM 92008]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:24 PM 24652]

R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/29/2009 2:39 AM 339984]

R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [11/29/2009 2:52 AM 50704]

R3 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [11/29/2009 2:53 AM 497008]

R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [11/29/2009 2:53 AM 689416]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/30/2010 10:47 PM 135664]

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2009-03-08 08:32 128512 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

 

2010-02-23 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

 

2010-07-11 c:\windows\Tasks\Disk Cleanup.job

- c:\windows\system32\cleanmgr.exe [2008-09-16 00:12]

 

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 02:46]

 

2010-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-01 02:46]

 

2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{3F2F4CB4-F961-4B94-85B3-45E624F5CC1D}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

 

2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{8788D58D-8F45-4012-8C2E-7A7CFCAEFCDE}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

 

2010-07-11 c:\windows\Tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job

- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = localhost

Trusted Zone: bing.com\www

Trusted Zone: firefox.com

Trusted Zone: microsoft.com\*.update

Trusted Zone: microsoft.com\*.windowsupdate

Trusted Zone: microsoft.com\update

Trusted Zone: microsoft.com\windowsupdate

Trusted Zone: mozilla.com

Trusted Zone: windowsupdate.com

Trusted Zone: windowsupdate.com\download

FF - ProfilePath - c:\documents and settings\Victor\Application Data\Mozilla\Firefox\Profiles\764a4cfu.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORPHANS REMOVED - - - -

 

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)

 

 

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-07-11 19:43

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-1220945662-113007714-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(972)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

- - - - - - - > 'explorer.exe'(3920)

c:\docume~1\Victor\LOCALS~1\TempIadHide3.dll

c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll

c:\program files\Common Files\Motive\McciContextHook_DSR.dll

c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\OneX.DLL

c:\windows\system32\eappprxy.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\drivers\KodakCCS.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\windows\system32\ScsiAccess.EXE

c:\program files\Trend Micro\Internet Security\SfCtlCom.exe

c:\windows\system32\fxssvc.exe

c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe

c:\program files\Trend Micro\BM\TMBMSRV.exe

c:\windows\BCMSMMSG.exe

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe

c:\progra~1\MI3AA1~1\rapimgr.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-07-11 19:55:06 - machine was rebooted

ComboFix-quarantined-files.txt 2010-07-11 23:55

 

Pre-Run: 38,849,363,968 bytes free

Post-Run: 38,655,004,672 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

 

- - End Of File - - 2F51BA9CA98F638B76C87F669E103BDC

 

I will now attempt to open my browser and try to surf the net to see if the problem has been resolved. I also need to find my Internet Explorer Icon is not on my desktop or my start Menu. How can I put it in my Start menu or create a shortcut?

Share this post


Link to post
Share on other sites

Hello,

 

For IE issue:

 

Copy the following bolded text below:

 

"%programfiles%\internet explorer\iexplore.exe"

 

On your desktop right-click on a blank space, point to New, and then Click Shortcut.

 

In the Create Shortcut Wizard, right-click the Type the location of the item box, and then click Paste to paste the command that you copied in step 1.

Click Next.

In the Type a name for this shortcut box, type Internet Explorer.

Click Finish.

 

A shortcut to Internet Explorer is created on your desktop.

 

 

Malwarebytes' Anti-Malware

 

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

 

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

 

 

 

NEXT:

 

 

 

ESET Online Scanner

I'd like us to scan your machine with ESET Online Scan

 

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.

 

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.

    ESET OnlineScan

  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin

    scanning your computer. Please be patient as this can take some time.

  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as

    ESETScan. Include the contents of this report in your next reply.

  • Push the Posted Image button.
  • Push Posted Image

 

NEXT:

 

 

 

Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

NEXT:

 

 

 

OTL Custom Scan

 

We need to run an OTL Custom Scan

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following bolded text into the Posted Image textbox.

     

    netsvcs

    drivers32 /all

    %SYSTEMDRIVE%\*.*

    %systemroot%\system32\*.wt

    %systemroot%\system32\*.ruy

    %systemroot%\Fonts\*.com

    %systemroot%\Fonts\*.dll

    %systemroot%\Fonts\*.ini

    %systemroot%\Fonts\*.ini2

    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp

    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll

    %systemroot%\REPAIR\*.bak1

    %systemroot%\REPAIR\*.ini

    %systemroot%\system32\*.jpg

    %systemroot%\*.scr

    %systemroot%\*._sy

    %APPDATA%\Adobe\Update\*.*

    %ALLUSERSPROFILE%\Favorites\*.*

    %APPDATA%\Microsoft\*.*

    %PROGRAMFILES%\*.*

    %APPDATA%\Update\*.*

    %systemroot%\*. /mp /s

    CREATERESTOREPOINT

    %systemroot%\system32\*.dll /lockedfiles

    %systemroot%\Tasks\*.job /lockedfiles

    %systemroot%\System32\config\*.sav

    %systemroot%\system32\user32.dll /md5

    %systemroot%\system32\ws2_32.dll /md5

    %systemroot%\system32\ws2help.dll /md5

    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Push Posted Image
  • A report will open. Copy and Paste that report in your next reply.

 

 

 

 

Please make sure you include the following items in your next post:

1. Any comments or questions you may have that you'd like for me to answer in my next post to you.

2. The log that is produced after running the MalwareBytes' Anti-Malware scan.

3. The log that is produced after running the ESET Online Virus Scanner.

4. The log that is produced after running the SecurityCheck scan.

5. The log that is produced after running the OTL scan.

6. An update on how your computer is currently running.

It would be helpful if you could answer each question in the order asked, as well as numbering your answers.

 

Cheers,

SweetTech.

Share this post


Link to post
Share on other sites

Sweet Tech,

 

Here is the information you requested.

 

1) So after performing all these scans is the computer safe and all the malware, anti-spyware, ad aware, and viruses cleaned? Is it back to normal? Is it recommended to run a defrag?

 

2)Here is the log for malware-bytes:

 

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

 

Database version: 4304

 

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

 

7/11/2010 9:40:07 PM

mbam-log-2010-07-11 (21-40-07).txt

 

Scan type: Quick scan

Objects scanned: 159138

Time elapsed: 15 minute(s), 7 second(s)

 

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

 

Memory Processes Infected:

(No malicious items detected)

 

Memory Modules Infected:

(No malicious items detected)

 

Registry Keys Infected:

(No malicious items detected)

 

Registry Values Infected:

(No malicious items detected)

 

Registry Data Items Infected:

(No malicious items detected)

 

Folders Infected:

(No malicious items detected)

 

Files Infected:

(No malicious items detected)

 

3) Here is the log for ESET Scan log:

 

C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\serial.sys.vir Win32/Olmarik.ZC trojan

 

4 Here is the log for Security Check scan log:

 

Results of screen317's Security Check version 0.99.4

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

Trend Micro Internet Security

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 21

Out of date Java installed!

Adobe Flash Player 10.1.53.64

Adobe Reader 8.1.1

Adobe Reader 9.3.3

Mozilla Firefox (3.6.6)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Trend Micro Internet Security SfCtlCom.exe

Trend Micro Internet Security TmProxy.exe

Trend Micro Internet Security TmPfw.exe

Trend Micro Internet Security UfSeAgnt.exe

Trend Micro Internet Security TMAS_OE TMAS_OEMon.exe

Trend Micro BM TMBMSRV.exe

Trend Micro Internet Security UfNavi.exe

Trend Micro Internet Security UfUpdUi.exe

````````````````````````````````

DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

 

``````````End of Log````````````

 

5) Here is the log for the OTL Custom scan:

 

OTL logfile created on: 7/12/2010 8:07:56 PM - Run 2

OTL by OldTimer - Version 3.2.9.0 Folder = C:\Documents and Settings\Victor\Desktop\OTL

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

767.00 Mb Total Physical Memory | 159.00 Mb Available Physical Memory | 21.00% Memory free

2.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free

Paging file location(s): C:\pagefile.sys 1152 2304 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.50 Gb Total Space | 35.47 Gb Free Space | 47.61% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

Drive F: | 121.28 Mb Total Space | 120.21 Mb Free Space | 99.12% Space Free | Partition Type: FAT

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: HOME-CL3SQDQ9W3

Current User Name: Victor

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 

========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)

PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\UfNavi.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)

PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)

PRC - C:\Program Files\Sony\SonicStage\SSAAD.exe ()

PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.)

PRC - C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe (ScanSoft, Inc.)

PRC - C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

PRC - C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

PRC - C:\WINDOWS\system32\ScsiAccess.EXE ()

PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)

PRC - C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

 

 

========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Victor\Desktop\OTL\OTL.exe (OldTimer Tools)

MOD - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEHook.dll ()

MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

MOD - C:\Program Files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll (ScanSoft, Inc.)

MOD - C:\Documents and Settings\Victor\Local Settings\TempIadHide3.dll (BackWeb)

 

 

========== Win32 Services (SafeList) ==========

 

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe (Trend Micro Inc.)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)

SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)

SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)

SRV - (SSScsiSV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (Sony Corporation)

SRV - (MSCSPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (Sony Corporation)

SRV - (PACSPTISVR) -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (Sony Corporation)

SRV - (SPTISRV) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)

SRV - (KodakCCS) -- C:\WINDOWS\system32\drivers\KodakCCS.exe (Eastman Kodak Company)

SRV - (ScsiAccess) -- C:\WINDOWS\system32\ScsiAccess.EXE ()

 

 

========== Driver Services (SafeList) ==========

 

DRV - (MRESP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS File not found

DRV - (MRENDIS5) -- C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS File not found

DRV - (MREMPR5) -- C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS File not found

DRV - (MREMP50a64) -- C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS File not found

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found

DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)

DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)

DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)

DRV - (ZD1211BU(ZyDAS)) ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS) -- C:\WINDOWS\system32\drivers\ZD1211BU.sys (ZyDAS Technology Corporation)

DRV - (BRGSp50) -- C:\WINDOWS\system32\drivers\BRGSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (ZDPSp50) -- C:\WINDOWS\system32\drivers\ZDPSp50.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (AFS2K) -- C:\WINDOWS\System32\drivers\AFS2K.SYS (Oak Technology Inc.)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (BCMModem) -- C:\WINDOWS\system32\drivers\BCMSM.sys (Broadcom Corporation)

DRV - (tfsnudfa) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)

DRV - (tfsnudf) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)

DRV - (tfsnifs) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)

DRV - (tfsncofs) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)

DRV - (tfsnboio) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)

DRV - (tfsnopio) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)

DRV - (tfsnpool) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)

DRV - (tfsndrct) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)

DRV - (tfsndres) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)

DRV - (drvmcdb) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)

DRV - (sscdbhk5) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)

DRV - (ssrtln) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)

DRV - (drvnddm) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)

DRV - (Exportit) -- C:\WINDOWS\system32\drivers\ExportIt.sys (Eastman Kodak Company)

DRV - (DcFpoint) -- C:\WINDOWS\system32\drivers\DcFpoint.sys (Eastman Kodak Company)

DRV - (DcPTP) -- C:\WINDOWS\system32\drivers\DcPtp.sys (Eastman Kodak Company)

DRV - (DcCam) -- C:\WINDOWS\system32\drivers\DcCam.sys (Eastman Kodak Company)

DRV - (DcLps) -- C:\WINDOWS\system32\drivers\DcLps.sys (Eastman Kodak Company)

DRV - (DCFS2K) -- C:\WINDOWS\system32\drivers\DCFS2k.sys (Eastman Kodak Company)

DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)

DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)

DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)

DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)

DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)

DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)

DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)

 

 

========== Standard Registry (SafeList) ==========

 

 

========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost

 

========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..network.proxy.no_proxies_on: "localhost"

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/11 13:59:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/11 16:26:10 | 000,000,000 | ---D | M]

 

[2010/07/11 14:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions

[2008/10/01 23:01:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Extensions\home2@tomtom.com

[2005/09/01 22:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions

[2005/09/01 22:28:08 | 000,000,000 | ---D | M] (Firefox (default)) -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\6ijhxbu9.default\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/07/11 14:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Victor\Application Data\Mozilla\Firefox\Profiles\764a4cfu.default\extensions

[2010/07/11 16:26:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/07/11 16:26:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010/07/11 16:25:49 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

 

O1 HOSTS File: ([2010/07/11 19:43:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)

O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.)

O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)

O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)

O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)

O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)

O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)

O4 - HKLM..\Run: [MediaFace Integration] C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe (Fellowes, Inc.)

O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)

O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [updateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)

O4 - HKCU..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)

O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)

O4 - HKCU..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)

O4 - HKCU..\Run: [ssAAD.exe] C:\Program Files\Sony\SonicStage\SSAAD.exe ()

O4 - HKCU..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tisspwiz.lnk = C:\Program Files\Trend Micro\Internet Security\tisspwiz.exe (Trend Micro Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Domains: bing.com ([www] https in Trusted sites)

O15 - HKCU\..Trusted Domains: firefox.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)

O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Trusted sites)

O15 - HKCU\..Trusted Domains: mozilla.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: windowsupdate.com ([download] http in Trusted sites)

O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} https://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://www.viewpoint.com/cgi-bin/installer.v4/vet_install_premium.pl?1&6&04.00.09.13&premium&unknown&http://automobiles.honda.com/models/mov_iframe_viewpt.asp?path=/images/banners/2005/accord_hybrid/viewpoint&FrameBGColor=%23FFFFFF&ModelNameDir=accord%255Fhybrid&noreloadredir (MetaStreamCtl Class)

O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} https://www.windowsonecare.com/install/cli/1.1.1067.14/WinSSWebAgent.CAB (Controller Class)

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:1 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Victor\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2005/04/22 20:45:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: 6to4 - File not found

NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found

NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

 

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)

Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)

Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)

Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)

Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)

Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)

Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)

Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)

Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.ffds - C:\WINDOWS\System32\ffdshow.ax ()

Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()

Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)

Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)

Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)

Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)

Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)

Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)

Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)

Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)

Drivers32: wave - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)

Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (17183528496136192)

 

========== Files/Folders - Created Within 30 Days ==========

 

[2010/07/11 21:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2010/07/11 20:59:56 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2010/07/11 19:58:00 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll

[2010/07/11 19:15:08 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/07/11 19:09:03 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/07/11 19:09:03 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/07/11 19:09:02 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/07/11 19:09:02 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/07/11 19:08:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/07/11 19:06:55 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/07/11 17:29:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/07/11 17:28:24 | 000,000,000 | -H-D | C] -- C:\WINDOWS\msdownld.tmp

[2010/07/11 17:15:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7

[2010/07/11 16:47:02 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\OTL.exe

[2010/07/11 16:46:54 | 000,000,000 | ---D | C] -- C:\New Folder

[2010/07/11 16:26:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2010/07/11 16:26:10 | 000,423,656 | ---- | C] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

[2010/07/11 16:26:10 | 000,153,376 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010/07/11 16:26:10 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010/07/11 16:26:10 | 000,145,184 | ---- | C] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010/07/11 16:26:10 | 000,073,728 | ---- | C] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl

[2010/07/11 16:10:18 | 016,066,336 | ---- | C] (Oracle) -- C:\Documents and Settings\Victor\Desktop\jre-6u21-windows-i586.exe

[2010/07/11 14:43:16 | 000,000,000 | ---D | C] -- C:\_OTL

[2010/07/11 01:17:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\GMER

[2010/07/11 00:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\OTL

[2010/07/10 00:09:05 | 000,000,000 | ---D | C] -- C:\HJT

[2010/07/07 22:32:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Malwarebytes

[2010/07/07 22:31:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/07/07 22:30:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/07/07 22:30:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/07/07 22:30:00 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/07/07 21:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\SUPERAntiSpyware.com

[2010/07/07 21:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

[2010/07/07 21:17:20 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2010/07/07 21:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\My Documents\Downloads

[2010/07/04 21:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/07/04 13:25:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Desktop\My Pictures

[2010/07/04 12:32:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData

[2010/07/02 14:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2010/07/02 14:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2010/07/02 14:00:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/07/01 22:11:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Registry Mechanic

[2010/06/30 22:45:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/06/30 21:48:43 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic

[2010/06/27 18:43:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS

[2010/06/27 18:09:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Local Settings\Application Data\Yahoo

[2010/06/27 14:12:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Application Data\Yahoo!

[2010/06/26 23:39:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun

[2010/06/26 23:07:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Victor\Local Settings\Application Data\Mozilla

[2010/06/26 21:42:21 | 000,402,432 | ---- | C] (ZyDAS Technology Corporation) -- C:\WINDOWS\System32\drivers\ZD1211BU.sys

[2010/06/26 21:42:20 | 000,081,920 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPN50.DLL

[2010/06/26 21:42:20 | 000,020,608 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50.sys

[2010/06/26 21:42:20 | 000,017,664 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50.sys

[2010/06/26 21:42:20 | 000,017,151 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\ZDPNDIS5.SYS

[2010/06/26 21:42:19 | 000,031,744 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\ZDPSp50a64.sys

[2010/06/26 21:42:19 | 000,029,184 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\drivers\BRGSp50a64.sys

[2010/06/26 21:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\ZyDAS Technology Corporation

[2010/06/26 20:44:25 | 000,012,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mouhid.sys

[2004/11/24 14:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files - Modified Within 30 Days ==========

 

[2010/07/12 20:15:00 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job

[2010/07/12 20:14:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8788D58D-8F45-4012-8C2E-7A7CFCAEFCDE}.job

[2010/07/12 19:52:05 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/07/12 19:47:13 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3F2F4CB4-F961-4B94-85B3-45E624F5CC1D}.job

[2010/07/12 19:43:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/07/12 19:43:48 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/07/12 19:41:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/07/12 19:41:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/07/12 19:41:33 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys

[2010/07/11 23:56:28 | 005,242,880 | ---- | M] () -- C:\Documents and Settings\Victor\ntuser.dat

[2010/07/11 23:56:28 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Victor\ntuser.ini

[2010/07/11 21:17:56 | 000,001,533 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Internet explorer.lnk

[2010/07/11 20:53:06 | 001,038,328 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/11 20:50:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/07/11 19:43:57 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010/07/11 19:43:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/07/11 19:15:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010/07/11 17:39:24 | 000,000,560 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to Internet Explorer.lnk

[2010/07/11 17:36:58 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to IE8-Setup-Full.lnk

[2010/07/11 16:25:48 | 000,423,656 | ---- | M] (Oracle) -- C:\WINDOWS\System32\deployJava1.dll

[2010/07/11 16:25:48 | 000,153,376 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaws.exe

[2010/07/11 16:25:48 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javaw.exe

[2010/07/11 16:25:48 | 000,145,184 | ---- | M] (Oracle) -- C:\WINDOWS\System32\java.exe

[2010/07/11 16:25:48 | 000,073,728 | ---- | M] (Oracle) -- C:\WINDOWS\System32\javacpl.cpl

[2010/07/11 16:12:52 | 016,066,336 | ---- | M] (Oracle) -- C:\Documents and Settings\Victor\Desktop\jre-6u21-windows-i586.exe

[2010/07/11 13:58:25 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/11 13:58:25 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/07/11 12:35:00 | 000,000,262 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job

[2010/07/11 00:09:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2010/07/10 14:40:21 | 000,000,133 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\Welcome to IE8.url

[2010/07/10 01:00:16 | 000,002,383 | ---- | M] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk

[2010/07/07 22:31:10 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/07 22:14:07 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/07/07 21:17:23 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/07/06 14:36:33 | 3144,386,349 | ---- | M] () -- C:\Documents and Settings\Victor\My Documents\2010 Backup-2010-Jul-06.ZIP

[2010/07/05 18:25:24 | 000,000,000 | ---- | M] () -- C:\MY BACKUP-2010-Jul-05Disk#1

[2010/06/30 21:59:22 | 000,008,704 | ---- | M] () -- C:\Documents and Settings\Victor\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/06/27 21:19:23 | 000,570,214 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010/06/27 21:19:23 | 000,469,518 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/06/27 21:19:23 | 000,092,284 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/06/26 21:42:22 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

 

========== Files Created - No Company Name ==========

 

[2010/07/11 21:18:34 | 000,000,133 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\Welcome to IE8.url

[2010/07/11 21:17:15 | 000,001,533 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Internet explorer.lnk

[2010/07/11 19:15:17 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010/07/11 19:15:10 | 000,260,272 | ---- | C] () -- C:\cmldr

[2010/07/11 19:09:03 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/07/11 19:09:03 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/07/11 19:09:03 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/07/11 19:09:03 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/07/11 19:09:03 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/07/11 17:39:24 | 000,000,560 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to Internet Explorer.lnk

[2010/07/11 17:36:57 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\Shortcut to IE8-Setup-Full.lnk

[2010/07/11 13:58:25 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/07/11 13:58:25 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

[2010/07/10 00:14:03 | 000,002,383 | ---- | C] () -- C:\Documents and Settings\Victor\Desktop\HiJackThis.lnk

[2010/07/07 22:31:10 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/07/07 21:17:23 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk

[2010/07/06 14:22:03 | 3144,386,349 | ---- | C] () -- C:\Documents and Settings\Victor\My Documents\2010 Backup-2010-Jul-06.ZIP

[2010/07/05 18:25:24 | 000,000,000 | ---- | C] () -- C:\MY BACKUP-2010-Jul-05Disk#1

[2010/06/30 22:47:04 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

[2010/06/30 22:47:03 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

[2010/06/27 18:56:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk

[2010/06/27 10:50:01 | 000,000,424 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B794C1A9-E2F5-44C1-930F-38E032662773}.job

[2010/06/26 21:42:22 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk

[2010/06/26 21:42:18 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe

[2010/06/26 21:42:17 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll

[2010/06/26 21:42:17 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL

[2008/12/18 20:40:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI

[2008/09/16 03:05:06 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/09/04 00:49:05 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI

[2007/08/06 18:56:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\pccillin.ini

[2007/04/01 22:07:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini

[2006/10/25 20:31:04 | 000,000,419 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI

[2006/03/17 19:31:46 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Victor.ini

[2006/01/09 23:01:30 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini

[2005/11/02 23:10:30 | 000,002,137 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/05/17 21:55:17 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll

[2005/05/17 21:55:17 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini

[2005/05/17 21:54:38 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini

[2005/04/23 22:57:15 | 000,000,052 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2005/04/23 22:57:14 | 000,000,665 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2005/04/23 22:07:25 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini

[2005/04/22 22:04:56 | 000,000,563 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

[2005/04/22 21:53:33 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI

[2005/04/22 21:34:56 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

[2004/10/12 01:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll

[2004/10/12 01:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll

[2004/10/12 01:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll

[2004/10/09 01:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll

[2004/10/05 03:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll

[2004/10/03 12:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll

[2003/08/14 02:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2002/11/26 21:12:16 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\lttls13n.dll

[2002/11/26 21:12:00 | 000,708,608 | ---- | C] () -- C:\WINDOWS\System32\ltcry13n.dll

[2002/11/26 21:11:42 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\lfkodak.dll

[2002/11/26 21:11:38 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll

[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini

[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini

[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll

[2000/09/08 17:53:50 | 000,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini

[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

[1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll

 

========== Custom Scans ==========

 

 

< %SYSTEMDRIVE%\*.* >

[2006/03/20 23:01:50 | 000,030,539 | ---- | M] () -- C:\22_21A.jpg

[2006/07/06 19:13:02 | 021,290,704 | ---- | M] ( ) -- C:\AdbeRdr708_en_US.exe

[2009/05/03 01:57:45 | 000,001,846 | ---- | M] () -- C:\ASLog.txt

[2005/04/22 20:45:47 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2010/05/24 20:21:02 | 000,000,211 | ---- | M] () -- C:\Boot.bak

[2010/07/11 19:15:17 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr

[2010/07/11 19:55:07 | 000,022,959 | ---- | M] () -- C:\ComboFix.txt

[2005/04/22 20:45:47 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2007/03/13 21:28:16 | 000,000,770 | ---- | M] () -- C:\devicetable.log

[2010/07/12 19:41:33 | 804,311,040 | -HS- | M] () -- C:\hiberfil.sys

[2007/02/06 13:21:28 | 000,000,170 | ---- | M] () -- C:\INSTALL.LOG

[2005/04/22 20:45:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/07/11 16:40:09 | 000,000,643 | ---- | M] () -- C:\JavaRa.log

[2005/04/23 22:43:40 | 000,000,017 | ---- | M] () -- C:\log.txt

[2005/04/22 20:45:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2010/07/05 18:25:24 | 000,000,000 | ---- | M] () -- C:\MY BACKUP-2010-Jul-05Disk#1

[2008/12/15 21:51:06 | 000,000,571 | ---- | M] () -- C:\NTDClient.log

[2005/05/09 23:01:14 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008/09/22 13:11:13 | 000,250,048 | ---- | M] () -- C:\ntldr

[2010/07/11 00:09:00 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\OTL.exe

[2010/07/12 19:41:32 | 1207,959,552 | -HS- | M] () -- C:\pagefile.sys

[2006/07/06 19:11:44 | 007,050,552 | ---- | M] (Adobe Systems, Inc. ) -- C:\psa30se_en_us.exe

[2007/01/27 21:47:48 | 000,037,283 | ---- | M] () -- C:\VETlog.dmp

[2007/01/27 21:47:48 | 000,002,130 | ---- | M] () -- C:\VETlog.txt

[2009/07/07 21:16:38 | 003,953,152 | ---- | M] () -- C:\WonderfulWorldofColors.pps

[2006/07/06 19:11:16 | 000,762,512 | ---- | M] () -- C:\ytb612_efgsip.exe

 

< %systemroot%\system32\*.wt >

 

< %systemroot%\system32\*.ruy >

 

< %systemroot%\Fonts\*.com >

 

< %systemroot%\Fonts\*.dll >

 

< %systemroot%\Fonts\*.ini >

[2005/04/22 20:45:28 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

 

< %systemroot%\Fonts\*.ini2 >

 

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

 

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2006/05/01 01:00:00 | 000,022,528 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD87.DLL

[2006/05/01 01:00:00 | 000,065,024 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP87.DLL

 

< %systemroot%\REPAIR\*.bak1 >

 

< %systemroot%\REPAIR\*.ini >

 

< %systemroot%\system32\*.jpg >

[2005/01/30 11:50:26 | 000,012,151 | ---- | M] () -- C:\WINDOWS\system32\logoxp.jpg

 

< %systemroot%\*.scr >

 

< %systemroot%\*._sy >

 

< %APPDATA%\Adobe\Update\*.* >

 

< %ALLUSERSPROFILE%\Favorites\*.* >

 

< %APPDATA%\Microsoft\*.* >

[2010/06/27 10:43:12 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Victor\Application Data\Microsoft\LastFlashConfig.WFC

 

< %PROGRAMFILES%\*.* >

[2006/02/11 11:38:09 | 000,774,144 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

 

< %APPDATA%\Update\*.* >

 

< %systemroot%\*. /mp /s >

 

< %systemroot%\system32\*.dll /lockedfiles >

[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll

[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll

[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll

 

< %systemroot%\Tasks\*.job /lockedfiles >

 

< %systemroot%\System32\config\*.sav >

[2005/04/22 16:35:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2005/04/22 16:35:41 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2005/04/22 16:35:41 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

 

< %systemroot%\system32\user32.dll /md5 >

[2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

 

< %systemroot%\system32\ws2_32.dll /md5 >

[2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

 

< %systemroot%\system32\ws2help.dll /md5 >

[2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-12 00:50:29

 

< >

< End of report >

 

6) The computer seems to be running fine. I don't see those previous issues with the browsers.

Share this post


Link to post
Share on other sites

Hello,

 

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.

 

 

 

NEXT:

 

 

 

Remove Program

We need to remove a program. To do this please do the following:

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

  • Adobe Reader 8.1.1

 

NEXT:

 

 

 

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

 

Click Start > Run and copy/paste the following bolded text into the Run box and click OK: ComboFix /Uninstall

 

 

 

NEXT:

 

 

 

OTL Clean-Up

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

 

 

 

NEXT:

 

 

 

All Clean Speech

 

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article

    Strong passwords: How to create and use them

    then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/

    This will ensure your computer has always the latest security updates available installed on your computer.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure

    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here

    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.

      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

    Think Prevention.

    PC Safety and Security--What Do I Need?.

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

 

Thank you for your patience, and performing all of the procedures requested.

 

Please respond one last time so we can consider the thread resolved and close it, thank-you.

 

Cheers,

SweetTech.

Share this post


Link to post
Share on other sites

You are more than welcome. I'm glad I was able to be of assistance. :)

 

 

 

Since this issue appears resolved ... this Topic is closed.

Edited by SweetTech

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...