[mbard]

I believe that my computer may have some type of search engine virus. Everytime I attempt a search I get redirected to a site for anti virus software or shopping sites. My computer seems to be running a little slower than normal, but everything else seems ok. I have run quite a few spyware and virus scans and can't seem to figure out what to do next. Any help would be greatly appreciated!
Thanks!



Logfile of Advanced SystemCare 3 Security Analyzer
Scan saved at 10:38:02 PM, on 1/5/2009
Platform: Windows XP (WinNT 5.1)
MSIE: Internet Explorer v7.0 (7.0.5730.11)
Boot mode: Fail-Safe

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.6.0_11) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Plug-in 1.6.0_11) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload.ma...ent/swflash.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

[Advertisements]

Where did you get that program

Please run the MGA Diagnostic Tool and post back the report it shall produce:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

[Rorschach112]

Where did you get that program

Please run the MGA Diagnostic Tool and post back the report it shall produce:

• Download MGADiag to your desktop.
• Double-click on MGADiag.exe to launch the program
• Click "Continue"
• Ensure that the "Windows" tab is selected (it should be by default).
• Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
• Paste the MGA Diagnostic Report back here in your next reply.

[mbard]

My husband got the program. I believe it was recommended to him by someone he works with, and he uses it on his work computer.
Here is the MGA report.



Diagnostic Report (1.7.0110.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-8PY8B-R2HGV-W7FQB
Windows Product Key Hash: hTJ57qCeGtfXJ10bpikU54MRMJk=
Windows Product ID: 76477-OEM-2156966-00728
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.2.0.hom
ID: {6A338B81-2916-4BBC-8545-DCABB993DB7B}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.18.5
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_FA827CE6-153-8007007e_FA827CE6-180-8007007e

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6A338B81-2916-4BBC-8545-DCABB993DB7B}</UGUID><Version>1.7.0110.1</Version><OS>5.1.2600.2.00010300.2.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W7FQB</PKey><PID>76477-OEM-2156966-00728</PID><PIDType>3</PIDType><SID>S-1-5-21-1275210071-725345543-839522115</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension 4700 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="3"/><Date>20060104000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>807D334701844063</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData> <Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57014</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A8CE:Dell Inc|1A8CE:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

[Rorschach112]

hello

* It's extremely important and essential that you update Windows to Service Pack 2, you can do that here.
Make sure you download Service Pack 2 and any other important updates.

[mbard]

Thanks for the advice. I updated the Service Pack and did a few security updates. Then I downloaded a trial version of Windows Live One Care. It installed and ran a scan and found a few items, deleted them and now everything seems ok. Here is a current MGA report. Do I need to do anything else?



Diagnostic Report (1.7.0110.1):
-----------------------------------------
WGA Data-->
Validation Status: Genuine
Validation Code: 0
Online Validation Code: N/A
Cached Validation Code: N/A
Windows Product Key: *****-*****-8PY8B-R2HGV-W7FQB
Windows Product Key Hash: hTJ57qCeGtfXJ10bpikU54MRMJk=
Windows Product ID: 76477-OEM-2156966-00728
Windows Product ID Type: 3
Windows License Type: OEM System Builder
Windows OS version: 5.1.2600.2.00010300.3.0.hom
ID: {6A338B81-2916-4BBC-8545-DCABB993DB7B}(3)
Is Admin: Yes
TestCab: 0x0
WGA Version: Registered, 1.7.18.5
Signed By: Microsoft
Product Name: N/A
Architecture: N/A
Build lab: N/A
TTS Error: N/A
Validation Diagnostic: 025D1FF3-171-1
Resolution Status: N/A

WgaER Data-->
ThreatID(s): N/A
Version: N/A

WGA Notifications Data-->
Cached Result: 0
File Exists: Yes
Version: 1.7.18.5
WgaTray.exe Signed By: Microsoft
WgaLogon.dll Signed By: Microsoft

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
WGATray.exe Signed By: Microsoft
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 114 Blocked VLK 2
Microsoft Office Professional Edition 2003 - 114 Blocked VLK 2
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-171-1_FA827CE6-153-8007007e_FA827CE6-180-8007007e

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Win32)
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{6A338B81-2916-4BBC-8545-DCABB993DB7B}</UGUID><Version>1.7.0110.1</Version><OS>5.1.2600.2.00010300.3.0.hom</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-W7FQB</PKey><PID>76477-OEM-2156966-00728</PID><PIDType>3</PIDType><SID>S-1-5-21-1275210071-725345543-839522115</SID><SYSTEM><Manufacturer>Dell Inc. </Manufacturer><Model>Dimension 4700 </Model></SYSTEM><BIOS><Manufacturer>Dell Inc. </Manufacturer><Version>A10</Version><SMBIOSVersion major="2" minor="3"/><Date>20060104000000.000000+000</Date><SLPBIOS>Dell System,Dell Computer,Dell System,Dell System</SLPBIOS></BIOS><HWID>807D334701844063</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM/><BRT/></MachineData><Software><Office><Result>114</Result><Products><Product GUID="{90110409-6000-11D3-8CFE-0150048383C9}"><LegitResult>114</LegitResult><Name>Microsoft Office Professional Edition 2003</Name><Ver>11</Ver><Val>59D1605114E3500</Val><Hash>vfZmaSmFPIYrLWTcZSZErUQg+Fo=</Hash><Pid>73931-640-0000106-57014</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="11" Result="114"/><App Id="16" Version="11" Result="114"/><App Id="18" Version="11" Result="114"/><App Id="19" Version="11" Result="114"/><App Id="1A" Version="11" Result="114"/><App Id="1B" Version="11" Result="114"/><App Id="44" Version="11" Result="114"/></Applications></Office></Software></GenuineResults>

Licensing Data-->
N/A

HWID Data-->
N/A

OEM Activation 1.0 Data-->
BIOS string matches: yes
Marker string from BIOS: 1A8CE:Dell Inc|1A8CE:Microsoft Corporation
Marker string from OEMBIOS.DAT: Dell System,Dell Computer,Dell System,Dell System

OEM Activation 2.0 Data-->
N/A

[Rorschach112]

yes a bit more

Download Rooter.exe to your desktop

• Then doubleclick it to start the tool
• A Notepad file containing the report will open, also found at %systemdrive%\Rooter.txt. Post that here

[mbard]

Here is the report....


Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : Phoenix ROM BIOS PLUS Version 1.10 A10
USER : Owner ( Administrator )
BOOT : Normal boot

Antivirus : Windows Live OneCare 1.0.0 (Activated)
Firewall : Windows Live OneCare Firewall 1.0.0 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:74 Go (Free:57 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)

Thu 01/08/2009|14:30

----------------------\\ Search..

No infections found !


1 - "C:\Rooter$\Rooter_1.txt" - Thu 01/08/2009|14:31

----------------------\\ Scan completed at 14:31



*** I have noticed today that when the computer tried to run the automatic updates I got a pop up that said "The feature you are trying to use is on a network resource that is unavailable. Click OK to try again, or enter an alternate path to a folder containing the installation package "PRO11.MSI" in the box below. The computer can't find this file and can't do the updates. We also can't open Excel without getting a message that says "Please wait while Windows configures Microsoft Office Prof. Ed. 2003" Then we get another pop up that says "Error 1706. Setup cannot find the required files. Check your connection to the network, or CD-ROM drive. For other potential solutions to this problem see C:\Program Files\Microsoft Office\Office11\1033\SETUP.CHM." Word, Power Point and Publisher all open without these pop ups. Did something happen when I upgraded the Service Pack? What should I do?

Edited by mbard, 08 January 2009 - 08:07 PM.

[Rorschach112]

hello

• Download OTListIt2 to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Standard Registry box change it to All.
• Check the boxes beside LOP Check and Purity Check.
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.

[mbard]

Here are the files.....

OTListIt logfile created on: 1/9/2009 2:44:12 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 586.71 Mb Available Physical Memory | 57.86% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.38 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-ED144E44C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe (Microsoft Corporation)
C:\WINDOWS\system32\LEXBCES.EXE (Lexmark International, Inc.)
C:\WINDOWS\system32\LEXPPS.EXE (Lexmark International, Inc.)
C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
C:\WINDOWS\system32\igfxpers.exe (Intel Corporation)
C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe (Microsoft Corporation)
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe (IObit)
C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe (Microsoft Corporation)
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
c:\WINDOWS\system32\ZuneBusEnum.exe (Microsoft Corporation)
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe (Microsoft Corporation)
C:\Program Files\Microsoft Windows OneCare Live\winss.exe (Microsoft Corporation)
C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation)
C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(ALG [On_Demand | Running]) -- C:\WINDOWS\system32\alg File not found
(AppMgmt [On_Demand | Stopped]) -- File not found
(aspnet_state [On_Demand | Stopped]) -- File not found
(CiSvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\cisvc File not found
(ClipSrv [Disabled | Stopped]) -- C:\WINDOWS\system32\clipsrv File not found
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- File not found
(COMSysApp [On_Demand | Stopped]) -- File not found
(dmadmin [On_Demand | Stopped]) -- C:\WINDOWS\system32\dmadmin File not found
(Eventlog [Auto | Running]) -- C:\WINDOWS\system32\eventlog.dll (Microsoft Corporation)
(gusvc [On_Demand | Stopped]) -- File not found
(helpsvc [Auto | Running]) -- C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
(HidServ [Disabled | Stopped]) -- File not found
(IDriverT [On_Demand | Stopped]) -- File not found
(ImapiService [On_Demand | Stopped]) -- File not found
(JavaQuickStarterService [Auto | Running]) -- File not found
(LexBceS [Auto | Running]) -- C:\WINDOWS\system32\LEXBCES File not found
(MDM [Auto | Running]) -- File not found
(mnmsrvc [Disabled | Stopped]) -- C:\WINDOWS\system32\mnmsrvc File not found
(MSDTC [On_Demand | Stopped]) -- C:\WINDOWS\system32\msdtc [2006/08/29 12:04:54 00,000,000 | ---D | M]
(msfwsvc [Auto | Running]) -- File not found
(MSIServer [On_Demand | Stopped]) -- File not found
(NetDDE [Disabled | Stopped]) -- C:\WINDOWS\system32\netdde File not found
(NetDDEdsdm [Disabled | Stopped]) -- File not found
(Netlogon [On_Demand | Stopped]) -- C:\WINDOWS\system32\netlogon.dll (Microsoft Corporation)
(NtLmSsp [Disabled | Stopped]) -- File not found
(OcHealthMon [Auto | Running]) -- File not found
(OneCareMP [Auto | Running]) -- File not found
(ose [On_Demand | Stopped]) -- File not found
(PlugPlay [Auto | Running]) -- File not found
(PolicyAgent [Auto | Running]) -- File not found
(ProtectedStorage [Auto | Running]) -- File not found
(RDSessMgr [On_Demand | Stopped]) -- File not found
(RpcLocator [On_Demand | Stopped]) -- File not found
(RSVP [On_Demand | Stopped]) -- C:\WINDOWS\system32\rsvp File not found
(SamSs [Auto | Running]) -- File not found
(SCardSvr [On_Demand | Stopped]) -- C:\WINDOWS\system32\scardsvr File not found
(Spooler [Auto | Running]) -- File not found
(sprtsvc_ddoctorv2 [Auto | Running]) -- File not found
(SwPrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\swprv.dll (Microsoft Corporation)
(SysmonLog [Disabled | Stopped]) -- File not found
(UPS [On_Demand | Stopped]) -- C:\WINDOWS\system32\ups File not found
(Viewpoint Manager Service [Auto | Stopped]) -- File not found
(VSS [On_Demand | Stopped]) -- File not found
(WinDefend [Auto | Stopped]) -- File not found
(winss [Auto | Running]) -- File not found
(WmiApSrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\wbem\wmiapsrv File not found
(WudfSvc [Auto | Running]) -- C:\WINDOWS\system32\WudfSvc.dll (Microsoft Corporation)
(ZuneBusEnum [Auto | Running]) -- C:\WINDOWS\system32\ZuneBusEnum File not found
(ZuneNetworkSvc [On_Demand | Stopped]) -- File not found
(ZuneWlanCfgSvc [On_Demand | Stopped]) -- C:\WINDOWS\system32\ZuneWlanCfgSvc File not found

========== Driver Services (SafeList) ==========

(ACPI [Boot | Running]) -- File not found
(AFD [System | Running]) -- File not found
(atapi [Boot | Running]) -- File not found
(audstub [On_Demand | Running]) -- File not found
(Beep [System | Running]) -- File not found
(Cdfs [Disabled | Running]) -- File not found
(Cdrom [System | Running]) -- File not found
(Disk [Boot | Running]) -- File not found
(DMusic [On_Demand | Stopped]) -- C:\WINDOWS\system32\dmusic.dll (Microsoft Corporation)
(drvmcdb [Boot | Running]) -- File not found
(drvnddm [Auto | Running]) -- File not found
(E100B [On_Demand | Running]) -- File not found
(Fdc [On_Demand | Running]) -- File not found
(Fips [System | Running]) -- File not found
(Flpydisk [On_Demand | Running]) -- File not found
(FltMgr [Boot | Running]) -- File not found
(Ftdisk [Boot | Running]) -- File not found
(Gpc [On_Demand | Running]) -- File not found
(HPZipr12 [On_Demand | Stopped]) -- C:\WINDOWS\system32\HPZipr12.dll (HP)
(HTTP [On_Demand | Running]) -- File not found
(i8042prt [System | Running]) -- File not found
(ialm [On_Demand | Running]) -- File not found
(Imapi [System | Running]) -- C:\WINDOWS\system32\imapi File not found
(IntelIde [Boot | Running]) -- File not found
(intelppm [System | Running]) -- File not found
(IpFilterDriver [Auto | Running]) -- File not found
(IpNat [On_Demand | Running]) -- File not found
(IPSec [System | Running]) -- File not found
(isapnp [Boot | Running]) -- File not found
(Kbdclass [System | Running]) -- File not found
(KSecDD [Boot | Running]) -- File not found
(mnmdd [System | Running]) -- C:\WINDOWS\system32\mnmdd.dll (Microsoft Corporation)
(Mouclass [System | Running]) -- File not found
(MountMgr [Boot | Running]) -- File not found
(MpFilter [On_Demand | Running]) -- File not found
(MRxDAV [On_Demand | Running]) -- File not found
(MRxSmb [System | Running]) -- File not found
(Msfs [System | Running]) -- File not found
(MSFWDrv [Auto | Running]) -- File not found
(MSFWHLPR [System | Running]) -- File not found
(mssmbios [On_Demand | Running]) -- File not found
(Mup [Boot | Running]) -- File not found
(NDIS [Boot | Running]) -- File not found
(NdisTapi [On_Demand | Running]) -- File not found
(Ndisuio [On_Demand | Running]) -- File not found
(NdisWan [On_Demand | Running]) -- File not found
(NDProxy [On_Demand | Running]) -- File not found
(NetBIOS [System | Running]) -- File not found
(NetBT [System | Running]) -- File not found
(Npfs [System | Running]) -- File not found
(Ntfs [Disabled | Running]) -- File not found
(Null [System | Running]) -- File not found
(OMCI [System | Running]) -- File not found
(Parport [On_Demand | Running]) -- File not found
(PartMgr [Boot | Running]) -- File not found
(ParVdm [Auto | Running]) -- File not found
(PCI [Boot | Running]) -- File not found
(PCIIde [Boot | Running]) -- File not found
(PptpMiniport [On_Demand | Running]) -- File not found
(PSched [On_Demand | Running]) -- File not found
(Ptilink [On_Demand | Running]) -- File not found
(PxHelp20 [Boot | Running]) -- File not found
(RasAcd [System | Running]) -- File not found
(Rasl2tp [On_Demand | Running]) -- File not found
(RasPppoe [On_Demand | Running]) -- File not found
(Raspti [On_Demand | Running]) -- File not found
(Rdbss [System | Running]) -- File not found
(RDPCDD [System | Running]) -- File not found
(redbook [System | Running]) -- File not found
(SASDIFSV [System | Running]) -- File not found
(SASENUM [On_Demand | Running]) -- File not found
(SASKUTIL [System | Running]) -- File not found
(senfilt [On_Demand | Running]) -- File not found
(serenum [On_Demand | Running]) -- File not found
(Serial [System | Running]) -- File not found
(smwdm [On_Demand | Running]) -- File not found
(sr [Boot | Running]) -- C:\WINDOWS\system32\wbem\sr.mof ()
(Srv [On_Demand | Running]) -- File not found
(sscdbhk5 [System | Running]) -- File not found
(ssrtln [System | Running]) -- File not found
(swenum [On_Demand | Running]) -- File not found
(sysaudio [On_Demand | Running]) -- File not found
(Tcpip [System | Running]) -- File not found
(TermDD [System | Running]) -- File not found
(tfsnboio [Auto | Running]) -- File not found
(tfsncofs [Auto | Running]) -- File not found
(tfsndrct [Auto | Running]) -- File not found
(tfsndres [Auto | Running]) -- File not found
(tfsnifs [Auto | Running]) -- File not found
(tfsnopio [Auto | Running]) -- File not found
(tfsnpool [Auto | Running]) -- File not found
(tfsnudf [Auto | Running]) -- File not found
(tfsnudfa [Auto | Running]) -- File not found
(Update [On_Demand | Running]) -- File not found
(usbehci [On_Demand | Running]) -- File not found
(usbhub [On_Demand | Running]) -- File not found
(usbprint [On_Demand | Running]) -- File not found
(usbuhci [On_Demand | Running]) -- File not found
(VgaSave [System | Running]) -- C:\WINDOWS\system32\vga.dll (Microsoft Corporation)
(VolSnap [Boot | Running]) -- File not found
(Wanarp [On_Demand | Running]) -- File not found
(Wdf01000 [On_Demand | Running]) -- File not found
(wdmaud [On_Demand | Running]) -- C:\WINDOWS\system32\wdmaud File not found
(WS2IFSL [System | Running]) -- File not found
(WudfPf [Boot | Running]) -- File not found
(zumbus [Auto | Running]) -- File not found

========== Standard Registry (All) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: (267151 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 9252 more lines...
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)
O4 - HKLM..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2 File not found
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe File not found
O4 - HKLM..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" File not found
O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe File not found
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime File not found
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe File not found
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r File not found
O4 - HKLM..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide File not found
O4 - HKLM..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe" File not found
O4 - HKCU..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup File not found
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop File not found
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0


O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs File not found
O15 - HKLM\..Trusted Sites: 46 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Sites: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/b...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} http://www.mpix.com/...geUploader3.cab (Aurigma Image Uploader 3.5 Control)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - about - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - cdl - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - dvd - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - file - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ftp - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - gopher - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - http\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - http\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - https\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - https\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - javascript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - local - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mailto - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mhtml - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler: - mk - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - ms-its - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler: - ms-itss - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler: - res - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - sysimage - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - tv - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler: - vbscript - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler: - wia - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-complus - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/x-msdownload - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter: - Class Install Handler - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - deflate - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - lzdhtml - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/webviewhtml - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9}C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153}C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5}C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Browseui preloader) - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: (Component Categories cache daemon) - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = explorer.exe
>C:\WINDOWS\explorer File not found

"UserInit" = C:\WINDOWS\system32\userinit.exe,
>C:\WINDOWS\system32\userinit File not found

"UIHost" = logonui.exe
>C:\WINDOWS\system32\logonui File not found

"VMApplet" = rundll32 shell32,Control_RunDLL "sysdm.cpl"
>C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
>C:\WINDOWS\system32\sysdm File not found


========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
!SASWinLogon: "DllName" = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll -- C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
crypt32chain: "DllName" = crypt32.dll -- C:\WINDOWS\system32\crypt32.dll (Microsoft Corporation)
cryptnet: "DllName" = cryptnet.dll -- C:\WINDOWS\system32\cryptnet.dll (Microsoft Corporation)
cscdll: "DllName" = cscdll.dll -- C:\WINDOWS\system32\cscdll.dll (Microsoft Corporation)
dimsntfy: "DllName" = %SystemRoot%\System32\dimsntfy.dll -- C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
igfxcui: "DllName" = igfxdev.dll -- C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
ScCertProp: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
Schedule: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
sclgntfy: "DllName" = sclgntfy.dll -- C:\WINDOWS\system32\sclgntfy.dll (Microsoft Corporation)
SensLogn: "DllName" = WlNotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
termsrv: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)
WgaLogon: "DllName" = WgaLogon.dll -- C:\WINDOWS\system32\WgaLogon.dll (Microsoft Corporation)
wlballoon: "DllName" = wlnotify.dll -- C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)

========== IFEO "Debugger" Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\]
Your Image File Name Here without a path:"Debugger" = C:\WINDOWS\system32\ntsd File not found

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}" (HKLM) -- C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" (HKLM) -- C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}" (HKLM) -- C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

========== HKLM *SecurityProviders* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders" = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
>C:\WINDOWS\system32\msapsspc.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\digest.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msnsspc.dll (Microsoft Corporation)

========== LSA *Authentication Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Authentication Packages" = msv1_0,
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)

========== LSA *Security Packages* ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Security Packages" = kerberos,msv1_0,schannel,wdigest,
>C:\WINDOWS\system32\kerberos.dll (Microsoft Corporation)
>C:\WINDOWS\system32\msv1_0.dll (Microsoft Corporation)
>C:\WINDOWS\system32\schannel.dll (Microsoft Corporation)
>C:\WINDOWS\system32\wdigest.dll (Microsoft Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC File not found -- [ NTFS ]

========== MountPoints2 ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e4eceaa-6f85-11dd-ad12-0011113ff907}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9e4eceaa-6f85-11dd-ad12-0011113ff907}\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc128c52-4cf0-11db-ab3d-0011113ff907}\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cc128c52-4cf0-11db-ab3d-0011113ff907}\Shell\AutoRun]
"" = Auto&Play

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell]
"" = AutoRun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun]
"" = Auto&Play

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/09 14:43:21 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/01/08 15:18:53 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/01/08 15:18:53 | 00,208,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\muweb.dll
[2009/01/08 15:18:53 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/01/08 14:30:34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/01/08 14:30:22 | 00,268,052 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/01/07 22:56:25 | 00,091,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwdrv.sys
[2009/01/07 22:56:23 | 00,116,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\msfwhlpr.sys
[2009/01/07 22:55:40 | 00,053,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MpFilter.sys
[2009/01/07 22:51:45 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/01/07 22:48:48 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/01/07 22:41:24 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/01/07 22:41:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2009/01/07 22:41:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/01/07 22:41:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/01/07 22:40:11 | 00,000,000 | ---D | C] -- C:\WINDOWS\ServicePackFiles
[2009/01/07 22:38:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/01/07 22:34:42 | 00,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2009/01/07 22:34:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2009/01/07 22:20:57 | 00,000,330 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/07 22:17:52 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Defender
[2009/01/07 21:33:59 | 00,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2009/01/06 22:31:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2009/01/05 22:50:33 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/01/05 22:49:41 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/01/05 20:37:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/01/05 20:37:48 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/01/05 20:37:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2008/12/30 21:24:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2008/12/30 21:24:27 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2008/12/30 21:24:25 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2008/12/30 21:24:24 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2008/12/30 21:24:24 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2008/12/30 14:29:50 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner
[2008/12/26 18:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Fisher-Price
[2008/12/26 18:28:22 | 00,010,368 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\hidusb.sys
[2008/12/26 11:36:31 | 00,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/26 11:22:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\IObit
[2008/12/26 10:58:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/26 10:56:37 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2008/12/26 10:56:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/12/18 09:33:14 | 00,045,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Copy of D1 28day schedule ending 01102009.xls

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[7 C:\WINDOWS\*.tmp files]
[2009/01/09 14:43:21 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/01/09 12:36:37 | 00,000,432 | ---- | M] () -- C:\WINDOWS\tasks\XoftSpySE 2.job
[2009/01/09 12:36:35 | 00,000,438 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2009/01/09 12:36:30 | 00,002,500 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/01/09 12:35:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/09 12:35:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/01/09 00:51:15 | 09,089,400 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/01/08 16:55:40 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/01/08 14:30:22 | 00,268,052 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/01/07 22:51:50 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/01/07 22:50:29 | 00,406,328 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/07 22:50:29 | 00,063,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/07 22:50:28 | 00,477,846 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/01/07 22:49:52 | 00,070,712 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/01/07 22:48:14 | 00,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/07 22:38:28 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2008/12/31 12:11:03 | 00,000,373 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2008/12/26 14:27:27 | 00,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2008/12/18 09:33:14 | 00,045,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Copy of D1 28day schedule ending 01102009.xls
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/13 01:40:02 | 03,593,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/10 21:50:00 | 00,000,355 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2009/01/06 22:31:48 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/12/30 21:52:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/02/06 16:08:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2007/12/16 09:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2007/04/04 14:12:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2008/10/02 10:56:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008/10/02 10:56:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2008/06/30 23:05:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Comcast
[2008/07/10 16:01:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FLEXnet
[2006/11/18 20:51:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2008/10/16 09:30:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2008/12/30 21:24:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/01/08 20:09:43 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007/05/01 19:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2009/01/06 22:31:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
[2008/12/26 10:58:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/10/16 09:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2008/12/26 11:36:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009/01/05 20:37:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2007/08/30 14:29:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2006/12/08 21:12:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2007/12/16 09:00:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/11/26 12:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/02/24 13:36:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\yahoo!
[2006/12/08 21:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/12/30 21:24:29 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Owner\Application Data
[2008/02/06 16:11:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2008/12/30 21:52:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Adobe
[2008/05/11 22:25:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\AdobeUM
[2008/10/02 10:57:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Apple Computer
[2006/11/19 16:24:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Google
[2006/12/08 01:07:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Help
[2006/08/29 14:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Identities
[2008/12/26 11:31:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\IObit
[2006/12/07 01:06:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\KewlBoxPrefs
[2006/11/19 22:56:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2006/12/18 19:36:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Macromedia
[2008/12/30 21:24:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/01/08 12:23:31 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Owner\Application Data\Microsoft
[2008/11/03 21:58:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Move Networks
[2008/09/11 08:40:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla
[2007/06/07 10:15:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Musicmatch
[2007/08/15 17:49:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Netscape
[2008/02/25 18:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Real
[2006/11/30 22:57:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/11/19 22:56:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sonic
[2006/09/01 15:21:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sun
[2009/01/05 20:37:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
[2008/09/30 11:27:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\U3
[2007/08/15 17:53:53 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Application Data\yahoo!
[2008/12/05 21:34:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2001/08/18 07:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/01/07 22:51:50 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/01/09 12:36:35 | 00,000,438 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2008/07/24 02:01:28 | 00,000,372 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/01/09 12:35:39 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/01/09 12:36:37 | 00,000,432 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE 2.job
[2008/11/03 08:04:53 | 00,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\XoftSpySE.job

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >






OTListIt Extras logfile created on: 1/9/2009 2:44:12 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 586.71 Mb Available Physical Memory | 57.86% Memory free
2.39 Gb Paging File | 1.96 Gb Available in Paging File | 82.14% Paging File free
Paging file location(s): c:\pagefile.sys 1524 3048;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 56.38 Gb Free Space | 75.66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: OWNER-ED144E44C
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh File not found
.hlp [@ = hlpfile] -- C:\WINDOWS\system32\winhlp32 File not found
.hta [@ = htafile] -- C:\WINDOWS\system32\mshta File not found
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore File not found
.inf [@ = inffile] -- C:\WINDOWS\system32\notepad File not found
.ini [@ = inifile] -- C:\WINDOWS\system32\notepad File not found
.js [@ = JSFile] -- C:\WINDOWS\system32\wscript File not found
.jse [@ = JSEFile] -- C:\WINDOWS\system32\wscript File not found
.reg [@ = regfile] -- C:\WINDOWS\regedit File not found
.txt [@ = txtfile] -- C:\WINDOWS\system32\notepad File not found
.vbe [@ = VBEFile] -- C:\WINDOWS\system32\wscript File not found
.vbs [@ = VBSFile] -- C:\WINDOWS\system32\wscript File not found
.wsf [@ = WSFFile] -- C:\WINDOWS\system32\wscript File not found
.wsh [@ = WSHFile] -- C:\WINDOWS\system32\wscript File not found
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}" = Zune Language Pack (FR)
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C26CB-6D52-458C-A87F-1EE77F9625C6}" = Intel® PRO Network Connections
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™

[Rorschach112]

hello

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

[mbard]

Here is the ComboFix log....



ComboFix 09-01-08.05 - Owner 2009-01-09 18:33:13.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.559 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated)
FW: Windows Live OneCare Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt

.
((((((((((((((((((((((((( Files Created from 2008-12-09 to 2009-01-09 )))))))))))))))))))))))))))))))
.

2009-01-08 15:18 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2009-01-08 15:18 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2009-01-08 15:18 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2009-01-08 14:30 . 2009-01-08 14:31 <DIR> d-------- C:\Rooter$
2009-01-07 22:56 . 2007-11-27 22:56 116,416 --a------ c:\windows\system32\drivers\msfwhlpr.sys
2009-01-07 22:56 . 2007-11-27 22:56 91,328 --a------ c:\windows\system32\drivers\msfwdrv.sys
2009-01-07 22:55 . 2008-05-15 16:15 53,168 --a------ c:\windows\system32\drivers\MpFilter.sys
2009-01-07 22:51 . 2009-01-09 14:35 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2009-01-07 22:41 . 2009-01-07 22:41 <DIR> d-------- c:\windows\system32\scripting
2009-01-07 22:41 . 2009-01-07 22:41 <DIR> d-------- c:\windows\system32\en
2009-01-07 22:41 . 2009-01-07 22:41 <DIR> d-------- c:\windows\system32\bits
2009-01-07 22:41 . 2009-01-07 22:41 <DIR> d-------- c:\windows\l2schemas
2009-01-07 22:40 . 2009-01-07 22:40 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 22:34 . 2009-01-07 22:34 <DIR> d-------- c:\windows\EHome
2009-01-07 22:17 . 2009-01-07 22:17 <DIR> d-------- c:\program files\Windows Defender
2009-01-07 21:33 . 2009-01-08 16:55 1,355 --a------ c:\windows\imsins.BAK
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-05 22:49 . 2009-01-05 22:50 <DIR> d-------- c:\program files\ERUNT
2009-01-05 20:37 . 2009-01-05 20:37 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-05 20:37 . 2009-01-05 20:37 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-05 20:37 . 2009-01-05 20:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-02 14:44 . 2009-01-02 14:44 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-02 14:44 . 2009-01-02 14:44 73,728 --a------ c:\windows\system32\javacpl.cpl
2008-12-30 21:24 . 2008-12-30 21:24 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 21:24 . 2008-12-30 21:24 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2008-12-30 21:24 . 2008-12-30 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 21:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 21:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-30 14:29 . 2009-01-05 20:29 <DIR> d-------- c:\program files\EsetOnlineScanner
2008-12-26 18:31 . 2008-12-26 18:31 <DIR> d-------- c:\program files\Fisher-Price
2008-12-26 18:28 . 2008-04-13 13:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-12-26 11:22 . 2008-12-26 11:31 <DIR> d-------- c:\documents and settings\Owner\Application Data\IObit
2008-12-26 10:58 . 2008-12-26 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\SITEguard
2008-12-26 10:56 . 2008-12-26 10:56 <DIR> d-------- c:\program files\Common Files\iS3
2008-12-26 10:56 . 2008-12-26 11:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\STOPzilla!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-08 04:05 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-02 19:48 --------- d-----w c:\program files\Common Files\AOL
2009-01-02 19:46 --------- d-----w c:\program files\Java
2008-12-31 03:02 --------- d-----w c:\program files\Common Files\Adobe
2008-12-26 23:55 --------- d-----w c:\program files\Coupons
2008-12-26 17:32 --------- d-----w c:\program files\XoftSpySE
2008-12-26 17:23 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-26 16:22 --------- d-----w c:\program files\IObit
2008-12-01 21:58 --------- d-----w c:\program files\Zune
2008-11-10 17:23 60,032 ----a-w c:\windows\system32\ZuneBusEnum.exe
2008-11-10 17:23 243,840 ----a-w c:\windows\system32\ZuneWlanCfgSvc.exe
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2008-12-21 2250256]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-08-14 94208]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2008-11-10 157312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-02 136600]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2008-11-05 64880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"= wdmaud.sys

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [2008-11-05 25968]
S3 ADM8511;Belkin USB Ethernet Adapter;c:\windows\system32\drivers\NET8511.SYS [2006-08-29 24424]
S4 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
.
Contents of the 'Scheduled Tasks' folder

2008-12-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-01-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]

2009-01-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:20]

2008-07-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 11:20]

2009-01-09 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44]

2008-11-03 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2007-07-13 14:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ert2z9gr.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-iobit&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-iobit&p=
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ert2z9gr.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-09 18:34:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-01-09 18:35:50
ComboFix-quarantined-files.txt 2009-01-09 23:35:48

Pre-Run: 60,420,136,960 bytes free
Post-Run: 60,426,588,160 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

176 --- E O F --- 2009-01-09 05:51:36

[Rorschach112]

hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

[mbard]

Ok, I ran the ATF Cleaner & Malwarebytes. Here is the log....

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 3

1/11/2009 2:16:50 PM
mbam-log-2009-01-11 (14-16-50).txt

Scan type: Quick Scan
Objects scanned: 52312
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Also ran Kaspersky, but it found nothing so there is no report.


I tried to run the automatic updates again and the same message about PRO11.MSI popped up. None of the updates were able to install. Here is what the updates were...

Update for Outlook 2003 (KB943649)
Security Update for Access Snapshot Viewer 2003 (KB955439)
Security Update for Microsoft Office 2003 (KB921598)
Office 2003 Service Pack 3 (SP3)
Security Update for Microsoft Office PowerPoint 2003 (KB948988)
Security Update for Office 2003 (KB945185)
Update for Microsoft Office Outlook 2003 Junk Email Filter (KB958620)
Security Update for Microsoft Works Suite 2005 (KB943973)
Security Update for Microsoft Office Outlook 2003 (KB945432)
Security Update for Microsoft Office 2003 (KB953404)
Security Update for Microsoft Office Publisher 2003 (KB950213)
Security Update for Microsoft Office Word 2003 (KB954464)
Security Update for Office 2003 (KB954478)
Security Update for Microsoft Office Excel 2003 (KB955466)
Update for Office 2003 (KB907417)
Update for Microsoft Office Outlook 2003 (KB953432)

[Rorschach112]

post a new HJT Log

[mbard]

Here is the HJT log...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:41 PM, on 1/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Zune Launcher] "c:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/b...lineScanner.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.mpix.com/...geUploader3.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe

--
End of file - 8004 bytes