Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to Access Internet after Using MalwareBytes

Started by Rick M , Jun 28 2010 11:38 PM

  • Please log in to reply

#1
Rick M
Posted 28 June 2010 - 11:38 PM

Rick M

    New Member

  • Member
  • Pip
  • 4 posts
Hello. Picked up "AV Security Suite" problem on my laptop two days back. Used MalwareBytes to remove which stopped the AV Security Suite stuff. However I cannot access internet now. Or at least I cannot access on the two "Administrator" logins. I am currently on "Guest" login which does not have Administrator privileges but is working on internet with Internet Explorer and Firefox. Other logins unable to access with Firefox either.

I stumbled across this forum and found a posting similar to this (can't find it now)http://www.geekstogo...ge-t273984.html

I followed the steps described by Broni from "Network Connections" through Dial-A-Fix but no improvement. I just had multiple "Error 127..." messages.

The post I originally read said to go to the "Malware and Spyware Cleaning Guide" which I did. I followed the instructions and am posting the results below. Please help.

MBAM Log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4245

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/27/2010 7:29:19 AM
mbam-log-2010-06-27 (07-29-19).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 246023
Time elapsed: 1 hour(s), 45 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{e596df5f-4239-4d40-8367-ebadf0165917} (Rogue.Installer) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\umpmlefj (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER Log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-28 20:15:31
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\RICHAR~1\LOCALS~1\Temp\awloquob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Development Company, L.P.)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\BF5078EAC31E9A04A8D2866D37F3FB2C\[email protected] 1021072727
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Printers\HP Photosmart C4700 series (Copy 1)@ChangeID 676312

---- EOF - GMER 1.0.15 ----

OTL Log:
OTL logfile created on: 6/28/2010 8:51:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.69 Gb Total Space | 2.00 Gb Free Space | 6.75% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.84 Gb Free Space | 11.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTINEZ-LAPTOP
Current User Name: Richard Martinez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/28 15:54:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
PRC - [2010/05/26 13:25:56 | 000,079,872 | ---- | M] (SanDisk Corporation) -- C:\Documents and Settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
PRC - [2009/07/08 20:39:21 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
PRC - [2009/05/08 03:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/02/03 06:15:18 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/30 18:44:20 | 000,262,144 | ---- | M] (SONIX) -- C:\WINDOWS\tsnpstd3.exe
PRC - [2007/03/16 08:27:44 | 000,487,424 | ---- | M] (Fisher-Price) -- C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe
PRC - [2006/09/26 11:51:16 | 002,486,272 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.bin
PRC - [2006/09/26 11:51:14 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
PRC - [2006/09/18 15:12:12 | 000,843,776 | ---- | M] () -- C:\WINDOWS\vsnpstd3.exe
PRC - [2006/05/26 07:29:24 | 002,031,616 | ---- | M] () -- C:\Program Files\Smartsync WM100\Smartsync.exe
PRC - [2005/12/07 11:56:56 | 000,409,600 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe
PRC - [2005/10/21 09:48:08 | 000,483,414 | R--- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
PRC - [2005/09/24 01:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/02/02 05:12:22 | 000,102,492 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2004/06/22 08:05:02 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
PRC - [2003/02/08 16:47:16 | 000,032,768 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Common Files\Sharp\SL\SSPCLINK2\SAutoLaunchExe.exe
PRC - [2002/12/27 04:48:48 | 000,045,056 | ---- | M] (SHARP CORPORATION) -- C:\Program Files\Common Files\Sharp\SL\SSPCLINK2\SNPLCEXE.exe
PRC - [2002/08/09 15:36:20 | 000,299,008 | ---- | M] (Palm, Inc.) -- C:\Program Files\Sony Handheld\HOTSYNC.EXE
PRC - [2002/06/20 12:06:12 | 000,339,968 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon04.exe


========== Modules (SafeList) ==========

MOD - [2010/06/28 15:54:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2005/11/30 16:31:34 | 000,282,624 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll
MOD - [2004/08/04 01:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2002/05/24 05:46:13 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - [2010/04/28 21:52:04 | 001,952,512 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2007/09/14 19:09:44 | 000,213,696 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/04/13 20:24:04 | 010,246,144 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2005/09/20 00:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/08/18 01:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2005/07/14 06:37:16 | 001,269,760 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/05 11:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 11:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/09 16:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/03/03 18:10:26 | 000,074,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2005/02/18 15:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/18 15:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/15 08:18:30 | 000,200,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWATI.sys -- (HSFHWATI)
DRV - [2004/12/15 08:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/15 08:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/10/07 18:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2003/08/01 02:11:00 | 000,016,772 | ---- | M] (Palm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PalmUSBD.sys -- (PalmUSBD)
DRV - [2003/01/31 08:22:52 | 000,073,040 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\slz3unic.sys -- (slz3unic) SL series Ver3 (WDM)
DRV - [2002/05/24 05:46:13 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2002/05/24 05:46:13 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11) Storage Class Driver for IEEE-1284.4 (HPH11)
DRV - [2002/05/24 05:46:13 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2002/05/24 05:46:13 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2001/12/05 02:49:10 | 000,041,766 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2001/08/17 08:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo....e...-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: [email protected]:1.0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/06/04 19:36:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 16:21:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 16:21:28 | 000,000,000 | ---D | M]

[2010/06/28 16:21:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\Mozilla\Extensions
[2010/06/28 17:11:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\Mozilla\Firefox\Profiles\6rveqzod.default\extensions
[2010/06/28 17:11:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Richard Martinez\Application Data\Mozilla\Firefox\Profiles\6rveqzod.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/28 16:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/27 23:13:38 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\YTSingleInstance.dll (Yahoo! Inc)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn8\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [eligmini] C:\Program Files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe (Fisher-Price)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD04] C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe ()
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe (SONIX)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [SansaDispatch] C:\Documents and Settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe (SanDisk Corporation)
O4 - HKCU..\Run: [SAutoLaunchExe] C:\Program Files\Common Files\Sharp\SL\SSPCLINK2\SAutoLaunchExe.exe (SHARP CORPORATION)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE (Palm, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\Richard Martinez\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Richard Martinez\Start Menu\Programs\Startup\Seagate 2GH2E2QR Product Registration.lnk = C:\Documents and Settings\Richard Martinez\Application Data\Leadertech\PowerRegister\Seagate 2GH2E2QR Product Registration.exe (Leader Technologies/Seagate)
O4 - Startup: C:\Documents and Settings\Richard Martinez\Start Menu\Programs\Startup\Smartsync.lnk = C:\Program Files\Smartsync WM100\Smartsync.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2009/10/05 07:02:00 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2009/10/05 07:02:00 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2009/10/05 07:02:00 | 000,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2009/10/05 07:02:00 | 000,000,000 | ---D | M]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} http://h20270.www2.h...staller_gmn.cab (VerifyGMN Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper200711281.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (SysData Class)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (HP Download Manager)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.h...tDetection2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.105.28.12 68.105.29.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Amber Migration.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Amber Migration.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/08/07 16:31:11 | 000,000,129 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 23:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2004/04/30 15:01:14 | 000,000,053 | -HS- | M] () - D:\AUTORUN.FCB -- [ FAT32 ]
O32 - AutoRun File - [2007/03/15 13:31:02 | 000,000,090 | ---- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0f77ffca-8097-11df-9f38-0014a57e0cf5}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{506f4a06-5df2-11df-9f2f-0014a57e0cf5}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O33 - MountPoints2\{804b2031-265e-11db-b178-806d6172696f}\Shell\AutoRun\command - "" = D:\setupSNK.exe -- [2004/08/04 00:56:58 | 000,028,672 | ---- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2006/05/30 10:34:09 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/28 16:41:34 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/28 16:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Mal logs
[2010/06/28 16:21:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Local Settings\Application Data\Mozilla
[2010/06/28 16:21:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\Mozilla
[2010/06/28 16:21:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/28 15:54:51 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/06/28 15:50:25 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\All Users\Documents\erunt_setup.exe
[2010/06/28 12:57:13 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\TFC.exe
[2010/06/27 23:57:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Dial-a-fix-v0.60.0.24
[2010/06/27 23:34:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2010/06/27 22:18:55 | 001,413,120 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\All Users\Documents\winsockfix.exe
[2010/06/27 13:14:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\MSNInstaller
[2010/06/27 01:14:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\Malwarebytes
[2010/06/26 23:14:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/26 23:14:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/26 23:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/26 23:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/26 22:38:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\Norton Utilities 14
[2010/06/26 15:42:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Local Settings\Application Data\sjfpjqycw
[2010/06/04 19:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\HpUpdate
[2010/05/26 13:25:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\SanDisk
[2010/05/07 14:26:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/05/04 19:40:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\My Documents\Quicken
[2010/04/28 21:55:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\OPTIONS
[2010/04/28 21:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2010/04/28 21:52:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Application Data\InstallShield
[2010/04/28 21:39:52 | 000,110,592 | ---- | C] (Synaptics, Inc.) -- C:\WINDOWS\System32\SynTPCo4.dll
[2010/04/14 13:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Richard Martinez\Desktop\TJ37
[2009/12/21 16:44:25 | 000,172,032 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnpstd3.dll
[2009/12/21 16:44:25 | 000,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\vsnpstd3.dll
[2009/12/21 16:44:25 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnpstd3.dll
[2009/12/21 16:44:25 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\csnpstd3.dll

========== Files - Modified Within 90 Days ==========

[2010/06/28 20:48:04 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2010/06/28 20:45:07 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2010/06/28 20:45:06 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/28 20:44:23 | 000,001,049 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\OTL paste.rtf
[2010/06/28 20:23:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 20:20:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/28 20:20:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/28 20:20:14 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 20:19:02 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Richard Martinez\NTUSER.DAT
[2010/06/28 20:19:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Richard Martinez\ntuser.ini
[2010/06/28 20:16:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 16:41:35 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Desktop\NTREGOPT.lnk
[2010/06/28 16:41:35 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Desktop\ERUNT.lnk
[2010/06/28 16:21:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/28 16:21:33 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/28 16:21:33 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/28 15:54:53 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\OTL.exe
[2010/06/28 15:54:26 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2010/06/28 15:50:28 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\All Users\Documents\erunt_setup.exe
[2010/06/28 12:57:15 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\All Users\Documents\TFC.exe
[2010/06/27 23:35:44 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/27 23:35:44 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/27 23:31:13 | 000,335,992 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Dial-a-fix-v0.60.0.24.zip
[2010/06/27 23:13:38 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/27 22:19:02 | 001,413,120 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\All Users\Documents\winsockfix.exe
[2010/06/26 23:14:43 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/26 21:51:14 | 000,001,350 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Start Menu\Programs\Startup\Seagate 2GH2E2QR Product Registration.lnk
[2010/06/23 03:04:32 | 000,502,064 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/23 03:04:32 | 000,441,692 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/23 03:04:32 | 000,071,462 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/22 18:48:22 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Desktop\CD Req.rtf
[2010/06/22 12:38:19 | 000,011,322 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Desktop\mm-hiflo-exhaust-system-300.gif
[2010/06/18 13:27:22 | 000,001,616 | ---- | M] () -- C:\Documents and Settings\Richard Martinez\Desktop\Rick Resume.rtf
[2010/06/09 03:52:18 | 000,255,064 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/09 03:24:14 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/05 22:16:29 | 000,000,144 | ---- | M] () -- C:\WINDOWS\ZDrive.INI
[2010/06/04 19:39:07 | 000,023,113 | ---- | M] () -- C:\WINDOWS\hpqins15.dat
[2010/05/12 19:42:55 | 000,000,165 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 21:52:04 | 000,885,340 | ---- | M] () -- C:\WINDOWS\System32\oem65.inf

========== Files Created - No Company Name ==========

[2010/06/28 20:44:23 | 000,001,049 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\OTL paste.rtf
[2010/06/28 16:41:35 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Desktop\NTREGOPT.lnk
[2010/06/28 16:41:35 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Desktop\ERUNT.lnk
[2010/06/28 16:21:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/28 16:21:33 | 000,001,620 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/28 16:21:33 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/28 15:54:22 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\gmer.zip
[2010/06/27 23:31:12 | 000,335,992 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\Dial-a-fix-v0.60.0.24.zip
[2010/06/27 22:59:11 | 000,000,420 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\reset.log
[2010/06/26 23:14:43 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/22 18:46:56 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Desktop\CD Req.rtf
[2010/06/22 12:40:54 | 000,011,322 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Desktop\mm-hiflo-exhaust-system-300.gif
[2010/06/18 13:27:10 | 000,001,616 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Desktop\Rick Resume.rtf
[2010/06/04 19:33:40 | 000,023,113 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2010/05/12 11:15:58 | 000,001,350 | ---- | C] () -- C:\Documents and Settings\Richard Martinez\Start Menu\Programs\Startup\Seagate 2GH2E2QR Product Registration.lnk
[2010/04/28 21:52:40 | 000,885,340 | ---- | C] () -- C:\WINDOWS\System32\oem65.inf
[2009/12/21 16:44:33 | 000,015,498 | ---- | C] () -- C:\WINDOWS\snpstd3.ini
[2009/08/07 17:14:29 | 000,000,144 | ---- | C] () -- C:\WINDOWS\ZDrive.INI
[2009/02/19 13:17:55 | 000,000,048 | ---- | C] () -- C:\WINDOWS\FileNamesinQueue.ini
[2008/02/10 06:29:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QuickInstall.INI
[2008/01/29 11:47:59 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Smartsync.INI
[2006/12/02 09:23:13 | 000,000,034 | ---- | C] () -- C:\WINDOWS\hpfsched.ini
[2006/12/02 08:21:42 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\hpodinet.dll
[2006/01/18 01:59:22 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
[2006/01/18 01:37:34 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006/01/18 01:33:52 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2006/01/18 01:27:56 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/12/02 03:09:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 06:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 06:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

========== LOP Check ==========

[2006/05/30 10:11:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2010/01/12 22:13:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2010/06/28 17:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/15 20:09:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2008/11/03 13:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\Leadertech
[2010/06/27 13:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\MSNInstaller
[2007/08/31 12:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\Netscape
[2010/05/26 13:25:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Richard Martinez\Application Data\SanDisk

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/08/07 16:31:11 | 000,000,129 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/03 15:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/06/27 23:58:49 | 000,000,420 | ---- | M] () -- C:\DAF-interface-resetlog.txt
[2008/10/16 10:56:38 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
[2010/06/28 20:20:14 | 1474,875,392 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/29 22:33:19 | 000,042,279 | ---- | M] () -- C:\hph7550.log
[2010/06/28 20:48:04 | 000,000,297 | ---- | M] () -- C:\hpqp.ini
[2006/10/08 06:45:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/06/05 22:15:58 | 000,000,136 | ---- | M] () -- C:\log.txt
[2006/10/08 06:45:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 01:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
[2004/08/04 01:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2008/10/16 12:47:18 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/10/05 07:02:07 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2010/06/28 20:20:12 | 352,321,536 | -HS- | M] () -- C:\pagefile.sys
[2006/01/18 02:25:50 | 000,020,358 | ---- | M] () -- C:\sunjava.log
[2010/06/28 20:45:07 | 000,000,040 | ---- | M] () -- C:\XP_TV.ini
[2009/01/15 14:32:21 | 000,000,144 | ---- | M] () -- C:\YServer.txt

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2009/04/16 15:08:20 | 000,312,832 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpfpp70v.dll

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2004/08/06 22:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/08/06 22:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/08/06 22:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 01:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 01:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto >

< Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
< End of report >

OTL "Extras":
OTL Extras logfile created on: 6/28/2010 8:51:20 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\All Users\Documents
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 336 672 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.69 Gb Total Space | 2.00 Gb Free Space | 6.75% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.84 Gb Free Space | 11.16% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MARTINEZ-LAPTOP
Current User Name: Richard Martinez
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09D8492A-C8E2-421E-927D-46800FB327A3}" = Wireless Home Network Setup
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0D396571-7BBD-44CE-ABB3-518BF86B72F7}" = HP Photo and Imaging 1.0 - HP Photosmart Printer Series
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{2012D762-5DCA-455A-B5FE-EDF79BC93E18}" = HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 20
"{27CECC25-9915-4A5B-925D-48F9585ABC7D}" = Smartsync
"{286F29AF-0BE2-4D5F-AB17-B7631A810553}" = muvee autoProducer 4.5
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36D620AD-EEBA-4973-BA86-0C9AE6396620}" = OptionalContentQFolder
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 2.00 B3
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{43FB34B3-6A77-4D2D-80C4-7F4BF72F8187}" = Sharp Zaurus Software
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 2.0
"{47D2103B-FD51-4017-9C20-DD408B17D726}" = Office 2003 Trial Assistant
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B2CE92E-CDB7-4C9A-AA18-B00CD754E791}" = ArcSoft WebCam Companion 2
"{4DA4012B-39AF-48c2-B23B-A4D570D233A6}" = cp_LightScribeConfig
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{5E564EB5-6BE3-4084-BEC0-627D637BBE8C}" = Easy-Link internet launch pad
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{75852F49-2CAF-443F-B7C2-53DE5847DE56}" = OpenOffice.org 2.0
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{798E409B-F5CA-449E-9BE6-E18199E007C6}" = HP User Guides 0024
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{7F2F3F8B-2D57-48A3-99D0-1AC23D594C89}" = LightScribe 1.4.56.1
"{80AE27BA-B0ED-4288-A8B9-D8194BCF4115}" = cp_UpdateProjectsConfig
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{A01FC76F-CC09-4658-9E37-5C2F635EE708}" = TourSetup
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A55F4F9F-CCA8-4732-AA1F-0390A4A50947}" = C4700
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B2455727-ED8F-4643-8A6E-F4AB8DE3633D}" = Network
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BC96BBA7-C634-460E-AD18-A0A994213F80}" = HP User Guides--System Recovery
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5EC81D0-3DED-435D-A46E-E3F60F7DC8AD}" = Palm Desktop
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCF6F57B-F6B4-4508-BF45-63AAC9DE416A}" = Quicken 2010
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 F2
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DB6D0A87-77BA-4083-85D1-D07604B3FAD7}" = CLIE SCSI Driver
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E36F3199-C282-47CA-BAC7-2B77D247E760}" = PS_AIO_06_C4700_SW_Min
"{E89D78B8-28F7-412F-8B26-C684739CBBDC}" = Palm Desktop
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = USB PC Camera Plus
"{FC8D25A7-FF1B-41BB-BB3B-9A06C0A60AE0}" = InstantShareDevices
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"E76A7EFF-7758-49EE-B3FA-9699830A2D6B" = Mah Jong Quest from Hewlett-Packard Laptops (remove only)
"ERUNT_is1" = ERUNT 1.1j
"HP Game Console" = HP Game Console and games
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photo & Imaging" = HP Photosmart Premier Software 6.0
"HP Print Projects" = HP Print Projects 1.0
"HP Rhapsody" = HP Rhapsody
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"hphuni04" = Photosmart 130,230,7150,7345,7350,7550 (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{23012310-3E05-46A5-88A9-C6CBCABCAC79}" = Customer Experience Enhancement
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSNINST" = MSN
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton Utilities_is1" = Norton Utilities
"PQ DVD to iPod Converter" = PQ DVD to iPod Converter (remove only)
"SHARP CORPORATION" = SHARP SL Series USB Driver
"Shop for HP Supplies" = Shop for HP Supplies
"ST6UNST #1" = NavFit98A
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WIC" = Windows Imaging Component
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Mail Advisor" = Yahoo! Mail Advisor
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update
"YInstHelper" = Yahoo! Install Manager
"ymb" = Yahoo! Mail Quick Select Tool (PhotoMail)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Reader for Palm OS" = Adobe Reader for Palm OS, 3.05
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/10/2010 4:57:52 PM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 6/10/2010 4:57:52 PM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/10/2010 4:57:52 PM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/10/2010 4:57:52 PM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 6/13/2010 12:21:15 AM | Computer Name = MARTINEZ-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/26/2010 8:46:19 PM | Computer Name = MARTINEZ-LAPTOP | Source = WinMgmt | ID = 10
Description = Event filter with query "SELECT * FROM hpqBEvnt" could not be (re)activated
in namespace "//./ROOT/wmi" because of error 0x80041006. Events may not be delivered
through this filter until the problem is corrected.

Error - 6/26/2010 8:46:19 PM | Computer Name = MARTINEZ-LAPTOP | Source = WinMgmt | ID = 10
Description = Event filter with query "select * from __ClassOperationEvent where
TargetClass isa "hpqBEvnt"" could not be (re)activated in namespace "//./ROOT/wmi"
because
of error 0x80041006. Events may not be delivered through this filter until the problem
is corrected.

Error - 6/27/2010 12:43:38 AM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The server returned an invalid or unrecognized response

Error - 6/27/2010 3:04:57 PM | Computer Name = MARTINEZ-LAPTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/28/2010 7:57:29 PM | Computer Name = MARTINEZ-LAPTOP | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: A connection with the server could not be established

[ System Events ]
Error - 6/28/2010 7:23:23 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 6/28/2010 7:23:23 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Ati HotKey Poller service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The LightScribeService Direct Disc Labeling Service service terminated
unexpectedly. It has done this 1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The Yahoo! Updater service terminated unexpectedly. It has done this
1 time(s).

Error - 6/28/2010 7:34:07 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The hpqwmiex service terminated unexpectedly. It has done this 1
time(s).

Error - 6/28/2010 7:34:08 PM | Computer Name = MARTINEZ-LAPTOP | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >

Edited by RKinner, 30 June 2010 - 02:24 PM.

  • 0

Advertisements

#2
RKinner
Posted 30 June 2010 - 02:21 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
What usually happens is the malware sets up a proxy on your computer. Then it forces IE or Firefox to send all traffic going to the internet to the proxy. Since it's a malware proxy it picks and chooses what goes to the internet and keeps you from going to certain anti-malware sites and perhaps sends copies of interesting traffic like passwords and credit cards to another address for harvesting. MBAM or your anti-malware software knows the proxy software is malware so removes it but doesn't realize that it's also a proxy so doesn't change the proxy settings on IE and FF. So now IE or Firefox still sends traffic to the proxy but there is no proxy so it doesn't go anywhere and you have lost connectivity to the internet.

(I've bolded the two lines in your OTL log that show the presence of a malware proxy.)

To fix it:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

That should get it working again. Then run Combofix as follows:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:



Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

Combofix log

Ron

Edited by RKinner, 30 June 2010 - 02:25 PM.

  • 0

#3
Rick M
Posted 30 June 2010 - 03:03 PM

Rick M

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ron,
Thanks for your help. IE and Firefox now work. I downloaded and ran Combofix/george. It gave the disclaimer and then started running when I accepted. But now it gives me an alert that says "This machine does not have the 'Micrososft Windows recovery console' installed Without it, ComboFix shall not attempt the fixing of some serious infections. Click "Yes" to have ComboFix download/install it. What do you want me to do?
Thanks again,
Rick
  • 0

#4
RKinner
Posted 30 June 2010 - 06:27 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
"Allow it to install the Recovery Console then Continue"

Ron
  • 0

#5
Rick M
Posted 30 June 2010 - 10:09 PM

Rick M

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ron, again thanks for the help. I have copied and pasted the log from ComboFix below. I do have a question though. Do I run this again for my other Administrator login?

ComboFix Log
ComboFix 10-06-29.04 - Richard Martinez 06/30/2010 20:42:16.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1406.855 [GMT -7:00]
Running from: c:\documents and settings\Richard Martinez\Desktop\george.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000010_.tmp.dll
c:\windows\system32\_000025_.tmp.dll
c:\windows\system32\_000111_.tmp.dll
c:\windows\xpsp1hfm.log
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2010-06-01 to 2010-07-01 )))))))))))))))))))))))))))))))
.

2010-06-30 04:53 . 2010-07-01 03:36 -------- d-----w- c:\documents and settings\Guest\Application Data\OpenOffice.org2
2010-06-29 04:13 . 2010-06-29 04:13 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2010-06-28 23:41 . 2010-06-28 23:41 -------- d-----w- c:\program files\ERUNT
2010-06-28 23:21 . 2010-06-28 23:21 0 ----a-w- c:\windows\nsreg.dat
2010-06-28 23:21 . 2010-06-28 23:21 -------- d-----w- c:\documents and settings\Richard Martinez\Local Settings\Application Data\Mozilla
2010-06-28 06:34 . 2010-07-01 03:41 -------- d-----w- c:\windows\system32\CatRoot2
2010-06-27 20:14 . 2010-06-27 20:14 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\MSNInstaller
2010-06-27 14:33 . 2010-06-27 14:33 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2010-06-27 08:14 . 2010-06-27 08:14 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\Malwarebytes
2010-06-27 06:14 . 2010-06-27 06:14 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\Malwarebytes
2010-06-27 06:14 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-27 06:14 . 2010-06-27 06:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-27 06:14 . 2010-06-27 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-27 06:14 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-27 05:38 . 2010-06-27 05:38 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\Norton Utilities 14
2010-06-26 22:42 . 2010-06-27 08:09 -------- d-----w- c:\documents and settings\Richard Martinez\Local Settings\Application Data\sjfpjqycw
2010-06-26 00:50 . 2010-06-26 00:50 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\HpUpdate
2010-06-08 21:11 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-05 02:33 . 2010-06-05 02:39 23113 ----a-w- c:\windows\hpqins15.dat
2010-06-05 02:26 . 2010-06-12 00:10 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\HpUpdate

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-01 03:54 . 2008-11-20 21:49 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\OpenOffice.org2
2010-06-30 20:50 . 2010-01-18 23:37 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\HPAppData
2010-06-30 20:45 . 2010-01-13 05:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-30 01:14 . 2010-02-18 04:38 -------- d-----w- c:\documents and settings\Guest\Application Data\HPAppData
2010-06-30 00:19 . 2010-06-30 00:19 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2010-06-29 00:02 . 2010-01-13 05:38 -------- d-----w- c:\program files\Norton Utilities 14
2010-06-28 23:15 . 2008-09-21 17:26 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\OpenOffice.org2
2010-06-27 17:35 . 2010-06-27 17:35 61440 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4dea87a8-n\decora-sse.dll
2010-06-27 17:35 . 2010-06-27 17:35 503808 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62f6edd1-n\msvcp71.dll
2010-06-27 17:35 . 2010-06-27 17:35 499712 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62f6edd1-n\jmc.dll
2010-06-27 17:35 . 2010-06-27 17:35 348160 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-62f6edd1-n\msvcr71.dll
2010-06-27 17:35 . 2010-06-27 17:35 12800 ----a-w- c:\documents and settings\Guest\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4dea87a8-n\decora-d3d.dll
2010-06-27 07:06 . 2010-01-06 04:50 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\HPAppData
2010-06-26 04:22 . 2006-10-08 08:00 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\AdobeUM
2010-06-10 19:56 . 2006-10-09 20:23 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\AdobeUM
2010-06-05 02:27 . 2006-01-18 08:45 -------- d-----w- c:\program files\HP
2010-05-29 17:22 . 2010-05-29 17:22 503808 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fa255e6-n\msvcp71.dll
2010-05-29 17:22 . 2010-05-29 17:22 499712 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fa255e6-n\jmc.dll
2010-05-29 17:22 . 2010-05-29 17:22 348160 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6fa255e6-n\msvcr71.dll
2010-05-29 17:22 . 2010-05-29 17:22 61440 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-142e024b-n\decora-sse.dll
2010-05-29 17:22 . 2010-05-29 17:22 12800 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-142e024b-n\decora-d3d.dll
2010-05-29 00:02 . 2010-01-16 03:09 -------- d-----w- c:\documents and settings\Julie Martinez\Application Data\Apple Computer
2010-05-29 00:00 . 2010-01-16 03:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-05-26 20:25 . 2010-05-26 20:25 354744 ----a-w- c:\documents and settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaUpdaterInstall.exe
2010-05-26 20:25 . 2010-05-26 20:25 79872 ----a-w- c:\documents and settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
2010-05-26 20:25 . 2010-05-26 20:25 574344 ----a-w- c:\documents and settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaUpdater.exe
2010-05-26 20:25 . 2010-05-26 20:25 -------- d-----w- c:\documents and settings\Richard Martinez\Application Data\SanDisk
2010-05-23 02:23 . 2010-05-23 02:23 503808 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d8896c4-n\msvcp71.dll
2010-05-23 02:23 . 2010-05-23 02:23 499712 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d8896c4-n\jmc.dll
2010-05-23 02:23 . 2010-05-23 02:23 348160 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-3d8896c4-n\msvcr71.dll
2010-05-23 02:23 . 2010-05-23 02:23 61440 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d2aad01-n\decora-sse.dll
2010-05-23 02:23 . 2010-05-23 02:23 12800 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-1d2aad01-n\decora-d3d.dll
2010-05-13 02:42 . 2006-01-18 08:33 -------- d-----w- c:\program files\Quicken
2010-05-11 02:12 . 2006-10-04 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-05-11 02:03 . 2010-05-11 02:03 5487616 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\19188-191916.dll
2010-05-11 02:02 . 2010-02-27 17:32 243048 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\Quicken\Inet\Common\patch\Update\QWPATCH.EXE
2010-05-09 02:23 . 2010-05-09 02:23 503808 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-779e22d5-n\msvcp71.dll
2010-05-09 02:23 . 2010-05-09 02:23 499712 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-779e22d5-n\jmc.dll
2010-05-09 02:23 . 2010-05-09 02:23 348160 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-779e22d5-n\msvcr71.dll
2010-05-09 02:23 . 2010-05-09 02:23 61440 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd96177-n\decora-sse.dll
2010-05-09 02:23 . 2010-05-09 02:23 12800 ----a-w- c:\documents and settings\Julie Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4bd96177-n\decora-d3d.dll
2010-05-07 21:26 . 2006-01-18 09:24 -------- d-----w- c:\program files\Common Files\Java
2010-05-07 21:26 . 2010-05-07 21:26 503808 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47a48381-n\msvcp71.dll
2010-05-07 21:26 . 2010-05-07 21:26 499712 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47a48381-n\jmc.dll
2010-05-07 21:26 . 2010-05-07 21:26 348160 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-47a48381-n\msvcr71.dll
2010-05-07 21:25 . 2010-05-07 21:25 61440 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b1fe950-n\decora-sse.dll
2010-05-07 21:25 . 2010-05-07 21:25 12800 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4b1fe950-n\decora-d3d.dll
2010-05-07 21:25 . 2006-01-18 09:24 -------- d-----w- c:\program files\Java
2010-05-06 10:41 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:56 . 2006-10-05 18:40 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 04:52 . 2010-04-29 04:52 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2010-04-29 04:52 . 2005-11-28 09:35 1952512 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2010-04-29 04:33 . 2008-12-04 21:25 10134 ----a-r- c:\documents and settings\Richard Martinez\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2010-04-20 05:51 . 2004-08-04 08:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-14 20:28 . 2010-04-14 20:28 152576 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-04-14 20:28 . 2010-04-14 20:28 79488 ----a-w- c:\documents and settings\Richard Martinez\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 00:29 . 2010-05-07 21:25 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-07 03:50 . 2010-04-07 03:50 3693160 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\yau\{F5491FE7-4675-45C2-8F03-83F3D483F92F}\ytb_8.1.4.26_2.1.3_ysp_2.0.1.13_mail_bts_pub_us_setup_.exe
2008-05-01 10:58 . 2008-05-01 10:58 22 --sha-w- c:\windows\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SansaDispatch"="c:\documents and settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-05-26 79872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-02-02 102492]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1015808]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-22 172032]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2002-06-20 339968]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"Share-to-Web Namespace Daemon"="c:\program files\HP\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"eligmini"="c:\program files\Fisher-Price\Easy-Link internet launch pad\Easy-Link internet launch pad.exe" [2007-03-16 487424]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-09 122368]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2009-05-08 174424]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2007-03-31 262144]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-18 843776]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]

c:\documents and settings\Richard Martinez\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]
Seagate 2GH2E2QR Product Registration.lnk - c:\documents and settings\Richard Martinez\Application Data\Leadertech\PowerRegister\Seagate 2GH2E2QR Product Registration.exe [2010-5-12 1731736]
Smartsync.lnk - c:\program files\Smartsync WM100\Smartsync.exe [2006-5-26 2031616]

c:\documents and settings\Julie Martinez\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\Guest\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-7-14 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Sony Handheld\HOTSYNC.EXE [2002-8-9 299008]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [12/15/2004 8:18 AM 200192]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 9:50 PM 135664]
S3 slz3unic;SL series Ver3 (WDM);c:\windows\system32\drivers\slz3unic.sys [8/7/2009 4:31 PM 73040]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 04:50]

2010-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 04:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=laptop
uInternet Settings,ProxyServer = http=127.0.0.1:5577
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
FF - ProfilePath - c:\documents and settings\Richard Martinez\Application Data\Mozilla\Firefox\Profiles\6rveqzod.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-30 20:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????q?n??|?`???? ???B?????????????hLC? ??????
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Richard Martinez\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?erInstall&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_content&

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2652)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\Sharp\SL\SSPCLI~1\SAUTOL~1.EXE
c:\program files\Common Files\sharp\SL\SSPCLINK2\SNPLCEXE.EXE
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\HP\HP Share-to-Web\hpgs2wnf.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-06-30 21:01:55 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-01 04:01

Pre-Run: 1,909,841,920 bytes free
Post-Run: 1,882,648,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 9A476F0A0A2E2E7FBB0D8ADEFCBDB610
  • 0

#6
RKinner
Posted 01 July 2010 - 12:35 AM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c 

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

:Files
c:\documents and settings\Richard Martinez\Local Settings\Application Data\sjfpjqycw
	  
:Commands
[purity]
[emptytemp]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

No need to run Combofix in a different login.

I see you do not have an anti-virus. Download the free Avast from
http://www.avast.com...avast-home.html
Save it and then run it. Let it install and then have it do a full scan of your system.

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html
I'm particularly interested in any files that it says it can't scan.

Ron
  • 0

#7
Rick M
Posted 01 July 2010 - 06:40 PM

Rick M

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Ron,
Ran the OTL, looked good. Below is the TDSSKiller Log.

I have Norton Internet Security 2010 installed now. My wife bought it and installed it while I was away. Since there were two CD's (also one for Norton Utilities), I think she only installed the Norton Utilities and not the Norton Internet Security. Fixed Now.

The BitDefender ran its course for almost 3 hours and said it found no problems.

TDSSKiller Log:
14:19:09:515 2544 TDSS rootkit removing tool 2.3.2.2 Jun 30 2010 17:23:49
14:19:09:515 2544 ================================================================================
14:19:09:515 2544 SystemInfo:

14:19:09:515 2544 OS Version: 5.1.2600 ServicePack: 2.0
14:19:09:515 2544 Product type: Workstation
14:19:09:515 2544 ComputerName: MARTINEZ-LAPTOP
14:19:09:515 2544 UserName: Richard Martinez
14:19:09:515 2544 Windows directory: C:\WINDOWS
14:19:09:515 2544 System windows directory: C:\WINDOWS
14:19:09:515 2544 Processor architecture: Intel x86
14:19:09:515 2544 Number of processors: 1
14:19:09:515 2544 Page size: 0x1000
14:19:09:515 2544 Boot type: Normal boot
14:19:09:515 2544 ================================================================================
14:19:11:093 2544 Initialize success
14:19:11:093 2544
14:19:11:093 2544 Scanning Services ...
14:19:11:796 2544 Raw services enum returned 371 services
14:19:11:796 2544
14:19:11:796 2544 Scanning Drivers ...
14:19:14:000 2544 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:19:14:203 2544 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
14:19:14:562 2544 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:19:14:828 2544 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:19:15:046 2544 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
14:19:15:562 2544 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
14:19:16:109 2544 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
14:19:16:500 2544 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:19:17:218 2544 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:19:17:390 2544 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:19:17:875 2544 ati2mtag (8ad140c5258afa3e07b8e2ff1a660d6b) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:19:18:171 2544 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:19:18:390 2544 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:19:19:031 2544 BCM43XX (fe4ed785396eaa554c561992106a35fa) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
14:19:19:453 2544 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:19:19:828 2544 BHDrvx86 (7291a288395857498c53b6709f81e673) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091013.001\BHDrvx86.sys
14:19:20:062 2544 BTWUSB (e76dc88f00d50f46072feb2371769978) C:\WINDOWS\system32\Drivers\btwusb.sys
14:19:20:281 2544 CAMCAUD (4ebc37b6677a6768b307ae40839d788f) C:\WINDOWS\system32\drivers\camc6aud.sys
14:19:20:578 2544 CAMCHALA (9a38fc432ad8b3400cefb70a7236979e) C:\WINDOWS\system32\drivers\camc6hal.sys
14:19:20:937 2544 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:19:21:125 2544 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:19:21:437 2544 ccHP (1c91e502e9eb9cf2aa584d9bb7facf6a) C:\WINDOWS\system32\drivers\NIS\1101000.013\ccHPx86.sys
14:19:21:937 2544 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:19:22:125 2544 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:19:22:312 2544 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:19:22:718 2544 CmBatt (4266be808f85826aedf3c64c1e240203) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14:19:23:000 2544 Compbatt (df1b1a24bf52d0ebc01ed4ece8979f50) C:\WINDOWS\system32\DRIVERS\compbatt.sys
14:19:23:609 2544 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:19:23:890 2544 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:19:24:109 2544 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
14:19:24:296 2544 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:19:24:562 2544 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:19:24:906 2544 dot4 (ad7fc1963b152b3728e3c4f83554a576) C:\WINDOWS\system32\DRIVERS\Dot4.sys
14:19:25:125 2544 Dot4 HPH11 (02e5d9216994b7c77bbfe01adcb783a4) C:\WINDOWS\system32\DRIVERS\hphid411.sys
14:19:25:312 2544 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
14:19:25:578 2544 Dot4Print HPH11 (0fcc3ed5a97260eec98ceae8167e940a) C:\WINDOWS\system32\DRIVERS\hphipr11.sys
14:19:25:953 2544 Dot4Storage HPH11 (93c5582eb9a04cf25b29ca0f1fe57a87) C:\WINDOWS\system32\Drivers\hphs2k11.sys
14:19:26:140 2544 dot4usb (6ec3af6bb5b30e488a0c559921f012e1) C:\WINDOWS\system32\DRIVERS\dot4usb.sys
14:19:26:312 2544 Dot4Usb HPH11 (08b9bf9c88867d3b70473657ae4307b3) C:\WINDOWS\system32\drivers\hphius11.sys
14:19:26:781 2544 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:19:26:984 2544 eabfiltr (c6aca0190ee7b614673ee0c91863b1eb) C:\WINDOWS\system32\drivers\EABFiltr.sys
14:19:27:187 2544 eabusb (da1011db09ad641de40cd5cca70c0c43) C:\WINDOWS\system32\drivers\eabusb.sys
14:19:27:390 2544 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:19:27:718 2544 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:19:27:937 2544 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:19:28:109 2544 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:19:28:312 2544 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:19:28:562 2544 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:19:28:890 2544 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:19:29:375 2544 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:19:29:687 2544 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:19:29:937 2544 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:19:30:281 2544 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
14:19:30:562 2544 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
14:19:30:906 2544 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
14:19:31:109 2544 HSFHWATI (13d4b70bf2f9bc550e9079da864d3ec1) C:\WINDOWS\system32\DRIVERS\HSFHWATI.sys
14:19:31:359 2544 HSF_DP (dfa8f86c0dbca7db948043aa3be6793b) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
14:19:31:796 2544 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
14:19:32:281 2544 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:19:32:687 2544 IDSxpx86 (1723bfc99d801673dc8558dbcdc97d68) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20090911.001\IDSxpx86.sys
14:19:32:968 2544 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:19:33:281 2544 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
14:19:33:515 2544 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:19:33:890 2544 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:19:34:109 2544 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:19:34:312 2544 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:19:34:562 2544 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:19:34:968 2544 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:19:35:156 2544 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:19:35:359 2544 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:19:35:875 2544 klmd23 (316353165feba3d0538eaa9c2f60c5b7) C:\WINDOWS\system32\drivers\klmd.sys
14:19:36:062 2544 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:19:36:281 2544 KSecDD (1be7cc2535d760ae4d481576eb789f24) C:\WINDOWS\system32\drivers\KSecDD.sys
14:19:36:734 2544 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
14:19:37:000 2544 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:19:37:187 2544 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:19:37:468 2544 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:19:37:750 2544 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:19:38:000 2544 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:19:38:343 2544 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:19:38:593 2544 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:19:39:015 2544 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:19:39:468 2544 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:19:39:890 2544 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:19:40:078 2544 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:19:40:281 2544 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:19:40:515 2544 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:19:40:906 2544 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:19:41:125 2544 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:19:41:531 2544 NAVENG (78d629767dbcdbb1ee888f4fda841acd) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091020.006\NAVENG.SYS
14:19:42:171 2544 NAVEX15 (6176ce576509ee71bac1b61fc8f1f138) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091020.006\NAVEX15.SYS
14:19:42:375 2544 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:19:42:718 2544 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:19:43:000 2544 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:19:43:203 2544 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:19:43:453 2544 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:19:43:781 2544 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:19:44:046 2544 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:19:44:265 2544 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:19:44:546 2544 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:19:45:000 2544 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:19:45:203 2544 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:19:45:515 2544 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:19:46:000 2544 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:19:46:203 2544 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:19:46:453 2544 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:19:46:781 2544 ohci1394 (197ddf60b254a84d8656850397b5f923) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:19:47:093 2544 PalmUSBD (945da25e897eeb2c64861c3cada00d3a) C:\WINDOWS\system32\drivers\PalmUSBD.sys
14:19:47:296 2544 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:19:47:546 2544 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:19:48:000 2544 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:19:48:187 2544 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:19:48:562 2544 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
14:19:49:062 2544 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
14:19:52:140 2544 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:19:52:671 2544 Processor (9e372a156f92425a1904b84589093a37) C:\WINDOWS\system32\DRIVERS\processr.sys
14:19:53:312 2544 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:20:03:937 2544 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:20:05:046 2544 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:20:08:921 2544 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:20:09:593 2544 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
14:20:10:265 2544 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:20:10:796 2544 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:20:11:234 2544 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:20:12:000 2544 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:20:12:656 2544 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:20:13:343 2544 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:20:14:140 2544 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:20:15:781 2544 RTL8023xp (7f0413bdd7d53eb4c7a371e7f6f84df1) C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys
14:20:16:859 2544 sdbus (02fc71b020ec8700ee8a46c58bc6f276) C:\WINDOWS\system32\DRIVERS\sdbus.sys
14:20:17:625 2544 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:20:18:484 2544 Ser2pl (a502745e79fe71ef91814eed9ec4e0eb) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
14:20:19:375 2544 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:20:19:937 2544 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:20:20:703 2544 sermouse (1f16931c722c69e4a7866244796c66a0) C:\WINDOWS\system32\DRIVERS\sermouse.sys
14:20:21:203 2544 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:20:22:281 2544 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:20:22:921 2544 slz3unic (7350f2f5189cc28aca5edd5b5e412c82) C:\WINDOWS\system32\DRIVERS\slz3unic.sys
14:20:23:484 2544 SMCIRDA (707647a1aa0edb6cbef61b0c75c28ed3) C:\WINDOWS\system32\DRIVERS\smcirda.sys
14:20:28:203 2544 SNPSTD3 (6008db6459e53e5d734dc4236eda1bfe) C:\WINDOWS\system32\DRIVERS\snpstd3.sys
14:20:33:593 2544 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:20:34:375 2544 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:20:35:468 2544 SRTSP (00f20cf8956b22c392aaae949d84c3e8) C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSP.SYS
14:20:36:718 2544 SRTSPX (bc2d2c9e48d14d3d19f1dbd47bf5b203) C:\WINDOWS\system32\drivers\NIS\1101000.013\SRTSPX.SYS
14:20:37:625 2544 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:20:38:343 2544 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
14:20:39:125 2544 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:20:40:062 2544 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:20:40:875 2544 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:20:42:343 2544 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMDS.SYS
14:20:43:625 2544 SymEFA (be7e7fd5749ee484523c6becc55ae574) C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMEFA.SYS
14:20:44:578 2544 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
14:20:45:390 2544 SymIRON (4f2aac29abf2fd0ce471931d19dbb99d) C:\WINDOWS\system32\drivers\NIS\1101000.013\Ironx86.SYS
14:20:46:312 2544 SYMTDI (38b51ba93d77477e99e3bfba91fbfc75) C:\WINDOWS\system32\drivers\NIS\1101000.013\SYMTDI.SYS
14:20:48:125 2544 SynTP (0f332c0ba9b968ebc8cbb906416f8597) C:\WINDOWS\system32\DRIVERS\SynTP.sys
14:20:49:187 2544 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:20:50:125 2544 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:20:51:078 2544 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:20:51:812 2544 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:20:52:406 2544 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:20:53:859 2544 tifm21 (9179e07503630d6fb2e4162ff0196191) C:\WINDOWS\system32\drivers\tifm21.sys
14:20:54:734 2544 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:20:56:046 2544 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:20:56:546 2544 USBAAPL (1df89c499bf45d878b87ebd4421d462d) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:20:56:984 2544 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
14:20:57:312 2544 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:20:57:609 2544 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:20:57:859 2544 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:20:58:218 2544 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:20:58:453 2544 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:20:58:750 2544 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:20:59:187 2544 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:20:59:921 2544 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:21:00:437 2544 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:21:00:718 2544 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys
14:21:01:156 2544 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:21:01:656 2544 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:21:02:078 2544 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:21:03:062 2544 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:21:03:281 2544 winachsf (473ee64c368ce2eed110376c11960259) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
14:21:03:703 2544 WmiAcpi (ae2c8544e747c20062db27456ea2d67a) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
14:21:04:203 2544 WpdUsb (1385e5aa9c9821790d33a9563b8d2dd0) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:21:04:625 2544 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:21:04:703 2544
14:21:04:703 2544 Completed
14:21:04:703 2544
14:21:04:703 2544 Results:
14:21:04:703 2544 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:04:703 2544 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:21:04:703 2544
14:21:05:187 2544 KLMD(ARK) unloaded successfully
  • 0

#8
RKinner
Posted 01 July 2010 - 07:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,441 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do have the latest Java (6 update 20). But you have some older versions still. Go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol 2010 from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.4.
http://oldmcdonald.w...orun-eater-v24/
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) and No Script are two others you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

Make sure you let Norton do a full system scan.


Ron
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP