Jump to content

Welcome to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message and all ads will be removed once you have signed in.
Create an Account Login to Account

Windows Browser is being redirected [Solved]


  • This topic is locked This topic is locked

#1
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Hi,

My Windows Explorer ver 7 browser is being redirected to ad like web sites. When I use google and perform a search and then click the link I want to go to my browser is sent to a different website, I then hit the back button to finally get to the web page I originally wanted to see.

I greatly appreciate your assistance in helping me fix this very annoying problem

UPDATE: I D/L'd Malwarebytes and attempted to update the program but it kept shutting down. my current issue must be the cause. I also D/L'd ComboFix in preparation of receiveing help and I can't run that program either, it just shuts down.

I have run the following Spyware programs: AdAware SE (don't remember if I was able to update the definitions), Super AntiSpyware, And I ran Malwarebytes without the update

VR
Coolwater

Below is my Hijack This Log File:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:33:52 PM, on 3/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [iTunesHelper] D:\iTunesHelper.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKUS\S-1-5-18\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Symantec NetDriver Warning] C:\PROGRA~1\SYMNET~1\SNDWarn.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - https://help.amer.cs...oad/tgctlsi.cab
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} (Support.com Probe Class) - https://help.amer.cs...oad/tgctlpr.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} (USBAPTester Class) - http://www.nintendow...g/usbaptest.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab55579.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games – Buddy Invite) - http://zone.msn.com/...dy.cab55579.cab
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-48.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab55579.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://gamesoduser.c...es/ExentCtl.ocx
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128024255796
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmai..._downloader.cab
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://cdn2.zone.msn...gr.cab31267.cab
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} (Launcher Class) - http://patch.mnet.co...iveX/naverx.cab
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/...vl.cab55579.cab
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} (MakeShop Secure Control) - http://ssl.makeshop....ssl/MSecure.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.ado...obat/nos/gp.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games – Game Communicator) - http://zone.msn.com/...xy.cab55579.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...ploader_v10.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/z...s/heartbeat.cab
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} (KvpIspCtlD Control) - https://www.vpay.co..../KVPISPCTLD.cab
O18 - Filter hijack: text/html - {102507cd-852e-47e4-9e29-68bf9f39f9b2} - C:\WINDOWS\system32\mst123.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - D:\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PRTG Service - Paessler Router Traffic Grapher (PRTGService) - Paessler AG - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

--
End of file - 14943 bytes

Edited by coolwater777, 30 March 2009 - 05:26 PM.

  • 0

Advertisement


#2
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Hi and thanks for responding to my problem.

I followed your instructions. Here is what I did:

1. I ran the ATF Cleaner (selected all)

2. I ran ERUNT Reg Cleaner and created a backup copy of my Reg

3. I ran Malwarebytes but I was not able to update program with new definitions. I believe my current problem is the cause. Something maybe sending instructions to the Malwarebytes program to ignore the update instructions, either that or the port Malwarebytes uses is being blocked by the virus. Anyway the Logfile is posted below.

4. I ran OTList and posted both the OTlist Log and the Extra Log.

5. I was unable to run the rooter Rootkit detector, the D/L was ok but when I opened it up all I saw for almost 1 hour is a small GUI window with a blinking cursor nothing else, no logfile.

6. I removed my Symantec AV program and D/L from a different computer the Comcast free McAfee AV Program (I couldn't get to the Comcast D/L page for McAfee using the infected computer) but I am unable to install the McAfee AV program because something is stopping the program from D/L'ing needed install files from Comcast. Similar issue to Malwarebytes.

7. I have Automatic Windows Updates on and get updates regulary. When I went to the Microsoft Update Site I was unable to obtain any updates errors showed up.

I am able to connect to the internet easily and surf if needed so connectivity is not my problem but believe my computer infection is the root cause.

Below are my Log Files for OT LIST and Malwarebytes.

And THANKS again for the assistance


OTLIST LOG:

OTListIt logfile created on: 3/31/2009 6:00:05 PM - Run 2
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.65% Memory free
2.11 Gb Paging File | 1.85 Gb Available in Paging File | 87.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.25 Gb Free Space | 8.95% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 78.83 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive E: | 1.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-3253602F
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
PRC - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\drwtsn32.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (PRTGService [Auto | Running]) -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (E1000 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90X [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xnd5.sys (3Com Corporation)
DRV - (EL90XBC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smrt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smrt.sys (Sony Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (UDFReadr [System | Running]) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/27 19:48:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf (Comcast)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server (Support.com, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} https://help.amer.cs...oad/tgctlsi.cab (Support.com SmartIssue)
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} https://help.amer.cs...oad/tgctlpr.cab (Support.com Probe Class)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendow...g/usbaptest.cab (USBAPTester Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/...pandaonline.cab (TGOnlineCtrl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://gamesoduser.c...es/ExentCtl.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1128024255796 (MUWebControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Maid Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} http://patch.mnet.co...iveX/naverx.cab (Launcher Class)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop....ssl/MSecure.cab (MakeShop Secure Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co..../KVPISPCTLD.cab (KvpIspCtlD Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - ( zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/31 17:57:16 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/31 17:46:19 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/03/31 17:45:34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/31 17:12:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/31 17:12:17 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/03/31 17:12:17 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/03/31 17:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/31 17:00:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/03/31 17:00:26 | 01,222,128 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe
[2009/03/30 16:18:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 16:18:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 16:18:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 16:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 19:34:36 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/29 15:54:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/29 15:54:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/29 14:26:03 | 00,000,014 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2009/03/29 14:22:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 14:21:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/28 16:26:17 | 00,000,000 | ---- | C] () -- C:\winamp.ini
[2009/03/22 08:50:39 | 00,054,153 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bathroom2.jpg
[2009/03/21 15:39:00 | 00,029,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bathroom1.jpg
[2009/03/21 15:31:11 | 00,732,774 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bathroom.bmp
[2009/03/19 20:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/19 20:50:42 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/19 20:44:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/03/19 20:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/03/19 20:35:00 | 00,062,705 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZojirushiDemoReport_10.30.08.pdf
[2009/03/13 20:46:13 | 00,001,247 | ---- | C] () -- C:\net_save.dna
[2009/03/05 04:00:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/03/31 17:57:17 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/31 17:46:19 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/03/31 17:12:17 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/03/31 17:12:17 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/03/31 16:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
[2009/03/31 09:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
[2009/03/30 16:55:34 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/30 16:51:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/30 16:51:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/30 16:18:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 14:43:28 | 01,222,128 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe
[2009/03/30 14:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 15:54:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/29 15:54:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/29 14:26:03 | 00,000,014 | ---- | M] () -- C:\WINDOWS\ASSE.dat
[2009/03/28 16:31:04 | 00,000,711 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/03/28 16:26:17 | 00,000,000 | ---- | M] () -- C:\winamp.ini
[2009/03/27 16:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/22 08:45:40 | 00,054,153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bathroom2.jpg
[2009/03/21 15:58:07 | 00,122,880 | -HS- | M] () -- C:\Documents and Settings\Owner\Desktop\Thumbs.db
[2009/03/21 15:36:37 | 00,029,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bathroom1.jpg
[2009/03/21 15:31:11 | 00,732,774 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bathroom.bmp
[2009/03/19 20:50:42 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/19 20:36:52 | 00,062,705 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZojirushiDemoReport_10.30.08.pdf
[2009/03/13 21:04:10 | 00,001,247 | ---- | M] () -- C:\net_save.dna
[2009/03/11 06:06:35 | 00,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 06:06:35 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 06:06:35 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 03:07:54 | 00,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:01:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/03/02 16:37:46 | 00,000,690 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SpywareBlaster.lnk

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >


OTLIST EXTRA LOG FILE:

OTListIt Extras logfile created on: 3/31/2009 5:58:36 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 69.13% Memory free
2.11 Gb Paging File | 1.81 Gb Available in Paging File | 86.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.25 Gb Free Space | 8.95% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 78.83 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
Drive E: | 1.24 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-3253602F
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module (Support.com, Inc.)
C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe:*:Enabled:PRTG_Traffic_Grapher_Webserver (Paessler AG)
D:\iTunes.exe:*:Enabled:iTunes File not found
C:\WINDOWS\system32\LEXPPS.EXE:*:Enabled:LEXPPS.EXE File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\WINDOWS\system32\skcbgm.exe:*:Enabled:SK Communications Cyworld BGM Player (© SK Communications)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe (Hewlett-Packard Co.)
C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe (Hewlett-Packard)
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe (Hewlett-Packard)
E:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe File not found
C:\Documents and Settings\Owner\Application Data\mjusbsp\magicJack.exe:*:Enabled:magicJack (magicJack L.P.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000000-3976-4267-9F39-1DC4745090B7}" = Microsoft Learning and Research Plus Support Files
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Professional
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2E0695EE-ED29-4D96-BD77-2A9A17EDF0D6}" = Cypress USB Mass Storage Driver Installation
"{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"{3248F0A8-6813-11D6-A77B-00B0D0150050}" = J2SE Runtime Environment 5.0 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{369B36BE-3D64-4641-9AEA-808D436FE130}" = Microsoft Picture It! Express 7.0
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{59324A56-6450-47D1-87DE-E8CEB8EE74D0}" = Firmware upgrade utility 2.0C For Sony DW-U12A DVD-RW Drive
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{62F33B80-6244-4A70-A233-0DA13B640364}" = OpenMG Secure Module 3.2
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
"{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage
"{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
"{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.3
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{90120409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A99C6296-A311-4D6C-9602-53B4241921D5}" = Roxio Easy Media Creator 7
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{CA0A1E54-CE0F-4366-B09C-A87B61DC5633}" = Symantec Network Drivers Update
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus® for Adobe
"{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"{EE3E60BC-F29F-4E7B-A110-B538387D34DA}" = No One Lives Forever - Game of the Year Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"ATI Display Driver" = ATI Display Driver
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility
"ERUNT_is1" = ERUNT 1.1j
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
"InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
"InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"MSN Music Assistant" = MSN Music Assistant
"MSNMS" = MSN Internet Software
"NimoCorp" = Nimo Codecs Pack v5.0 (Remove Only)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"OpenMG HotFix3.2-03-01-16-01" = OpenMG Limited Patch 3.2-03-02-21-08
"OpenMG HotFix3.2-03-01-16-02" = OpenMG Limited Patch 3.2-03-03-18-01
"OpenMG HotFix3.2-03-04-14-02" = OpenMG Limited Patch 3.2-03-04-14-02
"PartyPoker" = PartyPoker
"PartyPoker.net" = PartyPoker.net
"PartyPokerNet" = PartyPokerNet
"PROSet" = Intel® PRO Network Adapters and Drivers
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Shop for HP Supplies" = Shop for HP Supplies
"SM1FX_AT" = USB Storage Adapter FX (SM1)
"SpywareBlaster_is1" = SpywareBlaster 4.1
"VAIO Support" = VAIO Support
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinZip" = WinZip

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/29/2009 1:11:01 PM | Computer Name = VALUED-3253602F | Source = MPSampleSubmission | ID = 5000
Description =

Error - 3/29/2009 5:22:18 PM | Computer Name = VALUED-3253602F | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/29/2009 6:56:28 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 10.0.0.3802, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 3/30/2009 8:53:28 AM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x61df7730.

Error - 3/30/2009 7:19:13 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

Error - 3/30/2009 7:19:45 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.35.0.0, faulting module unknown,
version 0.0.0.0, fault address 0x20021e39.

Error - 3/30/2009 7:56:50 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module msls31.dll, version 3.10.349.0, fault address 0x00006318.

Error - 3/30/2009 7:56:55 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 3/30/2009 9:47:45 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10061e39.

Error - 3/30/2009 9:47:50 PM | Computer Name = VALUED-3253602F | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16791, faulting
module unknown, version 0.0.0.0, fault address 0x10061e39.

[ System Events ]
Error - 3/29/2009 10:23:02 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/29/2009 10:23:02 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/29/2009 10:23:03 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/29/2009 10:25:36 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 3/29/2009 10:26:58 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/30/2009 9:17:51 AM | Computer Name = VALUED-3253602F | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 3/30/2009 7:51:36 PM | Computer Name = VALUED-3253602F | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 3/30/2009 7:51:56 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7000
Description = The npkcrypt service failed to start due to the following error: %%2

Error - 3/30/2009 7:53:13 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 3/30/2009 7:53:13 PM | Computer Name = VALUED-3253602F | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde


< End of report >


MALWAREBYTES LOGFILE:

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

3/31/2009 5:39:02 PM
mbam-log-2009-03-31 (17-39-02).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 141116
Time elapsed: 25 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by coolwater777, 31 March 2009 - 07:23 PM.

  • 0

#4
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
As Rooter didn't work can you please try this instead.
Meanwhile I'll review the logs above.

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)
  • 0

#5
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
I D/L'd the LOP S&D program and ran it as you instructed; I selected english then selected Option #1.

I was curious and tried Rooter again, this time it ran; I've posted it's output below the LOP S&D file.

Neither file seems to contain a lot of info and appears that maybe it didn't finish their scans although I'm unfamilar with both programs

Just let me know if I need to rerun both


Here is my Output/Logfile:


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : BIOS Date: 10/29/04 13:42:25 Ver: 08.00.08
USER : Owner ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:13 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:92 Go (Free:78 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 04/01/2009| 6:43 )

--------------------\\ Listing folders in APPLIC~1

[03/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/09/2005|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[12/24/2005|11:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[10/29/2005|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[11/08/2005|09:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> DVD Shrink
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EnterNHelp
[10/20/2007|04:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Floor Covering Soft
[10/28/2007|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/08/2008|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[03/17/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/08/2008|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[03/29/2009|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/09/2008|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/31/2009|05:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[03/29/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN Messenger 5.0.0527
[08/15/2003|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[11/03/2006|12:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Napster
[03/19/2009|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[01/02/2006|04:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> PopCap
[08/15/2003|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/09/2005|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/13/2003|08:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/28/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[04/11/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[03/06/2007|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SSH
[04/11/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/15/2003|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[08/24/2008|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[03/28/2009|08:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[03/28/2009|08:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> TEMP
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ultima_T15
[08/15/2003|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VAIO Media Platform
[12/17/2005|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[11/08/2008|07:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WEBREG
[09/29/2005|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/25/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[09/24/2008|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AdobeUM
[08/13/2003|08:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/14/2003|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[08/15/2003|12:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> MSN6
[08/15/2003|12:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[10/15/2003|06:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[12/03/2005|09:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[03/26/2006|09:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/13/2003|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/28/2007|06:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[01/06/2006|08:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[03/29/2009|10:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/30/2005|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

[12/17/2005|07:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> acccore
[03/19/2009|08:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[06/16/2007|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeAUM
[08/18/2007|06:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[11/06/2005|02:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[10/29/2005|01:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[12/05/2006|06:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Azureus
[12/28/2007|08:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[11/24/2003|02:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[11/24/2003|01:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Drag'n Drop CD+DVD
[10/20/2007|04:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FEP
[10/17/2006|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[10/03/2005|12:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[03/17/2009|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[03/31/2009|05:12] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HPAppData
[08/13/2003|08:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[06/11/2008|07:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[08/27/2007|05:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[03/25/2006|12:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/09/2008|07:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[06/01/2008|08:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[12/23/2005|07:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Games
[12/31/2008|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> mjusbsp
[12/17/2005|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[11/24/2003|02:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSN6
[06/01/2008|08:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nikon
[01/06/2006|11:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[11/18/2005|03:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Roxio
[11/09/2005|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sonic
[11/28/2003|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[03/08/2007|08:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SSH
[10/19/2005|07:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[04/11/2008|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/15/2003|06:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[11/28/2003|04:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[01/23/2007|08:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TextPad
[04/06/2008|12:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TmpRecentIcons
[12/02/2007|12:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[02/03/2007|05:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/30/2009 02:22 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[03/27/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
[03/31/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
[03/31/2009 09:00 AM][--ah-----] C:\WINDOWS\tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
[11/15/2003 02:31 PM][--a------] C:\WINDOWS\tasks\Registration reminder 2.job
[03/30/2009 04:51 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/15/2004|09:46] C:\Program Files\<DIR> ABBYY FineReader 6.0
[03/19/2009|08:51] C:\Program Files\<DIR> Adobe
[11/09/2005|09:06] C:\Program Files\<DIR> Ahead
[08/15/2003|02:04] C:\Program Files\<DIR> ATI Technologies
[04/09/2008|05:44] C:\Program Files\<DIR> Azureus
[03/13/2009|09:17] C:\Program Files\<DIR> BroadJump
[08/24/2008|07:17] C:\Program Files\<DIR> Comcast
[03/30/2009|04:48] C:\Program Files\<DIR> Common
[03/28/2009|08:39] C:\Program Files\<DIR> Common Files
[08/13/2003|08:06] C:\Program Files\<DIR> ComPlus Applications
[01/31/2008|10:02] C:\Program Files\<DIR> Cyworld Music Player
[11/09/2005|09:54] C:\Program Files\<DIR> DivX
[11/09/2005|09:54] C:\Program Files\<DIR> DivXCodec
[03/28/2009|04:19] C:\Program Files\<DIR> DNA
[10/15/2003|07:00] C:\Program Files\<DIR> drag'n drop cd+dvd
[10/15/2003|06:56] C:\Program Files\<DIR> Encarta Online
[03/31/2009|05:12] C:\Program Files\<DIR> ERUNT
[11/16/2007|10:14] C:\Program Files\<DIR> Fox
[03/28/2009|04:20] C:\Program Files\<DIR> Google
[11/08/2008|03:37] C:\Program Files\<DIR> Hewlett-Packard
[11/08/2008|03:38] C:\Program Files\<DIR> HP
[12/28/2007|08:43] C:\Program Files\<DIR> iMesh Applications
[03/28/2009|04:36] C:\Program Files\<DIR> InstallShield Installation Information
[08/14/2003|02:50] C:\Program Files\<DIR> Intel
[02/11/2009|04:01] C:\Program Files\<DIR> Internet Explorer
[03/27/2009|07:48] C:\Program Files\<DIR> Java
[03/30/2009|04:18] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/23/2008|02:11] C:\Program Files\<DIR> Messenger
[12/29/2008|06:21] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|03:03] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/13/2003|08:08] C:\Program Files\<DIR> microsoft frontpage
[03/28/2009|04:22] C:\Program Files\<DIR> Microsoft Money
[09/29/2005|01:36] C:\Program Files\<DIR> Microsoft Office
[08/15/2003|12:35] C:\Program Files\<DIR> Microsoft Picture It! 7
[03/28/2009|04:25] C:\Program Files\<DIR> Microsoft Works
[03/28/2009|04:26] C:\Program Files\<DIR> MoodLogic
[08/23/2008|02:05] C:\Program Files\<DIR> Movie Maker
[08/15/2003|12:35] C:\Program Files\<DIR> MSN
[06/13/2006|05:49] C:\Program Files\<DIR> MSN Gaming Zone
[09/29/2005|02:48] C:\Program Files\<DIR> MsnMusic
[10/15/2006|03:00] C:\Program Files\<DIR> MSXML 4.0
[11/30/2008|01:13] C:\Program Files\<DIR> Naver
[11/03/2006|12:38] C:\Program Files\<DIR> NCH Swift Sound
[08/23/2008|02:02] C:\Program Files\<DIR> NetMeeting
[08/15/2003|12:21] C:\Program Files\<DIR> Netscape
[02/03/2007|08:41] C:\Program Files\<DIR> NEXON
[06/01/2008|08:37] C:\Program Files\<DIR> Nikon
[11/09/2005|09:54] C:\Program Files\<DIR> NimoCodec Pack
[03/19/2009|08:44] C:\Program Files\<DIR> NOS
[09/29/2005|01:46] C:\Program Files\<DIR> OfficeUpdate11
[12/15/2003|03:23] C:\Program Files\<DIR> Online Services
[08/23/2008|02:02] C:\Program Files\<DIR> Outlook Express
[03/06/2009|03:58] C:\Program Files\<DIR> PartyGaming
[12/06/2006|08:07] C:\Program Files\<DIR> PartyGaming.net
[02/20/2006|06:02] C:\Program Files\<DIR> PartyPoker.net
[07/06/2008|02:02] C:\Program Files\<DIR> PokerStars
[03/03/2006|07:26] C:\Program Files\<DIR> PRTG Traffic Grapher
[03/28/2009|04:31] C:\Program Files\<DIR> Quicken
[03/28/2009|04:31] C:\Program Files\<DIR> QuickTime
[08/15/2003|12:29] C:\Program Files\<DIR> Real
[04/06/2008|10:31] C:\Program Files\<DIR> RegCleaner
[10/18/2005|06:40] C:\Program Files\<DIR> Roxio
[08/15/2003|12:38] C:\Program Files\<DIR> Shield
[04/08/2004|09:22] C:\Program Files\<DIR> Snapshot Viewer
[11/09/2005|09:00] C:\Program Files\<DIR> Sonic
[03/28/2009|04:34] C:\Program Files\<DIR> Sony
[04/11/2008|07:06] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/28/2009|08:16] C:\Program Files\<DIR> SpywareBlaster
[03/28/2009|08:20] C:\Program Files\<DIR> SUPERAntiSpyware
[03/13/2009|09:03] C:\Program Files\<DIR> support.com
[03/28/2009|04:21] C:\Program Files\<DIR> Symantec
[03/28/2009|08:39] C:\Program Files\<DIR> Symantec AntiVirus
[09/29/2005|12:37] C:\Program Files\<DIR> SymNetDrv
[04/06/2008|06:13] C:\Program Files\<DIR> Trend Micro
[08/13/2003|08:11] C:\Program Files\<DIR> Uninstall Information
[08/15/2003|12:47] C:\Program Files\<DIR> VAIOAgent
[05/25/2008|07:19] C:\Program Files\<DIR> Windows Live
[08/23/2008|02:02] C:\Program Files\<DIR> Windows Media Player
[08/23/2008|02:02] C:\Program Files\<DIR> Windows NT
[09/29/2005|12:20] C:\Program Files\<DIR> WindowsUpdate
[11/03/2006|12:38] C:\Program Files\<DIR> WinMX
[01/07/2006|04:38] C:\Program Files\<DIR> WinRAR
[11/25/2006|06:07] C:\Program Files\<DIR> WinZip
[08/13/2003|08:08] C:\Program Files\<DIR> xerox
[12/30/2006|10:13] C:\Program Files\<DIR> XviD
[02/03/2007|05:38] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files


Rooter Logfile:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:14307 Mo/Free:1205 Mo)
D:\ [Fixed] - NTFS - (Total:95032 Mo/Free:2902 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Wed 04/01/2009|17:26

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
---------- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\WINDOWS\system32\drwtsn32.exe
---------- C:\WINDOWS\system32\drwtsn32.exe
---------- C:\WINDOWS\system32\drwtsn32.exe
---------- C:\WINDOWS\system32\drwtsn32.exe
---------- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
---------- C:\Program Files\internet explorer\iexplore.exe
---------- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

Edited by coolwater777, 01 April 2009 - 06:48 PM.

  • 0

#6
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Both those logs are cut off.
They should end with a line similar to this.

----------------------\\ Scan completed at 23:44

Please make sure that you copy/paste complete logs.

There is no need to run the tools again just do the following:
Please post the content of C:\lopR.txt and C:\Rooter.txt again
  • 0

#7
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
The two logs I posted yesterday contained all the information that was part of the log file. I copied everything. As I mentioned in my earlier post I thought that something was missing on the logs and figured the programs did not fully run to completion.

Anyway, I re-ran Rooter and finally had a Scan Complete Message.

I also tried re-running Lop S&D about 50 times but each time it hung up while performing a scan. each point it hung up was different; sometimes it stopped while on the "search Lop Files - Folder - Dog Bike Meow", other times it hung on "Searching Lop Files - Folder DupeSeekFlawThird" Most times it just hangs and reports "Please Wait". I never could get this program to fully run to completion.

I posted what Lop S&D provided although it is Not a Complete Scan. It was the best (or longest) Scan the program ran out of approx 50 times


Thanks anyway


So, Below is the Rooter Log File:

Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:14307 Mo/Free:1236 Mo)
D:\ [Fixed] - NTFS - (Total:95032 Mo/Free:2902 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)

Thu 04/02/2009|17:01

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
---------- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\wscntfy.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Thu 04/02/2009|17:02

----------------------\\ Scan completed at 17:02




Here is My Lop S&D Scan results. Please remember is was not complete. I'll keep trying to get a complete scan


--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Home Edition ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel® Pentium® 4 CPU 2.80GHz )
BIOS : BIOS Date: 10/29/04 13:42:25 Ver: 08.00.08
USER : Owner ( Administrator )
BOOT : Normal boot
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:13 Go (Free:1 Go)
D:\ (Local Disk) - NTFS - Total:92 Go (Free:78 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Thu 04/02/2009|17:51 )

--------------------\\ Listing folders in APPLIC~1

[03/19/2009|08:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[11/09/2005|08:56] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[10/29/2005|01:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[08/24/2008|11:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Comcast
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> EnterNHelp
[10/28/2007|07:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[11/08/2008|03:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Hewlett-Packard
[03/17/2009|05:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[11/08/2008|03:38] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP Product Assistant
[03/29/2009|07:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Lavasoft
[04/09/2008|07:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[03/29/2009|10:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN Messenger 5.0.0527
[08/15/2003|12:36] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MSN6
[03/19/2009|08:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> NOS
[08/15/2003|12:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[11/09/2005|09:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Roxio
[08/13/2003|08:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SBSI
[03/28/2009|04:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Sony Corporation
[04/11/2008|07:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Spybot - Search & Destroy
[03/06/2007|07:35] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SSH
[04/11/2008|07:07] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SUPERAntiSpyware.com
[08/15/2003|12:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Support.com
[08/24/2008|07:17] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[06/01/2008|08:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ultima_T15
[08/15/2003|12:27] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> VAIO Media Platform
[12/17/2005|07:08] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[09/29/2005|01:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[05/25/2008|07:18] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> WLInstaller
[09/24/2008|01:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> yahoo!

[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Adobe
[08/15/2003|07:03] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AdobeUM
[08/13/2003|08:08] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[08/14/2003|03:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[08/15/2003|12:21] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Mozilla
[08/15/2003|12:36] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> MSN6
[08/15/2003|12:29] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Real
[10/15/2003|06:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Symantec

[12/03/2005|09:25] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Help
[03/26/2006|09:22] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Macromedia
[08/13/2003|08:07] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft

[10/28/2007|06:59] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Google
[01/06/2006|08:28] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Macromedia
[03/29/2009|10:23] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft
[11/30/2005|08:36] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Symantec

[12/17/2005|07:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> acccore
[03/19/2009|08:51] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Adobe
[06/16/2007|12:24] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeAUM
[08/18/2007|06:35] C:\DOCUME~1\Owner\APPLIC~1\<DIR> AdobeUM
[11/06/2005|02:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Ahead
[10/29/2005|01:31] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Apple Computer
[12/05/2006|06:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Azureus
[12/28/2007|08:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> BitTorrent
[11/24/2003|02:26] C:\DOCUME~1\Owner\APPLIC~1\<DIR> CyberLink
[11/24/2003|01:41] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Drag'n Drop CD+DVD
[10/20/2007|04:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> FEP
[10/17/2006|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Google
[10/03/2005|12:42] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Help
[03/17/2009|05:55] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HP
[04/02/2009|04:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> HPAppData
[08/13/2003|08:08] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Identities
[06/11/2008|07:13] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Lavasoft
[08/27/2007|05:48] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Leadertech
[03/25/2006|12:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Macromedia
[04/09/2008|07:14] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Malwarebytes
[06/01/2008|08:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft
[12/23/2005|07:50] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Microsoft Games
[12/31/2008|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> mjusbsp
[12/17/2005|07:05] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Mozilla
[11/24/2003|02:19] C:\DOCUME~1\Owner\APPLIC~1\<DIR> MSN6
[06/01/2008|08:39] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Nikon
[01/06/2006|11:33] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Real
[11/18/2005|03:22] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Roxio
[11/09/2005|08:57] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sonic
[11/28/2003|04:20] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sony Corporation
[03/08/2007|08:28] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SSH
[10/19/2005|07:53] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Sun
[04/11/2008|07:06] C:\DOCUME~1\Owner\APPLIC~1\<DIR> SUPERAntiSpyware.com
[10/15/2003|06:58] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Symantec
[11/28/2003|04:29] C:\DOCUME~1\Owner\APPLIC~1\<DIR> Template
[01/23/2007|08:09] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TextPad
[04/06/2008|12:36] C:\DOCUME~1\Owner\APPLIC~1\<DIR> TmpRecentIcons
[12/02/2007|12:56] C:\DOCUME~1\Owner\APPLIC~1\<DIR> U3
[02/03/2007|05:38] C:\DOCUME~1\Owner\APPLIC~1\<DIR> yahoo!

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[03/30/2009 02:22 PM][--a------] C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[03/27/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
[04/02/2009 04:00 PM][--ah-----] C:\WINDOWS\tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
[04/02/2009 09:00 AM][--ah-----] C:\WINDOWS\tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
[11/15/2003 02:31 PM][--a------] C:\WINDOWS\tasks\Registration reminder 2.job
[04/02/2009 07:32 AM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/29/2002 05:00 AM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[02/15/2004|09:46] C:\Program Files\<DIR> ABBYY FineReader 6.0
[03/19/2009|08:51] C:\Program Files\<DIR> Adobe
[11/09/2005|09:06] C:\Program Files\<DIR> Ahead
[08/15/2003|02:04] C:\Program Files\<DIR> ATI Technologies
[04/09/2008|05:44] C:\Program Files\<DIR> Azureus
[03/13/2009|09:17] C:\Program Files\<DIR> BroadJump
[08/24/2008|07:17] C:\Program Files\<DIR> Comcast
[03/30/2009|04:48] C:\Program Files\<DIR> Common
[03/28/2009|08:39] C:\Program Files\<DIR> Common Files
[08/13/2003|08:06] C:\Program Files\<DIR> ComPlus Applications
[01/31/2008|10:02] C:\Program Files\<DIR> Cyworld Music Player
[11/09/2005|09:54] C:\Program Files\<DIR> DivX
[11/09/2005|09:54] C:\Program Files\<DIR> DivXCodec
[03/28/2009|04:19] C:\Program Files\<DIR> DNA
[10/15/2003|07:00] C:\Program Files\<DIR> drag'n drop cd+dvd
[10/15/2003|06:56] C:\Program Files\<DIR> Encarta Online
[03/31/2009|05:12] C:\Program Files\<DIR> ERUNT
[11/16/2007|10:14] C:\Program Files\<DIR> Fox
[03/28/2009|04:20] C:\Program Files\<DIR> Google
[11/08/2008|03:37] C:\Program Files\<DIR> Hewlett-Packard
[11/08/2008|03:38] C:\Program Files\<DIR> HP
[12/28/2007|08:43] C:\Program Files\<DIR> iMesh Applications
[03/28/2009|04:36] C:\Program Files\<DIR> InstallShield Installation Information
[08/14/2003|02:50] C:\Program Files\<DIR> Intel
[02/11/2009|04:01] C:\Program Files\<DIR> Internet Explorer
[03/27/2009|07:48] C:\Program Files\<DIR> Java
[03/30/2009|04:18] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[08/23/2008|02:11] C:\Program Files\<DIR> Messenger
[12/29/2008|06:21] C:\Program Files\<DIR> Microsoft ActiveSync
[05/09/2007|03:03] C:\Program Files\<DIR> Microsoft CAPICOM 2.1.0.2
[08/13/2003|08:08] C:\Program Files\<DIR> microsoft frontpage
[03/28/2009|04:22] C:\Program Files\<DIR> Microsoft Money
[09/29/2005|01:36] C:\Program Files\<DIR> Microsoft Office
[08/15/2003|12:35] C:\Program Files\<DIR> Microsoft Picture It! 7
[03/28/2009|04:25] C:\Program Files\<DIR> Microsoft Works
[03/28/2009|04:26] C:\Program Files\<DIR> MoodLogic
[08/23/2008|02:05] C:\Program Files\<DIR> Movie Maker
[08/15/2003|12:35] C:\Program Files\<DIR> MSN
[06/13/2006|05:49] C:\Program Files\<DIR> MSN Gaming Zone
[09/29/2005|02:48] C:\Program Files\<DIR> MsnMusic
[10/15/2006|03:00] C:\Program Files\<DIR> MSXML 4.0
[11/30/2008|01:13] C:\Program Files\<DIR> Naver
[11/03/2006|12:38] C:\Program Files\<DIR> NCH Swift Sound
[08/23/2008|02:02] C:\Program Files\<DIR> NetMeeting
[08/15/2003|12:21] C:\Program Files\<DIR> Netscape
[02/03/2007|08:41] C:\Program Files\<DIR> NEXON
[06/01/2008|08:37] C:\Program Files\<DIR> Nikon
[11/09/2005|09:54] C:\Program Files\<DIR> NimoCodec Pack
[03/19/2009|08:44] C:\Program Files\<DIR> NOS
[09/29/2005|01:46] C:\Program Files\<DIR> OfficeUpdate11
[12/15/2003|03:23] C:\Program Files\<DIR> Online Services
[08/23/2008|02:02] C:\Program Files\<DIR> Outlook Express
[03/06/2009|03:58] C:\Program Files\<DIR> PartyGaming
[12/06/2006|08:07] C:\Program Files\<DIR> PartyGaming.net
[02/20/2006|06:02] C:\Program Files\<DIR> PartyPoker.net
[07/06/2008|02:02] C:\Program Files\<DIR> PokerStars
[03/03/2006|07:26] C:\Program Files\<DIR> PRTG Traffic Grapher
[03/28/2009|04:31] C:\Program Files\<DIR> Quicken
[03/28/2009|04:31] C:\Program Files\<DIR> QuickTime
[08/15/2003|12:29] C:\Program Files\<DIR> Real
[04/06/2008|10:31] C:\Program Files\<DIR> RegCleaner
[10/18/2005|06:40] C:\Program Files\<DIR> Roxio
[08/15/2003|12:38] C:\Program Files\<DIR> Shield
[04/08/2004|09:22] C:\Program Files\<DIR> Snapshot Viewer
[11/09/2005|09:00] C:\Program Files\<DIR> Sonic
[03/28/2009|04:34] C:\Program Files\<DIR> Sony
[04/11/2008|07:06] C:\Program Files\<DIR> Spybot - Search & Destroy
[03/28/2009|08:16] C:\Program Files\<DIR> SpywareBlaster
[03/28/2009|08:20] C:\Program Files\<DIR> SUPERAntiSpyware
[03/13/2009|09:03] C:\Program Files\<DIR> support.com
[03/28/2009|04:21] C:\Program Files\<DIR> Symantec
[03/28/2009|08:39] C:\Program Files\<DIR> Symantec AntiVirus
[09/29/2005|12:37] C:\Program Files\<DIR> SymNetDrv
[04/06/2008|06:13] C:\Program Files\<DIR> Trend Micro
[08/13/2003|08:11] C:\Program Files\<DIR> Uninstall Information
[08/15/2003|12:47] C:\Program Files\<DIR> VAIOAgent
[05/25/2008|07:19] C:\Program Files\<DIR> Windows Live
[08/23/2008|02:02] C:\Program Files\<DIR> Windows Media Player
[08/23/2008|02:02] C:\Program Files\<DIR> Windows NT
[09/29/2005|12:20] C:\Program Files\<DIR> WindowsUpdate
[11/03/2006|12:38] C:\Program Files\<DIR> WinMX
[01/07/2006|04:38] C:\Program Files\<DIR> WinRAR
[11/25/2006|06:07] C:\Program Files\<DIR> WinZip
[08/13/2003|08:08] C:\Program Files\<DIR> xerox
[12/30/2006|10:13] C:\Program Files\<DIR> XviD
[02/03/2007|05:38] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/19/2009|08:50] C:\Program Files\Common Files\<DIR> Adobe
[03/19/2009|08:51] C:\Program Files\Common Files\<DIR> Adobe AIR
[12/27/2005|12:12] C:\Program Files\Common Files\<DIR> AOL
[04/08/2004|09:19] C:\Program Files\Common Files\<DIR> Designer
[11/08/2008|03:37] C:\Program Files\Common Files\<DIR> Hewlett-Packard
[11/08/2008|03:36] C:\Program Files\Common Files\<DIR> HP
[08/15/2003|12:29] C:\Program Files\Common Files\<DIR> InstallShield
[08/15/2003|12:30] C:\Program Files\Common Files\<DIR> Intuit
[10/15/2005|05:07] C:\Program Files\Common Files\<DIR> Java
[03/28/2009|04:33] C:\Program Files\Common Files\<DIR> Microsoft Shared
[08/13/2003|08:06] C:\Program Files\Common Files\<DIR> MSSoap
[03/28/2009|04:27] C:\Program Files\Common Files\<DIR> Nikon
[12/17/2005|07:08] C:\Program Files\Common Files\<DIR> Nullsoft
[08/13/2003|01:03] C:\Program Files\Common Files\<DIR> ODBC
[01/06/2006|11:32] C:\Program Files\Common Files\<DIR> Real
[11/03/2006|12:38] C:\Program Files\Common Files\<DIR> Roxio Shared
[08/13/2003|08:06] C:\Program Files\Common Files\<DIR> Services
[11/09/2005|09:00] C:\Program Files\Common Files\<DIR> Sonic Shared
[08/15/2003|12:40] C:\Program Files\Common Files\<DIR> Sony Shared
[08/13/2003|01:03] C:\Program Files\Common Files\<DIR> SpeechEngines
[12/29/2008|07:15] C:\Program Files\Common Files\<DIR> supportsoft
[11/24/2003|01:43] C:\Program Files\Common Files\<DIR> SWF Studio
[03/28/2009|04:28] C:\Program Files\Common Files\<DIR> Symantec Shared
[08/23/2008|02:02] C:\Program Files\Common Files\<DIR> System
[11/09/2005|09:00] C:\Program Files\Common Files\<DIR> TiVo Shared
[03/01/2008|06:55] C:\Program Files\Common Files\<DIR> WindowsLiveInstaller
[04/11/2008|07:06] C:\Program Files\Common Files\<DIR> Wise Installation Wizard
[01/06/2006|11:32] C:\Program Files\Common Files\<DIR> xing shared

--------------------\\ Process

( 32 Processes )

iexplore.exe ~ [PID:2192]
iexplore.exe ~ [PID:2996]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

Edited by coolwater777, 02 April 2009 - 07:05 PM.

  • 0

#8
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We'll try to run Lop S&D later.

Step 1.
Uninstall unwanted software:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please remove older version of Java components.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

J2SE Runtime Environment 5.0 Update 5
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
Java™ 6 Update 2
Java™ 6 Update 3
Java™ 6 Update 5
Viewpoint Media Player



Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Program Files\DNA\btdna.exe-
    :Files
    C:\Program Files\Viewpoint
    C:\Program Files\Azureus
    C:\Program Files\iMesh Applications
    C:\DOCUME~1\Owner\APPLIC~1\Azureus
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 4.
Scan with MABM:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 5.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.


Step 6.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 from Step 2.
  • The content of the report from MBAM from Step 4.
  • The content of the report from Kaspersky Online Scanner from Step 5.
  • Information on how your computer is running now.

  • 0

#9
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Heir,

I followed all your steps except for step #2.

I tried to run the OTlistIt2. I copied and pasted the entire code you provided into the Custom Scans/Fixes field on OTlistIt2 and clicked Run Fix.

I tried these quite a few times but each time I ran it it appeared to get hung up and never complete the Scan/fix.

It displayed the following "Processing Registry data C;\Program\Files\DNA\btdna.exe..." and just sits like that for at least an hour or so.

I didn't mess with any of the OTListIt2 settings just clicked Run Fix. And I let it run for at least an hour each time and rebooted but no Log file appeared either before or after the reboot. Am I not waiting long enough for the program to run. Thought at least 1 hour would be long enough.

It's funny I can Run the OTListIt2 "Run Scan" with no problem but the fix is another story.


So, here is my Malwarebytes Log File:

Malwarebytes' Anti-Malware 1.35
Database version: 1904
Windows 5.1.2600 Service Pack 3

4/3/2009 8:45:48 PM
mbam-log-2009-04-03 (20-45-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 136567
Time elapsed: 24 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



And here is the Kaspersky Log File:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, April 3, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, April 04, 2009 05:09:34
Records in database: 2008290
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\

Scan statistics:
Files scanned: 64197
Threat name: 3
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 01:16:16


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\299e4e91-1a2ff607 Infected: Exploit.Java.ByteVerify 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-7abac976 Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\43\330fa4eb-55189a9f Infected: Trojan-Downloader.Java.OpenStream.ac 1
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-6afe07dd Infected: Exploit.Java.ByteVerify 1
D:\Stuff from Old Computer\My Documents on parent (Parent)\My Music\eXeem0.20.exe Infected: not-a-virus:AdWare.Win32.SearchIt.p 1

The selected area was scanned.



Any suggestions? And Thanks Again for your patience

Edited by coolwater777, 03 April 2009 - 11:37 PM.

  • 0

#10
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts

Any suggestions? And Thanks Again for your patience

Sure I have. You're welcome!
:) sorry my fault the was a minor error in the fix.
Corrected it here and we'll also take care of what kaspersky found.


Step 1.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Program Files\DNA\btdna.exe=-
    :Files
    C:\Program Files\Viewpoint
    C:\Program Files\Azureus
    C:\Program Files\iMesh Applications
    C:\DOCUME~1\Owner\APPLIC~1\Azureus
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\299e4e91-1a2ff607
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-7abac976
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\43\330fa4eb-55189a9f
    C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-6afe07dd
    D:\Stuff from Old Computer\My Documents on parent (Parent)\My Music\eXeem0.20.exe
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog


Also how is you computer running now?
  • 0
<

Advertisement


#11
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Heir,

Ran the corrected code you provided and it completed. Afterwards, I went to google and still having the re-direct problem.

Below is my OTListIT2 Log File after running the Fix:


========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\LaunchU3.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Viewpoint not found.
C:\Program Files\Azureus\plugins\azupdater moved successfully.
C:\Program Files\Azureus\plugins\azplugins moved successfully.
C:\Program Files\Azureus\plugins moved successfully.
C:\Program Files\Azureus moved successfully.
C:\Program Files\iMesh Applications\iMesh moved successfully.
C:\Program Files\iMesh Applications moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\torrents moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\tmp moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\shares moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\plugins moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\logs\save moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\logs moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\dht moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus\active moved successfully.
C:\DOCUME~1\Owner\APPLIC~1\Azureus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell\AOL9 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\UserShell moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player\Resources moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint Media Player moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint\Resources moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\Viewpoint moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\17\299e4e91-1a2ff607 moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\22\74018dd6-7abac976 moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\43\330fa4eb-55189a9f moved successfully.
C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\59\4d13647b-6afe07dd moved successfully.
D:\Stuff from Old Computer\My Documents on parent (Parent)\My Music\eXeem0.20.exe moved successfully.
========== COMMANDS ==========
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WG0RBPW8\ATF-Cleaner[1].exe scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q95U06KX\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q95U06KX\Windows-Browser-being-redirected-t233667[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\HPSLPS000.log scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_234.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.8.0 log created on 04042009_074808

Files moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WG0RBPW8\ATF-Cleaner[1].exe moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q95U06KX\iframe[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q95U06KX\Windows-Browser-being-redirected-t233667[2].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
C:\WINDOWS\temp\HPSLPS000.log moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_234.dat not found!

Registry entries deleted on Reboot...
  • 0

#12
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
We'll give it another approach then.

How are you connected to Internet?
Are you connected through a router?
If so are there any other computer that's using the same connection, and does that computer have the same issue?


Step 1.
OTL-scan:

  • Double click on OTListIt2.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window with OTListIt.Txt that's saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of that file and post it with your next reply.

Step 2.
Goored-scan:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Step 3.
Things I would like to see in your reply:

  • Answers to my questions in the beginning of this post.
  • The content of OTListIt.txt from step 1.
  • The content of GooredLog.txt from step 2.

  • 0

#13
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Heir,

My Desktop Computer that is having issues is connected to Cable Internet using a Belkin Wireless Router which I direct connect from computer to wireless router using CAT 5 cable. The Wireless Router directly connects to the Cable Modem using another CAT5 cable. I do have one other laptop computer connected to the router using a wireless connection but that computer is not having any issues unlike my desktop computer.

Below is the OTListIT2 Log followed by the Gooredfix log

OTListIt logfile created on: 4/4/2009 9:00:12 AM - Run 4
OTListIt2 by OldTimer - Version 2.0.8.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.50 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 68.66% Memory free
2.11 Gb Paging File | 1.83 Gb Available in Paging File | 86.79% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.97 Gb Total Space | 1.55 Gb Free Space | 11.08% Space Free | Partition Type: NTFS
Drive D: | 92.81 Gb Total Space | 78.83 Gb Free Space | 84.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: VALUED-3253602F
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
PRC - C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe (Hewlett-Packard Co.)
PRC - C:\Program Files\internet explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Owner\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (hpqcxs08 [On_Demand | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (HPSLPSVC [Auto | Running]) -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (Hewlett-Packard Co.)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZinw12.dll (Hewlett-Packard)
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\WINDOWS\system32\HPZipm12.dll (Hewlett-Packard)
SRV - (PRTGService [Auto | Running]) -- C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe (Paessler AG)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPTISRV [On_Demand | Stopped]) -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (Sony Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (aeaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (cdudf_xp [System | Running]) -- C:\WINDOWS\System32\drivers\Cdudf_xp.sys (Sonic Solutions)
DRV - (Cinemsup [System | Running]) -- C:\WINDOWS\System32\drivers\cinemsup.sys (Sonic Solutions)
DRV - (DMICall [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DMICall.sys (Sony Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\drvmcdb.sys (Sonic Solutions)
DRV - (DVDVRRdr_xp [System | Running]) -- C:\WINDOWS\System32\drivers\DVDVRRdr_xp.sys (Windows ® 2000 DDK provider)
DRV - (dvd_2K [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\dvd_2k.sys (Sonic Solutions)
DRV - (E1000 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e1000325.sys (Intel Corporation)
DRV - (E100B [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (EL90X [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\el90xnd5.sys (3Com Corporation)
DRV - (EL90XBC [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\el90xbc5.sys (3Com Corporation)
DRV - (HPZid412 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZid412.sys (HP)
DRV - (HPZipr12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZipr12.sys (HP)
DRV - (HPZius12 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HPZius12.sys (HP)
DRV - (ialm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mmc_2K [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\mmc_2k.sys (Sonic Solutions)
DRV - (ndiscm [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\NetMotCM.sys (Motorola Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (pwd_2k [System | Running]) -- C:\WINDOWS\System32\drivers\Pwd_2k.sys (Sonic Solutions)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\R8139n51.SYS (Realtek Semiconductor Corporation)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Stopped]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS (SuperAdBlocker, Inc.)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (smrt [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\smrt.sys (Sony Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (StillCam [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\serscan.sys (Microsoft Corporation)
DRV - (SYMDNS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMFW [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMIDS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (UDFReadr [System | Running]) -- C:\WINDOWS\System32\drivers\Udfreadr.sys (Sonic Solutions)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (wceusbsh [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wceusbsh.sys (Microsoft Corporation)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/27 19:48:23 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe (Easy Systems Japan Ltd.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /installquiet (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE (Cypress Semiconductor)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer (Symantec Corporation)
O4 - HKLM..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf (Comcast)
O4 - HKLM..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe (Sony Electronics Inc)
O4 - HKLM..\Run: [ZTgServerSwitch] "c:\program files\support.com\client\bin\tgcmd.exe" /server (Support.com, Inc.)
O4 - HKCU..\Run: [cdloader] "C:\Documents and Settings\Owner\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (magicJack L.P.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyGaming.net\PartyPokerNet\RunPF.exe ()
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 41 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} https://help.amer.cs...oad/tgctlsi.cab (Support.com SmartIssue)
O16 - DPF: {01112800-3E00-11D2-8470-0060089874ED} https://help.amer.cs...oad/tgctlpr.cab (Support.com Probe Class)
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} http://esupport.sony.com/VaioInfo.CAB (VaioInfo.CMClass)
O16 - DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} http://www.nintendow...g/usbaptest.cab (USBAPTester Class)
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} http://zone.msn.com/...UI.cab55579.cab (StagingUI Object)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} http://zone.msn.com/...dy.cab55579.cab (MSN Games – Buddy Invite)
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} http://zone.msn.com/...pandaonline.cab (TGOnlineCtrl Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} http://tools.ebayimg...l_v1-0-3-48.cab (EPUImageControl Class)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....es/MSNPUpld.cab (MSN Photo Upload Tool)
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} http://zone.msn.com/...at.cab55579.cab (ZonePAChat Object)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} http://gamesoduser.c...es/ExentCtl.ocx (ExentInf Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1128024255796 (MUWebControl Class)
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} http://vsp.closetmai..._downloader.cab (Maid Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} http://cdn2.zone.msn...gr.cab31267.cab (ZoneAxRcMgr Class)
O16 - DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} http://patch.mnet.co...iveX/naverx.cab (Launcher Class)
O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab (ZPA_SHVL Object)
O16 - DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} http://ssl.makeshop....ssl/MSecure.cab (MakeShop Secure Control)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.ado...obat/nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...pandaonline.cab (Reg Error: Key error.)
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} http://zone.msn.com/...xy.cab55579.cab (MSN Games – Game Communicator)
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} http://fdl.msn.com/z...s/heartbeat.cab (HeartbeatCtl Class)
O16 - DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} https://www.vpay.co..../KVPISPCTLD.cab (KvpIspCtlD Control)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O29 - HKLM SecurityProviders - ( zwebauth.dll) - C:\WINDOWS\system32\zwebauth.dll ()
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/04/04 08:59:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Old Logs
[2009/04/03 07:01:33 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/01 05:38:26 | 00,000,000 | ---D | C] -- C:\Lop SD
[2009/04/01 05:38:15 | 00,530,106 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe
[2009/03/31 20:07:12 | 00,119,808 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\03.31.09_AAFES_EHE_New_Release_Form(1).xls
[2009/03/31 17:57:16 | 00,499,712 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/31 17:46:19 | 00,267,612 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/03/31 17:45:34 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/03/31 17:12:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/03/31 17:12:17 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/03/31 17:12:17 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/03/31 17:12:16 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/03/31 17:00:26 | 01,222,128 | ---- | C] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe
[2009/03/30 16:18:56 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/30 16:18:56 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 16:18:54 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/30 16:18:52 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/03/29 19:34:36 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/03/29 15:54:20 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/03/29 15:54:20 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/03/29 14:26:03 | 00,000,014 | ---- | C] () -- C:\WINDOWS\ASSE.dat
[2009/03/29 14:22:56 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 14:21:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/03/22 08:50:39 | 00,054,153 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bathroom2.jpg
[2009/03/21 15:39:00 | 00,029,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\bathroom1.jpg
[2009/03/21 15:31:11 | 00,732,774 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Bathroom.bmp
[2009/03/19 20:51:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/19 20:50:42 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/19 20:44:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/03/19 20:44:46 | 00,000,000 | ---D | C] -- C:\Program Files\NOS
[2009/03/19 20:35:00 | 00,062,705 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ZojirushiDemoReport_10.30.08.pdf
[2009/03/13 20:46:13 | 00,001,247 | ---- | C] () -- C:\net_save.dna

========== Files - Modified Within 30 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2 C:\WINDOWS\*.tmp files]
[2009/04/04 07:53:18 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/04 07:50:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/04 07:50:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/04 07:48:50 | 06,291,456 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/04/03 16:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
[2009/04/03 16:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
[2009/04/03 09:00:00 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
[2009/04/01 05:38:15 | 00,530,106 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\LopSD.exe
[2009/03/31 20:13:27 | 00,119,808 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\03.31.09_AAFES_EHE_New_Release_Form(1).xls
[2009/03/31 17:57:17 | 00,499,712 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTListIt2.exe
[2009/03/31 17:46:19 | 00,267,612 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Rooter.exe
[2009/03/31 17:12:17 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/03/31 17:12:17 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/03/30 16:18:56 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/03/30 14:43:28 | 01,222,128 | ---- | M] (McAfee, Inc.) -- C:\Documents and Settings\Owner\Desktop\DMSetup-Serial.exe
[2009/03/30 14:22:00 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/03/29 15:54:20 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/03/29 15:54:20 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/03/29 14:26:03 | 00,000,014 | ---- | M] () -- C:\WINDOWS\ASSE.dat
[2009/03/28 16:31:04 | 00,000,711 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2009/03/26 16:49:56 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/03/26 16:49:50 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/03/22 08:45:40 | 00,054,153 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bathroom2.jpg
[2009/03/21 15:36:37 | 00,029,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\bathroom1.jpg
[2009/03/21 15:31:11 | 00,732,774 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Bathroom.bmp
[2009/03/19 20:50:42 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/03/19 20:36:52 | 00,062,705 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ZojirushiDemoReport_10.30.08.pdf
[2009/03/13 21:04:10 | 00,001,247 | ---- | M] () -- C:\net_save.dna
[2009/03/11 06:06:35 | 00,355,944 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/11 06:06:35 | 00,311,604 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/11 06:06:35 | 00,039,992 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/11 03:07:54 | 00,217,656 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/11 03:01:03 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >



GooredFix Log: Pretty small log file

GooredFix v1.92 by jpshortstuff
Log created at 09:02 on 04/04/2009 running Option #1 (Owner)
Firefox version [Unable to determine]

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

Edited by coolwater777, 04 April 2009 - 10:16 AM.

  • 0

#14
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
That didn't bring any news.
Let's move on to the more powerful tools then.

Step 1.
GMER:

Download GMER from here:
http://www.gmer.net/files.php

Unzip it to the desktop.

Open the program and click on the Rootkit tab.
Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
Click on Scan.
When the scan has run click Copy and paste the results (if any) into this thread.

Step 2.
ComboFix:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Step 3.
Things I would like to see in your reply:


  • The results from GMER in step 1.
  • The content of C:\ComboFix.txt from step 2.

  • 0

#15
coolwater777

coolwater777

    Member

  • Member
  • PipPip
  • 39 posts
Heir,

I ran both the GMER and Combo Fix. The Logs are below

I also tried to use Google a few times and so far I'm not getting re-directed and I was finally able to reach the Comcast.net site and D/L the required installation files need to install my McAfee AV Program. WooHoo :)



GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2009-04-05 06:43:09
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT 8A3445E0 ZwConnectPort

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[532] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[532] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[532] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[532] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[532] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[552] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[552] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[552] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[552] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[552] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[552] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[600] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[600] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[600] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[600] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[600] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[664] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[664] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[664] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[664] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[664] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[664] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\Program Files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe[708] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\winlogon.exe[816] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\winlogon.exe[816] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\winlogon.exe[816] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\winlogon.exe[816] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\winlogon.exe[816] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\winlogon.exe[816] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\lsass.exe[876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\lsass.exe[876] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1056] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1056] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1056] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1056] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1056] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1056] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1116] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1116] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\alg.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\alg.exe[1208] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\alg.exe[1208] WS2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\alg.exe[1208] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\alg.exe[1208] WS2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\alg.exe[1208] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[1240] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[1240] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[1240] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[1240] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[1240] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[1240] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\System32\svchost.exe[1360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[1360] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[1360] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[1360] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[1360] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[1360] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\svchost.exe[1484] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\svchost.exe[1484] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\svchost.exe[1484] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\svchost.exe[1484] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\svchost.exe[1484] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\svchost.exe[1484] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\Program Files\internet explorer\iexplore.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10063428
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\internet explorer\iexplore.exe[1548] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10063370
.text C:\Program Files\internet explorer\iexplore.exe[1548] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10062BF8
.text C:\Program Files\internet explorer\iexplore.exe[1548] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10062440
.text C:\Program Files\internet explorer\iexplore.exe[1548] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100623C4
.text C:\Program Files\internet explorer\iexplore.exe[1548] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10063324
.text C:\WINDOWS\System32\svchost.exe[1684] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\System32\svchost.exe[1684] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\System32\svchost.exe[1684] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\System32\svchost.exe[1684] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\System32\svchost.exe[1684] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\System32\svchost.exe[1684] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\spoolsv.exe[1820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\spoolsv.exe[1820] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\spoolsv.exe[1820] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\spoolsv.exe[1820] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\spoolsv.exe[1820] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\spoolsv.exe[1820] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\explorer.exe[2900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\explorer.exe[2900] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\explorer.exe[2900] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\explorer.exe[2900] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\explorer.exe[2900] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\explorer.exe[2900] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324
.text C:\WINDOWS\system32\ctfmon.exe[3608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10003428
.text C:\WINDOWS\system32\ctfmon.exe[3608] ws2_32.dll!connect 71AB4A07 5 Bytes JMP 10003370
.text C:\WINDOWS\system32\ctfmon.exe[3608] ws2_32.dll!send 71AB4C27 5 Bytes JMP 10002BF8
.text C:\WINDOWS\system32\ctfmon.exe[3608] ws2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 10002440
.text C:\WINDOWS\system32\ctfmon.exe[3608] ws2_32.dll!recv 71AB676F 5 Bytes JMP 100023C4
.text C:\WINDOWS\system32\ctfmon.exe[3608] ws2_32.dll!WSASend 71AB68FA 5 Bytes JMP 10003324

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012009040420090405 0 bytes
File C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012009040420090405\index.dat 131072 bytes

---- EOF - GMER 1.0.15 ----




ComboFix 09-04-04.01 - Owner 2009-04-05 6:45:10.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1043 [GMT -7:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ygd.frb

.
((((((((((((((((((((((((( Files Created from 2009-03-05 to 2009-04-05 )))))))))))))))))))))))))))))))
.

2009-04-04 11:11 . 2009-04-04 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-04-03 07:01 . 2009-04-03 07:01 <DIR> d-------- C:\_OTListIt
2009-04-01 05:38 . 2009-04-02 19:17 <DIR> d-------- C:\Lop SD
2009-03-31 17:45 . 2009-04-02 17:02 <DIR> d-------- C:\Rooter$
2009-03-31 17:12 . 2009-03-31 17:12 <DIR> d-------- c:\program files\ERUNT
2009-03-30 16:18 . 2009-03-30 16:18 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-30 16:18 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-30 16:18 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-29 15:54 . 2009-03-29 15:54 54,156 --ah----- c:\windows\QTFont.qfn
2009-03-29 15:54 . 2009-03-29 15:54 1,409 --a------ c:\windows\QTFont.for
2009-03-29 14:26 . 2009-03-29 14:26 14 --a------ c:\windows\ASSE.dat
2009-03-29 14:21 . 2009-03-29 19:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-27 19:48 . 2009-03-27 19:48 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-19 20:51 . 2009-03-19 20:51 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-03-19 20:44 . 2009-03-19 20:44 <DIR> d-------- c:\program files\NOS
2009-03-19 20:44 . 2009-03-19 20:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2009-03-13 20:46 . 2009-03-13 21:04 1,247 --a------ C:\net_save.dna

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 14:59 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData
2009-04-03 13:59 --------- d-----w c:\program files\Java
2009-03-30 23:48 --------- d-----w c:\program files\Common
2009-03-28 23:36 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-28 23:34 --------- d-----w c:\program files\Sony
2009-03-28 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-28 23:31 --------- d-----w c:\program files\QuickTime
2009-03-28 23:31 --------- d-----w c:\program files\Quicken
2009-03-28 23:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-28 23:27 --------- d-----w c:\program files\Common Files\Nikon
2009-03-28 23:26 --------- d-----w c:\program files\MoodLogic
2009-03-28 23:25 --------- d-----w c:\program files\Microsoft Works
2009-03-28 23:22 --------- d-----w c:\program files\Microsoft Money
2009-03-28 23:21 --------- d-----w c:\program files\Symantec
2009-03-28 23:20 --------- d-----w c:\program files\Google
2009-03-28 23:19 --------- d-----w c:\program files\DNA
2009-03-28 15:39 --------- d-----w c:\program files\Symantec AntiVirus
2009-03-28 15:20 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-28 15:16 --------- d-----w c:\program files\SpywareBlaster
2009-03-20 03:50 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 00:55 --------- d-----w c:\documents and settings\Owner\Application Data\HP
2009-03-18 00:55 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2009-03-14 04:17 --------- d-----w c:\program files\BroadJump
2009-03-14 04:03 --------- d-----w c:\program files\support.com
2009-03-06 22:58 --------- d-----w c:\program files\PartyGaming
2008-06-04 00:35 0 -c-h--w c:\documents and settings\All Users\Application Data\PKP_DLdw.DAT
2007-03-01 05:20 60,096 -c--a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2003-12-12 17:19 161,747 -c--a-w c:\program files\ATS_Bedboard_modernline5.zip
2003-08-27 21:19 36,963 -c--a-r c:\program files\Common Files\SM1updtr.dll
2007-10-20 23:43 1,200 -csh--w c:\windows\lcfep5.drv
2008-08-24 06:38 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082320080824\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-06-17 1506544]
"cdloader"="c:\documents and settings\Owner\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ZTgServerSwitch"="c:\program files\support.com\client\bin\tgcmd.exe" [2003-06-23 1409024]
"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-19 28672]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-07-16 4743168]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-04-07 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 335872]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-09-29 100056]
"SM1BG"="c:\windows\SM1BG.EXE" [2003-08-27 94208]
"ezShieldProtector for Px"="c:\windows\system32\ezSP_Px.exe" [2002-08-20 40960]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2006-01-09 1757184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2005-10-29 98304]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-27 148888]
"nwiz"="nwiz.exe" [2003-07-16 c:\windows\system32\nwiz.exe]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 c:\windows\system32\Ati2mdxx.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-05-23 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-06-01 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.dvsd"= c:\progra~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.DIVF"= DivX412.dll
"vidc.vp31"= vp31vfw.dll
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
backup=c:\windows\pss\Billminder.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=c:\windows\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
backup=c:\windows\pss\Quicken Startup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-10-29 13:31 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2005-03-08 22:13 1695744 c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\PRTG Traffic Grapher\\PRTG Traffic Grapher.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Documents and Settings\\Owner\\Application Data\\mjusbsp\\magicJack.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-02-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-02-29 55024]
R2 PRTGService;PRTG Service - Paessler Router Traffic Grapher;c:\program files\PRTG Traffic Grapher\PRTG Traffic Grapher.exe [2006-02-27 4220200]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2009-03-19 33176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2009-03-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

2003-11-15 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\System32\OOBE\oobebaln.exe [2008-04-13 17:12]

2009-04-03 c:\windows\Tasks\{84230BC5-6B4D-4906-AE64-626FE50DA325}_VALUED-3253602F_Owner.job
- c:\windows\system32\mobsync.exe [2008-04-13 17:12]

2009-04-03 c:\windows\Tasks\{DC6D4A74-76C9-4A4B-8353-CC0A22ACD08F}_VALUED-3253602F_Owner.job
- c:\windows\system32\mobsync.exe [2008-04-13 17:12]

2009-04-03 c:\windows\Tasks\{F09F2F27-32B9-4B70-9505-2BB5FCC9BA85}_VALUED-3253602F_Owner.job
- c:\windows\system32\mobsync.exe [2008-04-13 17:12]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-NavLogon - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {01112800-3E00-11D2-8470-0060089874ED} - hxxps://help.amer.csc.com/sdccommon/download/tgctlpr.cab
DPF: {040F4385-8DAD-4306-94BF-B8291D841FAE} - hxxp://www.nintendowifi.com/troubleshooting/usbaptest.cab
DPF: {9DEFEDFC-8193-4BE6-AA60-B6375AB7C8BE} - hxxp://patch.mnet.com/NaverMusic/ActiveX/naverx.cab
DPF: {B128EFF9-0B1C-4C65-A162-28165A3A0A18} - hxxp://ssl.makeshop.co.kr/ssl/MSecure.cab
DPF: {E78928A6-3D2A-4BF7-A100-F3FBAA351B49} - hxxps://www.vpay.co.kr/kvpfiles/KVPISPCTLD.cab
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-05 06:50:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Microsoft Office\Office10\MSOFFICE.EXE
c:\windows\system32\msiexec.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2009-04-05 6:54:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-05 13:54:42

Pre-Run: 1,530,007,552 bytes free
Post-Run: 1,592,926,208 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

225 --- E O F --- 2009-03-13 10:02:57

Edited by coolwater777, 05 April 2009 - 09:30 AM.

  • 0

Advertisement




Similar Topics: Windows Browser is being redirected [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured