Redirected when using the internet

Welcome Guest ( Log In | Join )

Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide. Want to reply to a topic, start a new one, or remove the advertising? Join today (always free).

> Geeks to Go! » Security » Malware Removal - HijackThis™ Logs Go Here

Redirected when using the internet

Options

NatPortmanYUM View Member Profile	Oct 2 2008, 11:51 AM Post #1
Member Posts: 20 From: Canada OS: XP	Since I wasn't able to post in the other topic with the exact same problem I have, I made a new one. Just recently(yesterday) I started to get random pop-ups, even when I wasn't using internet explorer. I then tried to start up zonealarm, but with no prevail, it didn't start up. So now I'm using my sisters laptop, I sent avast over msn to my computer to run a virus scan. So avast restarted my pc and started to scan, quite a few files from the windows folder popped up, I ignored them because they were in the windows folder and didn't wasnt to delete anything just incase. So now I'm here because I'm all out of ideas. So I'm hoping you guys to push me in the right direction of getting rid of this problem. Thanks. Edit: While avast did a virus scan, I did happen to delete 3 dlls, they were tdssserf.dll, tdssserf1.dll and tdsslog.dll. Don't know if they will cause any damage now that I have delted them. This post has been edited by NatPortmanYUM: Oct 5 2008, 03:41 PM

OldTimer View Member Profile	Oct 4 2008, 01:16 PM Post #2
GeekU Moderator Posts: 1,616 From: Holland Michigan USA OS: XP Pro	Hello NatPortmanYUM and welcome to GeeksToGo. Let's see what we can find. Boot to the profile that works and then do the following: Before running a new scan let's clean out the temporoary folders. Download ATF Cleaner to your Desktop. Double-click ATF-Cleaner.exe to run the program. Click Select All found at the bottom of the list. Click the Empty Selected button. If you use Firefox browser, do this also: Click Firefox at the top and choose Select All from the list. Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser, do this also: Click Opera at the top and choose Select All from the list. Close ALL Internet browsers (very important). Click the Empty Selected button. NOTE : If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. Now download OTScanIt2.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt2 on your desktop. Note: You must be logged on to the system with an account that has Administrator privileges to run this program. Close ALL OTHER PROGRAMS. Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator). Do not change any settings. Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it. Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. Make sure that the first line is code with brackets around it [] and that the last line is /code with brackets around it []. If, after posting, the last line is not <End of Report> then the log is too big to fit into a single post and you will need to split it into multiple posts or attach it as a file. Cheers. OT

NatPortmanYUM View Member Profile	Oct 5 2008, 12:39 AM Post #3
Member Posts: 20 From: Canada OS: XP	Hello there and thanks for replying! Here is the log CODE OTScanIt logfile created on: 05/10/2008 2:31:43 AM - Run 2 OTScanIt2 by OldTimer - Version 1.0.0.1b Folder = C:\Documents and Settings\Compaq_Administrator\Desktop\OTScanIt2 Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00001009 \| Country: Canada \| Language: ENC \| Date Format: dd/MM/yyyy 1022.48 Mb Total Physical Memory \| 690.60 Mb Available Physical Memory \| 67.54% Memory free 2.40 Gb Paging File \| 2.11 Gb Available in Paging File \| 88.05% Paging File free Paging file location(s): C:\pagefile.sys 0 0; %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 177.74 Gb Total Space \| 152.54 Gb Free Space \| 85.82% Space Free \| Partition Type: NTFS Drive D: \| 8.56 Gb Total Space \| 0.58 Gb Free Space \| 6.81% Space Free \| Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: COURTNEY Current User Name: Compaq_Administrator Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Whitelist: On File Age = 30 Days [Processes - Safe List] aswupdsv.exe -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 10:25:06 \| 00,016,056 \| ---- \| M] (ALWIL Software) ashserv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 10:38:28 \| 00,147,640 \| ---- \| M] (ALWIL Software) applemobiledeviceservice.exe -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 15:09:16 \| 00,110,592 \| ---- \| M] (Apple, Inc.) arservice.exe -> %SystemRoot%\arservice.exe -> [2005/08/03 02:19:16 \| 00,058,880 \| ---- \| M] (Microsoft) ehrecvr.exe -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 17:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) ehsched.exe -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 23:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) lssrvc.exe -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/06/21 07:08:48 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Company) nvsvc32.exe -> %SystemRoot%\system32\nvsvc32.exe -> [2008/09/17 09:55:00 \| 00,163,908 \| ---- \| M] (NVIDIA Corporation) pnkbstra.exe -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/09/01 04:20:08 \| 00,066,872 \| ---- \| M] () wwsecure.exe -> %SystemRoot%\system32\wwSecure.exe -> [2005/04/20 11:34:12 \| 00,487,936 \| ---- \| M] (Webroot Software, Inc.) mcrdsvc.exe -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 23:27:08 \| 00,099,328 \| ---- \| M] (Microsoft Corporation) ashmaisv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 10:38:04 \| 00,250,040 \| ---- \| M] (ALWIL Software) ashwebsv.exe -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 10:25:45 \| 00,348,344 \| ---- \| M] (ALWIL Software) ehtray.exe -> %SystemRoot%\ehome\ehtray.exe -> [2005/08/05 23:56:34 \| 00,064,512 \| ---- \| M] (Microsoft Corporation) ehmsas.exe -> %SystemRoot%\ehome\ehmsas.exe -> [2005/08/05 23:56:28 \| 00,046,592 \| ---- \| M] (Microsoft Corporation) rthdcpl.exe -> %SystemRoot%\RTHDCPL.EXE -> [2006/06/13 23:05:26 \| 16,239,616 \| ---- \| M] (Realtek Semiconductor Corp.) arpwrmsg.exe -> %SystemRoot%\arpwrmsg.exe -> [2005/08/03 02:19:16 \| 00,077,312 \| ---- \| M] (Microsoft) rundll32.exe -> %SystemRoot%\system32\rundll32.exe -> [2008/04/13 20:12:33 \| 00,033,280 \| ---- \| M] (Microsoft Corporation) wuauclt.exe -> %SystemRoot%\system32\wuauclt.exe -> [2008/07/18 22:10:42 \| 00,053,448 \| ---- \| M] (Microsoft Corporation) wscntfy.exe -> %SystemRoot%\system32\wscntfy.exe -> [2008/04/13 20:12:41 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) otscanit2.exe -> %UserProfile%\Desktop\OTScanIt2\OTScanIt2.exe -> [2008/10/04 19:54:08 \| 00,415,744 \| ---- \| M] (OldTimer Tools) [Win32 Services - Safe List] (Apple Mobile Device) Apple Mobile Device [Win32_Own \| Auto \| Running] -> %CommonProgramFiles%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2007/10/31 15:09:16 \| 00,110,592 \| ---- \| M] (Apple, Inc.) (ARSVC) ARSVC [Win32_Own \| Auto \| Running] -> %SystemRoot%\arservice.exe -> [2005/08/03 02:19:16 \| 00,058,880 \| ---- \| M] (Microsoft) (aspnet_state) ASP.NET State Service [Win32_Own \| On_Demand \| Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -> [2007/04/13 03:20:52 \| 00,033,632 \| ---- \| M] (Microsoft Corporation) (aswupdsv) avast! iAVS4 Control Service [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Alwil Software\Avast4\aswUpdSv.exe -> [2008/07/19 10:25:06 \| 00,016,056 \| ---- \| M] (ALWIL Software) (avast! antivirus) avast! antivirus [Win32_Own \| Auto \| Running] -> %ProgramFiles%\Alwil Software\Avast4\ashServ.exe -> [2008/07/19 10:38:28 \| 00,147,640 \| ---- \| M] (ALWIL Software) (avast! mail scanner) avast! mail scanner [Win32_Own \| On_Demand \| Running] -> %ProgramFiles%\Alwil Software\Avast4\ashMaiSv.exe -> [2008/07/19 10:38:04 \| 00,250,040 \| ---- \| M] (ALWIL Software) (avast! web scanner) avast! web scanner [Win32_Own \| On_Demand \| Running] -> %ProgramFiles%\Alwil Software\Avast4\ashWebSv.exe -> [2008/07/23 10:25:45 \| 00,348,344 \| ---- \| M] (ALWIL Software) (CiSvc) Indexing Service [Win32_Shared \| On_Demand \| Stopped] -> %SystemRoot%\system32\cisvc.exe -> [2008/04/13 20:12:14 \| 00,005,632 \| ---- \| M] (Microsoft Corporation) (clr_optimization_v2.0.50727_32) .NET Runtime Optimization Service v2.0.50727_X86 [Win32_Own \| On_Demand \| Stopped] -> %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2007/04/13 03:21:18 \| 00,068,952 \| ---- \| M] (Microsoft Corporation) (ehrecvr) Media Center Receiver Service [Win32_Own \| Auto \| Running] -> %SystemRoot%\ehome\ehrecvr.exe -> [2006/10/09 17:16:56 \| 00,237,568 \| ---- \| M] (Microsoft Corporation) (ehsched) Media Center Scheduler Service [Win32_Own \| Auto \| Running] -> %SystemRoot%\ehome\ehSched.exe -> [2005/08/05 23:56:32 \| 00,102,912 \| ---- \| M] (Microsoft Corporation) (Fax) Fax [Win32_Own \| On_Demand \| Stopped] -> %SystemRoot%\system32\fxssvc.exe -> [2008/04/13 20:12:21 \| 00,267,776 \| ---- \| M] (Microsoft Corporation) (gusvc) Google Updater Service [Win32_Own \| On_Demand \| Stopped] -> %ProgramFiles%\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2008/07/11 16:00:15 \| 00,138,168 \| ---- \| M] (Google) (IDriverT) InstallDriver Table Manager [Win32_Own \| On_Demand \| Stopped] -> %CommonProgramFiles%\InstallShield\Driver\1050\Intel 32\IDriverT.exe -> [2004/10/22 13:24:18 \| 00,073,728 \| ---- \| M] (Macrovision Corporation) (LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own \| Auto \| Running] -> %CommonProgramFiles%\LightScribe\LSSrvc.exe -> [2006/06/21 07:08:48 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Company) (McrdSvc) Media Center Extender Service [Win32_Own \| Auto \| Running] -> %SystemRoot%\ehome\mcrdsvc.exe -> [2005/08/05 23:27:08 \| 00,099,328 \| ---- \| M] (Microsoft Corporation) (NVSvc) NVIDIA Display Driver Service [Win32_Own \| Auto \| Running] -> %SystemRoot%\system32\nvsvc32.exe -> [2008/09/17 09:55:00 \| 00,163,908 \| ---- \| M] (NVIDIA Corporation) (PnkBstrA) PnkBstrA [Win32_Own \| Auto \| Running] -> %SystemRoot%\system32\PnkBstrA.exe -> [2007/09/01 04:20:08 \| 00,066,872 \| ---- \| M] () (TlntSvr) Telnet [Win32_Own \| Disabled \| Stopped] -> %SystemRoot%\system32\tlntsvr.exe -> [2008/04/13 20:12:38 \| 00,073,216 \| ---- \| M] (Microsoft Corporation) (usnjsvc) Messenger Sharing Folders USN Journal Reader service [Win32_Own \| On_Demand \| Stopped] -> %ProgramFiles%\MSN Messenger\usnsvc.exe -> [2007/01/19 13:54:14 \| 00,097,136 \| ---- \| M] (Microsoft Corporation) (vsmon) TrueVector Internet Monitor [Win32_Own \| Auto \| Stopped] -> %SystemRoot%\system32\ZoneLabs\vsmon.exe -> [2008/07/09 09:05:18 \| 00,075,304 \| ---- \| M] (Zone Labs, LLC) (wmpnetworksvc) Windows Media Player Network Sharing Service [Win32_Own \| On_Demand \| Stopped] -> %ProgramFiles%\Windows Media Player\wmpnetwk.exe -> [2006/10/18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) (wwSecSvc) Washer AutoComplete [Win32_Own \| Auto \| Running] -> %SystemRoot%\system32\wwSecure.exe -> [2005/04/20 11:34:12 \| 00,487,936 \| ---- \| M] (Webroot Software, Inc.) [Driver Services - Safe List] (aavmker4) avast! Asynchronous Virus Monitor [Kernel \| System \| Running] -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/07/19 10:32:15 \| 00,026,944 \| ---- \| M] (ALWIL Software) (AmdK8) AMD Processor Driver [Kernel \| System \| Running] -> %SystemRoot%\system32\drivers\AmdK8.sys -> [2005/03/09 17:53:00 \| 00,036,352 \| ---- \| M] (Advanced Micro Devices) (aracpi) aracpi [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\aracpi.sys -> [2005/08/03 02:19:14 \| 00,022,784 \| ---- \| M] (Microsoft Corporation) (arhidfltr) MS Ar HID Filter Driver [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\arhidfltr.sys -> [2005/08/03 02:19:14 \| 00,019,200 \| ---- \| M] (Microsoft Corporation) (arkbcfltr) Microsoft PS2 Keyboard Filter [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\arkbcfltr.sys -> [2005/08/03 02:19:16 \| 00,005,376 \| ---- \| M] (Microsoft Corporation) (armoucfltr) Microsoft PS2 Mouse Filter [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\armoucfltr.sys -> [2005/08/03 02:19:16 \| 00,004,992 \| ---- \| M] (Microsoft Corporation) (ARPolicy) ARPolicy [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\arpolicy.sys -> [2005/08/03 02:19:14 \| 00,010,112 \| ---- \| M] (Microsoft Corporation) (aswfsblk) aswfsblk [File_System \| Auto \| Running] -> %SystemRoot%\system32\drivers\aswFsBlk.sys -> [2008/07/19 10:37:42 \| 00,020,560 \| ---- \| M] (ALWIL Software) (aswmon2) avast! Standard Shield Support [File_System \| Auto \| Running] -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/07/19 10:37:21 \| 00,094,416 \| ---- \| M] (ALWIL Software) (aswrdr) aswrdr [Kernel \| On_Demand \| Running] -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/07/19 10:33:42 \| 00,023,152 \| ---- \| M] (ALWIL Software) (aswsp) avast! Self Protection [Kernel \| System \| Running] -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/07/19 10:35:18 \| 00,078,416 \| ---- \| M] (ALWIL Software) (aswTdi) avast! Network Shield Support [Kernel \| System \| Running] -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/07/19 10:32:36 \| 00,042,912 \| ---- \| M] (ALWIL Software) (catchme) catchme [Kernel \| On_Demand \| Stopped] -> %SystemDrive%\ComboFix\catchme.sys -> File not found (CCDECODE) Closed Caption Decoder [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\ccdecode.sys -> [2008/04/13 14:46:23 \| 00,017,024 \| ---- \| M] (Microsoft Corporation) (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\hdaudbus.sys -> [2008/04/13 12:36:05 \| 00,144,384 \| ---- \| M] (Windows (R) Server 2003 DDK provider) (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\HPZid412.sys -> [2006/12/06 02:02:28 \| 00,049,920 \| R--- \| M] (HP) (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\HPZipr12.sys -> [2006/12/06 02:02:28 \| 00,016,496 \| R--- \| M] (HP) (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\HPZius12.sys -> [2006/12/06 02:02:29 \| 00,021,568 \| R--- \| M] (HP) (HSXHWBS2) HSXHWBS2 [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\HSXHWBS2.sys -> [2005/12/06 14:20:50 \| 00,241,664 \| ---- \| M] (Conexant Systems, Inc.) (HSX_DP) HSX_DP [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\HSX_DP.sys -> [2005/12/06 14:20:40 \| 00,936,448 \| ---- \| M] (Conexant Systems, Inc.) (IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\RtkHDAud.sys -> [2006/06/14 14:04:12 \| 04,299,264 \| ---- \| M] (Realtek Semiconductor Corp.) (intelppm) Intel Processor Driver [Kernel \| Disabled \| Stopped] -> %SystemRoot%\system32\drivers\intelppm.sys -> [2008/04/13 14:31:32 \| 00,036,352 \| ---- \| M] (Microsoft Corporation) (KLIF) KLIF [File_System \| System \| Running] -> %SystemRoot%\system32\drivers\klif.sys -> [2007/07/19 15:10:28 \| 00,127,768 \| ---- \| M] (Kaspersky Lab) (mdmxsdk) mdmxsdk [Kernel \| Auto \| Running] -> %SystemRoot%\system32\drivers\mdmxsdk.sys -> [2005/10/05 18:57:08 \| 00,012,544 \| ---- \| M] (Conexant) (MHNDRV) MHN driver [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\mhndrv.sys -> [2004/08/10 05:45:04 \| 00,011,008 \| ---- \| M] (Microsoft Corporation) (MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\mstee.sys -> [2008/04/13 14:39:50 \| 00,005,504 \| ---- \| M] (Microsoft Corporation) (NABTSFEC) NABTS/FEC VBI Codec [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\nabtsfec.sys -> [2008/04/13 14:46:25 \| 00,085,248 \| ---- \| M] (Microsoft Corporation) (NdisIP) Microsoft TV/Video Connection [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\ndisip.sys -> [2008/04/13 14:46:22 \| 00,010,880 \| ---- \| M] (Microsoft Corporation) (NTProcDrv) Process creation detector for NT. [Kernel \| On_Demand \| Stopped] -> %ProgramFiles%\Silkroad\Bot\NTProcDrv.sys -> [2005/02/23 15:08:16 \| 00,003,584 \| ---- \| M] () (nv) nv [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\nv4_mini.sys -> [2008/09/17 09:55:00 \| 06,132,576 \| ---- \| M] (NVIDIA Corporation) (NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\NVENETFD.sys -> [2006/03/03 18:31:02 \| 00,034,176 \| ---- \| M] (NVIDIA Corporation) (nvndis) NVIDIA NDIS IO Control Driver [Kernel \| Auto \| Stopped] -> %SystemRoot%\system32\Drivers\NvNdis.sys -> File not found (nvnetbus) NVIDIA Network Bus Enumerator [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\nvnetbus.sys -> [2006/03/03 18:31:04 \| 00,013,056 \| ---- \| M] (NVIDIA Corporation) (PCIIde) PCIIde [Kernel \| Boot \| Running] -> %SystemRoot%\system32\drivers\pciide.sys -> [2001/08/17 23:51:52 \| 00,003,328 \| ---- \| M] (Microsoft Corporation) (pfc) Padus ASPI Shell [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\pfc.sys -> [2004/10/11 11:28:18 \| 00,009,856 \| ---- \| M] (Padus, Inc.) (Processor) Processor Driver [Kernel \| System \| Stopped] -> %SystemRoot%\system32\drivers\processr.sys -> [2008/04/13 14:31:30 \| 00,035,840 \| ---- \| M] (Microsoft Corporation) (Ptilink) Direct Parallel Link Driver [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\ptilink.sys -> [2004/08/10 00:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) (PxHelp20) PxHelp20 [Kernel \| Boot \| Running] -> %SystemRoot%\system32\drivers\pxhelp20.sys -> [2006/03/09 14:00:00 \| 00,046,080 \| ---- \| M] (Sonic Solutions) (rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\RTL8139.sys -> [2004/08/03 17:31:34 \| 00,020,992 \| ---- \| M] (Realtek Semiconductor Corporation) (Secdrv) Secdrv [Kernel \| Auto \| Running] -> %SystemRoot%\system32\drivers\secdrv.sys -> [2007/11/13 06:25:53 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (SLIP) BDA Slip De-Framer [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\slip.sys -> [2008/04/13 14:46:23 \| 00,011,136 \| ---- \| M] (Microsoft Corporation) (sptd) sptd [Kernel \| Boot \| Running] -> %SystemRoot%\system32\drivers\sptd.sys -> [2008/08/16 16:26:36 \| 00,717,296 \| ---- \| M] () (SQTECH905C) DualCamera [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\Capt905c.sys -> [2005/07/13 11:08:20 \| 00,033,890 \| ---- \| M] (Service & Quality Technology.) (streamip) BDA IPSink [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\streamip.sys -> [2008/04/13 14:46:21 \| 00,015,232 \| ---- \| M] (Microsoft Corporation) (tsp) tsp [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\klif.sys -> [2007/07/19 15:10:28 \| 00,127,768 \| ---- \| M] (Kaspersky Lab) (USBAAPL) Apple Mobile USB Driver [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\usbaapl.sys -> [2007/10/31 15:09:14 \| 00,030,464 \| ---- \| M] (Apple, Inc.) (usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\usbehci.sys -> [2008/04/13 14:45:35 \| 00,030,208 \| ---- \| M] (Microsoft Corporation) (usbohci) Microsoft USB Open Host Controller Miniport Driver [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\usbohci.sys -> [2008/04/13 14:45:35 \| 00,017,152 \| ---- \| M] (Microsoft Corporation) (ViaIde) ViaIde [Kernel \| Boot \| Running] -> %SystemRoot%\system32\drivers\viaide.sys -> [2008/04/13 14:40:31 \| 00,005,376 \| ---- \| M] (Microsoft Corporation) (vsdatant) vsdatant [Kernel \| Auto \| Running] -> %SystemRoot%\system32\vsdatant.sys -> [2008/07/09 09:05:22 \| 00,394,952 \| ---- \| M] (Zone Labs, LLC) (winachsx) winachsx [Kernel \| On_Demand \| Running] -> %SystemRoot%\system32\drivers\HSX_CNXT.sys -> [2005/12/06 14:20:42 \| 00,670,208 \| ---- \| M] (Conexant Systems, Inc.) (WpdUsb) WpdUsb [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\wpdusb.sys -> [2006/10/18 20:00:00 \| 00,038,528 \| ---- \| M] (Microsoft Corporation) (WSTCODEC) World Standard Teletext Codec [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\wstcodec.sys -> [2008/04/13 14:46:24 \| 00,019,200 \| ---- \| M] (Microsoft Corporation) (WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [Kernel \| Boot \| Running] -> %SystemRoot%\system32\drivers\WudfPf.sys -> [2006/09/28 19:55:50 \| 00,077,568 \| ---- \| M] (Microsoft Corporation) (WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [Kernel \| On_Demand \| Stopped] -> %SystemRoot%\system32\drivers\WudfRd.sys -> [2006/09/28 20:00:34 \| 00,082,944 \| ---- \| M] (Microsoft Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\Default_Page_URL -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Main\\Default_Search_URL -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Default_Secondary_Page_URL -> -> HKEY_LOCAL_MACHINE\: Main\\Extensions Off Page -> about:NoAdd-ons -> HKEY_LOCAL_MACHINE\: Main\\Local Page -> %SystemRoot%\system32\blank.htm -> HKEY_LOCAL_MACHINE\: Main\\Search Page -> http://go.microsoft.com/fwlink/?LinkId=54896 -> HKEY_LOCAL_MACHINE\: Main\\Security Risk Page -> about:SecurityRisk -> HKEY_LOCAL_MACHINE\: Main\\Start Page -> http://go.microsoft.com/fwlink/?LinkId=69157 -> HKEY_LOCAL_MACHINE\: Search\\CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm -> HKEY_LOCAL_MACHINE\: Search\\CustomSearch -> http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr8/http://www.yahoo.com/ext/search/search.html -> HKEY_LOCAL_MACHINE\: Search\\SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> -> HKEY_CURRENT_USER\: Main\\Local Page -> C:\WINDOWS\system32\blank.htm -> HKEY_CURRENT_USER\: Main\\Search Page -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> HKEY_CURRENT_USER\: Main\\SearchMigratedDefaultName -> Yahoo! Search -> HKEY_CURRENT_USER\: Main\\SearchMigratedDefaultURL -> http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 -> HKEY_CURRENT_USER\: Main\\Start Page -> http://www.plentyoffish.com/ -> HKEY_CURRENT_USER\: URLSearchHooks\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} [HKLM] -> %SystemRoot%\system32\ieframe.dll [Microsoft Url Search Hook] -> [2008/06/23 12:57:33 \| 06,066,176 \| ---- \| M] (Microsoft Corporation) HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found HKEY_CURRENT_USER\: ProxyEnable -> 0 -> < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\System32\drivers\etc\Hosts -> 127.0.0.1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> %ProgramFiles%\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [AcroIEHlprObj Class] -> [2005/09/24 06:12:08 \| 00,063,136 \| ---- \| M] (Adobe Systems Incorporated) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\ssv.dll [SSVHelper Class] -> [2008/06/10 04:27:02 \| 00,509,328 \| ---- \| M] (Sun Microsystems, Inc.) {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [Google Toolbar Helper] -> [2008/07/11 16:00:15 \| 02,403,392 \| R--- \| M] (Google Inc.) {bdb8325a-1b1b-422c-bce8-085654f17b32} [HKLM] -> %SystemRoot%\system32\nxdsht.dll [Reg Error: Value does not exist or could not be read.] -> [2008/10/03 18:19:14 \| 00,123,904 \| ---- \| M] () < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/07/11 16:00:15 \| 02,403,392 \| R--- \| M] (Google Inc.) < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> %ProgramFiles%\Google\GoogleToolbar1.dll [&Google] -> [2008/07/11 16:00:15 \| 02,403,392 \| R--- \| M] (Google Inc.) WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] -> File not found WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] -> File not found WebBrowser\\{F2CF5485-4E02-4F68-819C-B92DE9277049} [HKLM] -> %SystemRoot%\system32\ieframe.dll [&Links] -> [2008/06/23 12:57:33 \| 06,066,176 \| ---- \| M] (Microsoft Corporation) < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "AlwaysReady Power Message APP" -> %SystemRoot%\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/03 02:19:16 \| 00,077,312 \| ---- \| M] (Microsoft) "ehTray" -> %SystemRoot%\ehome\ehtray.exe [C:\WINDOWS\ehome\ehtray.exe] -> [2005/08/05 23:56:34 \| 00,064,512 \| ---- \| M] (Microsoft Corporation) "NvCplDaemon" -> %SystemRoot%\system32\nvcpl.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2008/09/17 09:55:00 \| 13,574,144 \| ---- \| M] (NVIDIA Corporation) "NvMediaCenter" -> %SystemRoot%\system32\nvmctray.dll [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/09/17 09:55:00 \| 00,086,016 \| ---- \| M] (NVIDIA Corporation) "nwiz" -> %SystemRoot%\system32\nwiz.exe [nwiz.exe /install] -> [2008/09/17 09:55:00 \| 01,657,376 \| ---- \| M] () "PCDrProfiler" -> [] -> File not found "RTHDCPL" -> %SystemRoot%\RTHDCPL.EXE [RTHDCPL.EXE] -> [2006/06/13 23:05:26 \| 16,239,616 \| ---- \| M] (Realtek Semiconductor Corp.) "ZoneAlarm Client" -> %ProgramFiles%\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2008/07/09 09:05:20 \| 00,919,016 \| ---- \| M] (Zone Labs, LLC) < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup -> < Compaq_Administrator Startup Folder > -> C:\Documents and Settings\Compaq_Administrator\Start Menu\Programs\Startup -> < Software Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Policies\Microsoft\Internet Explorer -> < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [227] -> File not found \\"NoDrives" -> [0] -> File not found \\"NoDriveAutoRun" -> [67108863] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"dontdisplaylastusername" -> [0] -> File not found \\"legalnoticecaption" -> [] -> File not found \\"legalnoticetext" -> [] -> File not found \\"shutdownwithoutlogon" -> [1] -> File not found \\"undockwithoutlogon" -> [1] -> File not found \\"InstallVisualStyle" -> %SystemRoot%\Resources\Themes\Royale\Royale.mss [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> File not found \\"InstallTheme" -> %SystemRoot%\Resources\Themes\Royale.the [C:\WINDOWS\Resources\Themes\Royale.theme] -> File not found \\"DisableRegistryTools" -> [0] -> File not found \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found < CurrentVersion Policy Settings [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDrives" -> [0] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"HideLegacyLogonScripts" -> [0] -> File not found \\"HideLogoffScripts" -> [0] -> File not found \\"HideStartupScripts" -> [0] -> File not found \\"RunLogonScriptSync" -> [1] -> File not found \\"RunStartupScriptSync" -> [0] -> File not found < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {08B0E5C0-4FCB-11CF-AAA5-00401C608501}:{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Menu: Sun Java Console] -> [2008/06/10 04:27:02 \| 00,132,496 \| ---- \| M] (Sun Microsystems, Inc.) {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/09/24 14:49:29 \| 00,000,706 \| ---- \| M] () {E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> %SystemRoot%\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/09/24 14:49:29 \| 00,000,706 \| ---- \| M] () {fb5f1910-f110-11d2-bb9e-00c04f795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Button: Messenger] -> [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) {fb5f1910-f110-11d2-bb9e-00c04f795683}:Exec [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Menu: Windows Messenger] -> [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) < Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\ -> CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [Sun Java Console] -> [2008/06/10 04:27:02 \| 00,132,496 \| ---- \| M] (Sun Microsystems, Inc.) CmdMapping\\{E2D4D26B-0180-43a4-B05F-462D6D54C789} [HKLM] -> [Internet Connection Help] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> PluginsPageFriendlyName -> Microsoft ActiveX Gallery -> PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 1 domain(s) found. -> 1 domain(s) and sub-domain(s) not assigned to a zone. < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {17492023-C23A-453E-A040-C7C580BBF700} [HKLM] -> http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab[Windows Genuine Advantage Validation Tool] -> {20A60F0D-9AFA-4515-A0FD-83BD84642501} [HKLM] -> http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab[Checkers Class] -> {233C1507-6A77-46A4-9443-F871F945D258} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[Shockwave ActiveX Control] -> {67DABFBF-D0AB-41FA-9C46-CC0F21721616} [HKLM] -> http://download.divx.com/player/DivXBrowserPlugin.cab[DivXBrowserPlugin Object] -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1216700393_42e961975d53e50d0437a73c55ee9081&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab[Java Plug-in 1.6.0_07] -> {B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab[MSN Games - Installer] -> {BD393C14-72AD-4790-A095-76522973D6B8} [HKLM] -> http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab[CBreakshotControl Class] -> {C3F79A2B-B9B4-4A66-B012-3EE46475B072} [HKLM] -> http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab[MessengerStatsClient Class] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab[Java Plug-in 1.6.0_07] -> {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[Shockwave Flash Object] -> {E6187999-9FEC-46A1-A20F-F4CA977D5643} [HKLM] -> http://messenger.zone.msn.com/binary/Chess.cab57176.cab[ZoneChess Object] -> {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} [HKLM] -> https://secure.gopetslive.com/dev/GoPetsWeb.cab[GoPetsWeb Control] -> < DNS Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {5459ECE3-DE17-424A-81ED-010F81C934A8} -> (NVIDIA nForce Networking Controller) -> {5DF7AE14-91FB-46C7-A971-83A58B97C9B8} -> () -> {892900FC-9814-4488-99C0-81491C1EE93D} -> (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> nxdsht.dll -> %SystemRoot%\system32\nxdsht.dll -> [2008/10/03 18:19:14 \| 00,123,904 \| ---- \| M] () MultiFile Done -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> WgaLogon -> %SystemRoot%\system32\WgaLogon.dll -> [2007/03/15 18:16:42 \| 00,236,928 \| ---- \| M] (Microsoft Corporation) < SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad -> "{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" [HKLM] -> %SystemRoot%\system32\WPDShServiceObj.dll [WPDShServiceObj] -> [2006/10/18 21:47:22 \| 00,133,632 \| ---- \| M] (Microsoft Corporation) < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 \| 00,141,312 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe::Enabled:Compaq Connections] -> [2006/08/08 08:54:08 \| 00,036,903 \| ---- \| M] (Hewlett-Packard) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 17:10:02 \| 00,297,752 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1] -> [2007/01/19 13:54:56 \| 05,674,352 \| ---- \| M] (Microsoft Corporation) < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List -> "%windir%\Network Diagnostic\xpnetdiag.exe" -> C:\WINDOWS\network diagnostic\xpnetdiag.exe [%windir%\Network Diagnostic\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000] -> [2008/04/13 14:53:32 \| 00,558,080 \| ---- \| M] (Microsoft Corporation) "%windir%\system32\sessmgr.exe" -> C:\WINDOWS\system32\sessmgr.exe [%windir%\system32\sessmgr.exe::enabled:@xpsp2res.dll,-22019] -> [2008/04/13 20:12:34 \| 00,141,312 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\Azureus\Azureus.exe" -> C:\Program Files\Azureus\Azureus.exe [C:\Program Files\Azureus\Azureus.exe::Enabled:Azureus] -> [2008/04/06 00:39:21 \| 00,254,976 \| ---- \| M] (Azureus Inc) "C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe" -> C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe [C:\Program Files\Compaq Connections\5577497\Program\Compaq Connections.exe::Enabled:Compaq Connections] -> [2006/08/08 08:54:08 \| 00,036,903 \| ---- \| M] (Hewlett-Packard) "C:\Program Files\LimeWire\LimeWire.exe" -> C:\Program Files\LimeWire\LimeWire.exe [C:\Program Files\LimeWire\LimeWire.exe::Enabled:LimeWire] -> [2008/06/18 14:58:16 \| 00,147,456 \| ---- \| M] (Lime Wire, LLC) "C:\Program Files\Messenger\msmsgs.exe" -> C:\Program Files\Messenger\msmsgs.exe [C:\Program Files\Messenger\msmsgs.exe::Enabled:Windows Messenger] -> [2008/04/13 20:12:28 \| 01,695,232 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\livecall.exe" -> C:\Program Files\MSN Messenger\livecall.exe [C:\Program Files\MSN Messenger\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)] -> [2007/01/04 17:10:02 \| 00,297,752 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\MSN Messenger\msnmsgr.exe" -> C:\Program Files\MSN Messenger\msnmsgr.exe [C:\Program Files\MSN Messenger\msnmsgr.exe::Enabled:Windows Live Messenger 8.1] -> [2007/01/19 13:54:56 \| 05,674,352 \| ---- \| M] (Microsoft Corporation) "C:\Program Files\NovaLogic\Delta Force Xtreme\dfx.exe" -> C:\Program Files\NovaLogic\Delta Force Xtreme\dfx.exe [C:\Program Files\NovaLogic\Delta Force Xtreme\dfx.exe::Enabled:dfx] -> [2005/11/08 15:19:42 \| 04,497,408 \| ---- \| M] () "C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe" -> C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe [C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\Jointops.exe::Enabled:Jointops] -> [2005/10/13 19:53:34 \| 04,517,888 \| ---- \| M] () "C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE" -> C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\update.exe [C:\Program Files\NovaLogic\Joint Operations Typhoon Rising\UPDATE.EXE::Enabled:UPDATE] -> [2005/09/26 14:31:48 \| 00,266,240 \| ---- \| M] (NovaLogic) "C:\Program Files\Silkroad\Bot\srobot.exe" -> C:\Program Files\Silkroad\Bot\srobot.exe [C:\Program Files\Silkroad\Bot\srobot.exe::Enabled:HookSrv] -> [2008/09/23 14:55:34 \| 00,065,536 \| ---- \| M] () "C:\Program Files\Silkroad\SilkErrSender.exe" -> C:\Program Files\Silkroad\SilkErrSender.exe [C:\Program Files\Silkroad\SilkErrSender.exe::Enabled:FTPSender MFC ?? ????] -> [2005/01/31 17:39:32 \| 00,139,264 \| ---- \| M] () < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> "AlternateShell" -> cmd.exe -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> %SystemRoot%\system32\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/04/13 14:40:46 \| 00,062,976 \| ---- \| M] (Microsoft Corporation) < Drives with AutoRun files > -> -> AUTOEXEC.BAT [] -> %SystemDrive%\AUTOEXEC.BAT [ NTFS ] -> [2005/08/31 00:02:02 \| 00,000,000 \| ---- \| M] () AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 08:07:38 \| 00,000,000 \| -HS- \| M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> [Files/Folders - Created Within 30 Days] 70 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp -> 3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp -> OTScanIt2 -> %UserProfile%\Desktop\OTScanIt2 -> [2008/10/05 02:23:44 \| 00,000,000 \| ---D \| C] OTScanIt2.exe -> %UserProfile%\Desktop\OTScanIt2.exe -> [2008/10/05 02:23:23 \| 00,586,451 \| ---- \| C] () fidbox.dat -> %SystemRoot%\System32\drivers\fidbox.dat -> [2008/10/04 17:10:04 \| 00,172,064 \| -HS- \| C] () fidbox.idx -> %SystemRoot%\System32\drivers\fidbox.idx -> [2008/10/04 17:10:04 \| 00,003,020 \| -HS- \| C] () hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [2008/10/04 17:10:03 \| 10,722,22208 \| -HS- \| C] () d3d9caps.dat -> %SystemRoot%\System32\d3d9caps.dat -> [2008/10/04 15:24:04 \| 00,000,664 \| ---- \| C] () klif.sys -> %SystemRoot%\System32\drivers\klif.sys -> [2008/10/04 00:45:13 \| 00,127,768 \| ---- \| C] (Kaspersky Lab) RECYCLER -> %SystemDrive%\RECYCLER -> [2008/10/03 20:36:56 \| 00,000,000 \| -HSD \| C] wpa.dbl -> %SystemRoot%\System32\wpa.dbl -> [2008/10/03 20:13:00 \| 00,002,148 \| ---- \| C] () erdnt -> %SystemRoot%\erdnt -> [2008/10/03 20:10:00 \| 00,000,000 \| ---D \| C] swxcacls.exe -> %SystemRoot%\swxcacls.exe -> [2008/10/03 20:05:54 \| 00,212,480 \| ---- \| C] (SteelWerX) SWREG.exe -> %SystemRoot%\SWREG.exe -> [2008/10/03 20:05:54 \| 00,161,792 \| ---- \| C] (SteelWerX) SWSC.exe -> %SystemRoot%\SWSC.exe -> [2008/10/03 20:05:54 \| 00,136,704 \| ---- \| C] (SteelWerX) sed.exe -> %SystemRoot%\sed.exe -> [2008/10/03 20:05:54 \| 00,098,816 \| ---- \| C] () fdsv.exe -> %SystemRoot%\fdsv.exe -> [2008/10/03 20:05:54 \| 00,089,504 \| ---- \| C] (Smallfrogs Studio) grep.exe -> %SystemRoot%\grep.exe -> [2008/10/03 20:05:54 \| 00,080,412 \| ---- \| C] () zip.exe -> %SystemRoot%\zip.exe -> [2008/10/03 20:05:54 \| 00,068,096 \| ---- \| C] () VFind.exe -> %SystemRoot%\VFind.exe -> [2008/10/03 20:05:54 \| 00,049,152 \| ---- \| C] () Nircmd.exe -> %SystemRoot%\Nircmd.exe -> [2008/10/03 20:05:54 \| 00,028,672 \| ---- \| C] (NirSoft) ComboFix.exe -> %UserProfile%\Desktop\ComboFix.exe -> [2008/10/03 20:01:31 \| 02,889,194 \| R--- \| C] () nxdsht.dll -> %SystemRoot%\System32\nxdsht.dll -> [2008/10/03 18:19:14 \| 00,123,904 \| ---- \| C] () Windows Live Messenger.lnk -> %AllUsersProfile%\Desktop\Windows Live Messenger.lnk -> [2008/10/03 17:53:36 \| 00,001,744 \| ---- \| C] () HijackThis.lnk -> %UserProfile%\Desktop\HijackThis.lnk -> [2008/10/03 14:22:15 \| 00,001,742 \| ---- \| C] () Trend Micro -> %ProgramFiles%\Trend Micro -> [2008/10/03 14:22:15 \| 00,000,000 \| ---D \| C] ascbalon.dll -> %SystemRoot%\System32\ascbalon.dll -> [2008/10/02 20:51:28 \| 00,036,864 \| ---- \| C] () ascbalo3N.dll -> %SystemRoot%\System32\ascbalo3N.dll -> [2008/10/02 20:51:28 \| 00,036,864 \| ---- \| C] () Spybot - Search & Destroy -> %AllUsersProfile%\Application Data\Spybot - Search & Destroy -> [2008/10/02 18:26:03 \| 00,000,000 \| ---D \| C] Spybot - Search & Destroy -> %ProgramFiles%\Spybot - Search & Destroy -> [2008/10/02 18:25:31 \| 00,000,000 \| ---D \| C] FNTCACHE.DAT -> %SystemRoot%\System32\FNTCACHE.DAT -> [2008/10/02 17:53:56 \| 00,173,080 \| ---- \| C] () aswTdi.sys -> %SystemRoot%\System32\drivers\aswTdi.sys -> [2008/10/02 12:31:37 \| 00,042,912 \| ---- \| C] (ALWIL Software) aswRdr.sys -> %SystemRoot%\System32\drivers\aswRdr.sys -> [2008/10/02 12:31:37 \| 00,023,152 \| ---- \| C] (ALWIL Software) avast! Antivirus.lnk -> %AllUsersProfile%\Desktop\avast! Antivirus.lnk -> [2008/10/02 12:31:37 \| 00,001,717 \| ---- \| C] () aavmker4.sys -> %SystemRoot%\System32\drivers\aavmker4.sys -> [2008/10/02 12:31:36 \| 00,026,944 \| ---- \| C] (ALWIL Software) aswmon2.sys -> %SystemRoot%\System32\drivers\aswmon2.sys -> [2008/10/02 12:31:30 \| 00,094,416 \| ---- \| C] (ALWIL Software) aswmon.sys -> %SystemRoot%\System32\drivers\aswmon.sys -> [2008/10/02 12:31:30 \| 00,093,264 \| ---- \| C] (ALWIL Software) aswSP.sys -> %SystemRoot%\System32\drivers\aswSP.sys -> [2008/10/02 12:31:30 \| 00,078,416 \| ---- \| C] (ALWIL Software) aswFsBlk.sys -> %SystemRoot%\System32\drivers\aswFsBlk.sys -> [2008/10/02 12:31:30 \| 00,020,560 \| ---- \| C] (ALWIL Software) aswBoot.exe -> %SystemRoot%\System32\aswBoot.exe -> [2008/10/02 12:31:17 \| 01,163,960 \| ---- \| C] (ALWIL Software) actskin4.ocx -> %SystemRoot%\System32\actskin4.ocx -> [2008/10/02 12:31:17 \| 00,380,928 \| ---- \| C] () Gifs -> %UserProfile%\Desktop\Gifs -> [2008/09/29 18:25:02 \| 00,000,000 \| ---D \| C] Thumbs.db -> %SystemRoot%\Thumbs.db -> [2008/09/28 01:25:58 \| 00,007,680 \| -HS- \| C] () JO ICE Mod.lnk -> %UserProfile%\Desktop\JO ICE Mod.lnk -> [2008/09/27 15:33:14 \| 00,001,937 \| ---- \| C] () Joint Operations Escalation.lnk -> %AllUsersProfile%\Desktop\Joint Operations Escalation.lnk -> [2008/09/27 14:44:30 \| 00,001,949 \| ---- \| C] () Prefetch -> %SystemRoot%\Prefetch -> [2008/09/24 19:32:12 \| 00,000,000 \| ---D \| C] nvapps.nvb -> %SystemRoot%\System32\nvapps.nvb -> [2008/09/24 19:29:13 \| 00,201,050 \| ---- \| C] () scripting -> %SystemRoot%\System32\scripting -> [2008/09/24 14:46:37 \| 00,000,000 \| ---D \| C] l2schemas -> %SystemRoot%\l2schemas -> [2008/09/24 14:46:37 \| 00,000,000 \| ---D \| C] en -> %SystemRoot%\System32\en -> [2008/09/24 14:46:37 \| 00,000,000 \| ---D \| C] bits -> %SystemRoot%\System32\bits -> [2008/09/24 14:46:36 \| 00,000,000 \| ---D \| C] ServicePackFiles -> %SystemRoot%\ServicePackFiles -> [2008/09/24 14:45:05 \| 00,000,000 \| ---D \| C] $NtServicePackUninstall$ -> %SystemRoot%\$NtServicePackUninstall$ -> [2008/09/24 14:39:39 \| 00,000,000 \| -H-D \| C] wmphoto.dll -> %SystemRoot%\System32\wmphoto.dll -> [2008/09/20 11:49:37 \| 00,276,992 \| ---- \| C] (Microsoft Corporation) wlanapi.dll -> %SystemRoot%\System32\wlanapi.dll -> [2008/09/20 11:49:35 \| 00,069,120 \| ---- \| C] (Microsoft Corporation) windowscodecs.dll -> %SystemRoot%\System32\windowscodecs.dll -> [2008/09/20 11:49:34 \| 00,712,704 \| ---- \| C] (Microsoft Corporation) windowscodecsext.dll -> %SystemRoot%\System32\windowscodecsext.dll -> [2008/09/20 11:49:34 \| 00,346,112 \| ---- \| C] (Microsoft Corporation) viaagp.sys -> %SystemRoot%\System32\drivers\viaagp.sys -> [2008/09/20 11:49:32 \| 00,042,240 \| ---- \| C] (Microsoft Corporation) wacompen.sys -> %SystemRoot%\System32\drivers\wacompen.sys -> [2008/09/20 11:49:32 \| 00,014,208 \| ---- \| C] (Microsoft Corporation) usbvideo.sys -> %SystemRoot%\System32\drivers\usbvideo.sys -> [2008/09/20 11:49:30 \| 00,121,984 \| ---- \| C] (Microsoft Corporation) usb8023x.sys -> %SystemRoot%\System32\drivers\usb8023x.sys -> [2008/09/20 11:49:30 \| 00,012,800 \| ---- \| C] (Microsoft Corporation) uagp35.sys -> %SystemRoot%\System32\drivers\uagp35.sys -> [2008/09/20 11:49:28 \| 00,044,672 \| ---- \| C] (Microsoft Corporation) tsgqec.dll -> %SystemRoot%\System32\tsgqec.dll -> [2008/09/20 11:49:27 \| 00,053,248 \| ---- \| C] (Microsoft Corporation) tspkg.dll -> %SystemRoot%\System32\tspkg.dll -> [2008/09/20 11:49:27 \| 00,050,688 \| ---- \| C] (Microsoft Corporation) spupdwxp.exe -> %SystemRoot%\System32\spupdwxp.exe -> [2008/09/20 11:49:21 \| 00,020,992 \| ---- \| C] (Microsoft Corporation) spdwnwxp.exe -> %SystemRoot%\System32\spdwnwxp.exe -> [2008/09/20 11:49:19 \| 00,007,680 \| ---- \| C] (Microsoft Corporation) smbali.sys -> %SystemRoot%\System32\drivers\smbali.sys -> [2008/09/20 11:49:18 \| 00,005,888 \| ---- \| C] (Microsoft Corporation) sffp_mmc.sys -> %SystemRoot%\System32\drivers\sffp_mmc.sys -> [2008/09/20 11:49:16 \| 00,010,240 \| ---- \| C] (Microsoft Corporation) setupn.exe -> %SystemRoot%\System32\setupn.exe -> [2008/09/20 11:49:15 \| 00,032,768 \| ---- \| C] (Microsoft Corporation) rhttpaa.dll -> %SystemRoot%\System32\rhttpaa.dll -> [2008/09/20 11:49:12 \| 00,290,304 \| ---- \| C] (Microsoft Corporation) rfcomm.sys -> %SystemRoot%\System32\drivers

OldTimer View Member Profile	Oct 5 2008, 07:33 AM Post #4
GeekU Moderator Posts: 1,616 From: Holland Michigan USA OS: XP Pro	Hi NatPortmanYUM. The log is too big to fit into a single post. It needs to be attached (use the Browse and Upload buttons below the reply input window) or uploaded in multiple posts. The log above was cut-off and is incomplete. Cheers. OT

NatPortmanYUM View Member Profile	Oct 5 2008, 03:37 PM Post #5
Member Posts: 20 From: Canada OS: XP	Here you go. Attached File(s) OTScanIt.Txt ( 120.4K ) Number of downloads: 5

OldTimer View Member Profile	Oct 5 2008, 07:20 PM Post #6
GeekU Moderator Posts: 1,616 From: Holland Michigan USA OS: XP Pro	Hi NatPortmanYUM. Let's see what we can do. Follow the steps below in order: Step #1 Start OTScanIt2. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button. CODE [Kill Explorer] [Unregister Dlls] [Registry - Safe List] < Internet Explorer Settings [HKEY_CURRENT_USER\] > -> YN -> HKEY_CURRENT_USER\: URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ YY -> {bdb8325a-1b1b-422c-bce8-085654f17b32} [HKLM] -> %SystemRoot%\system32\nxdsht.dll [Reg Error: Value does not exist or could not be read.] < Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ YN -> WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.] YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] -> Reg Error: Key does not exist or could not be opened. [Yahoo! Toolbar] < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run YN -> "PCDrProfiler" -> [] < CurrentVersion Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies YN -> \\"DisableRegistryTools" -> [0] < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs AppInit_DLLs -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls YY -> nxdsht.dll -> %SystemRoot%\system32\nxdsht.dll < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs [Files/Folders - Created Within 30 Days] NY -> 70 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp NY -> 3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp NY -> nxdsht.dll -> %SystemRoot%\System32\nxdsht.dll NY -> ascbalon.dll -> %SystemRoot%\System32\ascbalon.dll NY -> ascbalo3N.dll -> %SystemRoot%\System32\ascbalo3N.dll [Files/Folders - Modified Within 30 Days] NY -> 70 C:\WINDOWS\System32\.tmp files -> C:\WINDOWS\System32\.tmp NY -> 3 C:\WINDOWS\.tmp files -> C:\WINDOWS\.tmp NY -> qmgr0.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat NY -> qmgr1.dat -> C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat NY -> nxdsht.dll -> %SystemRoot%\System32\nxdsht.dll NY -> ascbalon.dll -> %SystemRoot%\System32\ascbalon.dll NY -> ascbalo3N.dll -> %SystemRoot%\System32\ascbalo3N.dll [Empty Temp Folders] [Start Explorer] The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply. If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTScanIt2 will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply. Step #2 Now let's run an online virus scan. Both of these require Internet Explorer. Try F-Secure first. Sometimes it doesn't play nice with other system components so if it cannot complete then try the Kaspersky scan. You only need to complete one of the two. Run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only! Click on Online Services and then Online Scanner Accept the License Agreement. Once the ActiveX installs,Click Full System Scan Once the download completes,the scan will begin automatically. The scan will take some time to finish,so please be patient. When the scan completes, click the Automatic cleaning (recommended) button. Click the Show Report button and Copy&Paste the entire report in your next reply. If the F-Secure scan did not work then try an online scan with Kaspersky WebScanner Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Extended (if available otherwise Standard) Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer The program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Step #3 Run a new OTScanIt2 scan with the following options Note: You must be logged on to the system with an account that has Administrator privileges to run this program. Close ALL OTHER PROGRAMS. Open the OTScanIt2 folder and double-click on OTScanIt2.exe to start the program. Just use the default settings. Do not change any other settings. Now click the Run Scan button on the toolbar. Let it run unhindered until it finishes. When the scan is complete Notepad will open with the report file loaded in it. Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it and close Notepad (save changes if necessary). Close OTScanIt2 and locate the OTScanIt.txt file in the folder where OTScanIt2.exe is located. Attach that file back here in your next reply. Step #4 Copy/paste the following back here in your next reply: The latest OTScanIt2 fix log (look in the OTScanIt2 folder for a file with a name in the form of mmddyyyy_hhmmss.log for month, day, year, hours, minutes, and seconds that the scan was run. ) The online virus scan report (whichever one you ran) Attach the following back here in your next reply: The new OTScanIt2 scan log I will review the information when it comes back in. Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer. Cheers. OT

NatPortmanYUM

Oct 6 2008, 12:45 PM

Post #7

Member

Posts: 20
From: Canada
OS: XP

Hi

Here is the log from step 1

Explorer killed successfully
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM] not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKLM]\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bdb8325a-1b1b-422c-bce8-085654f17b32}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bdb8325a-1b1b-422c-bce8-085654f17b32}\ deleted successfully.
LoadLibrary failed for C:\WINDOWS\system32\nxdsht.dll
C:\WINDOWS\system32\nxdsht.dll NOT unregistered.
C:\WINDOWS\system32\nxdsht.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PCDrProfiler deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\\DisableRegistryTools not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:nxdsht.dll deleted successfully.
File C:\WINDOWS\system32\nxdsht.dll not found.
[Files/Folders - Created Within 30 Days]
File C:\WINDOWS&#