Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Google/Yahoo Redirect Virus


  • Please log in to reply

#1
Jump

Jump

    New Member

  • Member
  • Pip
  • 7 posts
Hello, I recently tried the google redirect removal tutorial provided on this site (http://www.geekstogo...ogle-redirects/) but it did not correct the problem. TDSSKILLER came up with zero infections and redirects continue to occur. Any assistance would be greatly appreciated. Thank you in advance!

Regards,
JP

Here is my log using OTL:

OTL logfile created on: 7/7/2011 2:32:31 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\JP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 148.60 Mb Available Physical Memory | 29.07% Memory free
1.22 Gb Paging File | 0.76 Gb Available in Paging File | 62.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 8.92 Gb Free Space | 25.98% Space Free | Partition Type: NTFS

Computer Name: JP-DELL8600 | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
PRC - [2011/07/01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JP\Desktop\TDSSKiller.exe
PRC - [2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\system32\scredir32.exe
PRC - [2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\system32\avtapi32.exe
PRC - [2011/05/01 14:24:53 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/25 12:04:57 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/09/25 12:04:57 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2010/09/25 12:04:56 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/09/25 12:04:56 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2010/05/14 12:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/03/15 03:39:00 | 000,454,150 | ---- | M] () -- C:\Program Files\WinRAR\WinRAR.exe
PRC - [2009/04/03 14:37:22 | 000,145,408 | ---- | M] (Monsoon Multimedia Inc.) -- C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/04/14 08:00:00 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\security.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) [Auto | Running] -- C:\WINDOWS\system32\scredir32.exe -- (gupdate32) Google Update Service (gupdate)
SRV - [2010/09/25 12:04:57 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/09/25 12:04:56 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/04/03 14:37:22 | 000,145,408 | ---- | M] (Monsoon Multimedia Inc.) [Auto | Running] -- C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe -- (havasvc)
SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/25 12:16:55 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/09/25 12:16:55 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/09/25 12:04:57 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010/09/25 12:04:57 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2010/09/25 12:04:57 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010/09/25 12:04:57 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/04/23 18:49:48 | 000,324,224 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HavaTV_10.sys -- (HavaTV_10)
DRV - [2009/04/23 18:49:48 | 000,324,224 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HavaTV.sys -- (HAVATV)
DRV - [2009/01/13 15:44:20 | 000,037,376 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\havabus.sys -- (havabus)
DRV - [2009/01/13 15:44:20 | 000,020,480 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\havanet.sys -- (havanet)
DRV - [2004/10/21 17:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/09/15 21:53:06 | 000,263,608 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/11/13 20:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 20:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 20:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/02 10:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC AD AC 10 FE 1D EE 45 80 98 A8 91 85 18 F0 93 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..keyword.URL: "http://www.google.co...lient&hl=en&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/01 14:25:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 00:14:48 | 000,000,000 | ---D | M]

[2010/09/25 12:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Extensions
[2011/07/07 14:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions
[2010/11/16 22:41:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/15 08:13:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/13 10:46:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/27 01:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/03 14:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/12/03 14:56:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/01 14:24:49 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/03 14:56:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/07 14:10:21 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\JP\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\JP\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://c3.prudentia...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nddenb3232.dll) - C:\WINDOWS\system32\nddenb3232.dll (CrypKey Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/25 11:31:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/07 14:32:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
[2011/07/07 14:24:47 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JP\Desktop\TDSSKiller.exe
[2011/07/07 14:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Desktop\GooredFix Backups
[2011/07/07 14:20:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\JP\Desktop\GooredFix.exe
[2011/07/07 14:10:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/07 14:09:05 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTM.exe
[2011/07/07 14:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 14:07:52 | 000,000,000 | ---D | C] -- C:\Erunt
[2011/07/07 13:52:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 13:52:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JP\My Documents\My Videos
[2011/07/07 13:52:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JP\Start Menu\Programs\Administrative Tools
[2011/07/07 13:49:33 | 004,135,577 | R--- | C] (Swearware) -- C:\Documents and Settings\JP\Desktop\ComboFix.exe
[2011/07/07 12:38:25 | 000,557,568 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\avtapi32.exe
[2011/06/27 17:36:22 | 000,172,032 | -HS- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\nddenb3232.dll
[2011/06/27 17:36:03 | 000,557,568 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\scredir32.exe
[2011/06/15 03:24:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/12 02:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/10 03:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/10 00:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/06/10 00:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2011/06/09 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2011/06/09 23:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Application Data\Media Player Classic
[2011/06/09 23:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\My Hava Recordings
[2011/06/09 23:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\HAVA PC Player
[2011/06/09 23:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\HavaTimeShift
[2011/06/09 23:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\HAVA Video Converter
[2011/06/09 23:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\Monsoon Multimedia
[2011/06/09 23:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\SetupWizard
[2011/06/09 23:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\HAVASO~1
[2011/06/09 23:10:36 | 000,131,072 | ---- | C] (Monsoon Multimedia Inc.) -- C:\WINDOWS\System32\IRBlaster32.dll
[2011/06/09 23:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2011/06/09 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/06/09 23:08:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/09 23:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Monsoon Multimedia
[2011/06/09 23:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Monsoon Multimedia
[2011/06/09 23:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\TempLogs
[2011/06/09 23:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
[2011/06/09 23:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/06/09 23:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Monsoon Multimedia
[1 C:\Documents and Settings\JP\*.tmp files -> C:\Documents and Settings\JP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
[2011/07/07 14:26:43 | 000,000,080 | ---- | M] () -- C:\WINDOWS\System32\5c8a6980
[2011/07/07 14:24:15 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\tdsskiller.zip
[2011/07/07 14:20:45 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\JP\Desktop\GooredFix.exe
[2011/07/07 14:17:21 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/07 14:17:20 | 000,021,612 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/07/07 14:16:44 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/07 14:16:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/07 14:09:06 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTM.exe
[2011/07/07 14:06:18 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\erunt.zip
[2011/07/07 13:50:05 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/07 13:49:34 | 004,135,577 | R--- | M] (Swearware) -- C:\Documents and Settings\JP\Desktop\ComboFix.exe
[2011/07/07 13:16:08 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-839522115-1003UA.job
[2011/07/06 15:18:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 12:19:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JP\Desktop\TDSSKiller.exe
[2011/06/30 06:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/28 08:25:15 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\JP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 17:36:23 | 000,172,032 | -HS- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\nddenb3232.dll
[2011/06/27 17:36:23 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\1990490608
[2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\System32\scredir32.exe
[2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) -- C:\WINDOWS\System32\avtapi32.exe
[2011/06/27 17:16:02 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-839522115-1003Core.job
[2011/06/23 00:14:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/15 03:28:51 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:28:51 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/10 03:53:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 00:22:25 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\JP\My Documents\SHARE.lnk
[2011/06/10 00:00:01 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\Shortcut to mplayerc.exe.lnk
[2011/06/09 23:42:09 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 23:08:04 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HAVA PC Player.lnk
[1 C:\Documents and Settings\JP\*.tmp files -> C:\Documents and Settings\JP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 14:24:11 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\tdsskiller.zip
[2011/07/07 14:06:15 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\erunt.zip
[2011/06/28 13:19:21 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\5c8a6980
[2011/06/27 17:36:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\System32\1990490608
[2011/06/10 03:53:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 00:22:04 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\JP\My Documents\SHARE.lnk
[2011/06/10 00:00:01 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\Shortcut to mplayerc.exe.lnk
[2011/06/09 23:08:04 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HAVA PC Player.lnk
[2010/12/23 00:50:32 | 000,056,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/05 13:24:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/27 22:54:44 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\JP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/25 12:18:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/25 12:10:17 | 000,021,612 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/25 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/25 11:35:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 11:27:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/25 07:14:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/25 07:13:06 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/09/25 12:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2010/12/03 15:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2010/10/29 07:45:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/05/21 12:31:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JP\Application Data\DVDVideoSoft
[2011/05/21 12:32:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JP\Application Data\DVDVideoSoftIEHelpers
[2010/09/25 12:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JP\Application Data\GetRightToGo
[2010/12/27 09:15:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\JP\Application Data\Juniper Networks

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Copy the text in the code box by highlighting and Ctrl + c

:processes
killallprocesses

:Services
gupdate32

:OTL
SRV - [2011/06/27 17:35:58 | 000,557,568 | ---- | M] (wpcubed GmbH) [Auto | Running] -- C:\WINDOWS\system32\scredir32.exe -- (gupdate32) Google Update Service (gupdate)
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
[2010/12/03 14:57:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2010/12/03 14:56:56 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/03 14:56:54 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
[2011/07/07 12:38:25 | 000,557,568 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\avtapi32.exe
[2011/06/27 17:36:22 | 000,172,032 | -HS- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\nddenb3232.dll
[2011/06/27 17:36:03 | 000,557,568 | ---- | C] (wpcubed GmbH) -- C:\WINDOWS\System32\scredir32.exe
[2011/06/27 17:36:23 | 000,000,095 | ---- | M] () -- C:\WINDOWS\System32\1990490608
[2011/06/28 13:19:21 | 000,000,080 | ---- | C] () -- C:\WINDOWS\System32\5c8a6980
[2011/06/27 17:36:03 | 000,000,095 | ---- | C] () -- C:\WINDOWS\System32\1990490608

:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command]
""=""%1" %*"
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.


Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log

Ron

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it from your browser:!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on Combofix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan (Note if the Fix button is enabled and tell me) click save log, save it to your desktop and post in your next reply
Posted Image


Are you still being redirected?


Ron
  • 0

#3
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Here is the log from RUN FIX via OTL:

========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Error: Unable to stop service gupdate32!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gupdate32 deleted successfully.
========== OTL ==========
Error: No service named gupdate32) Google Update Service (gupdate was found to stop!
Service\Driver key gupdate32) Google Update Service (gupdate not found.
C:\WINDOWS\system32\scredir32.exe moved successfully.
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: [email protected]:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll not found.
File HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) not found.
File HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\WINDOWS\system32\avtapi32.exe moved successfully.
C:\WINDOWS\system32\nddenb3232.dll moved successfully.
File C:\WINDOWS\System32\scredir32.exe not found.
C:\WINDOWS\system32\1990490608 moved successfully.
C:\WINDOWS\system32\5c8a6980 moved successfully.
File C:\WINDOWS\System32\1990490608 not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JP\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JP\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JP\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\JP\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\JP\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\""|""%1" %*" /E : value set successfully!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.1 log created on 07082011_093435

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Two logs from OTL selecting Use Safe List option in Extra Registry group:

OTL Extras logfile created on: 7/8/2011 9:41:53 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\JP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 92.22 Mb Available Physical Memory | 18.04% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 8.79 Gb Free Space | 25.58% Space Free | Partition Type: NTFS

Computer Name: JP-DELL8600 | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1778:UDP" = 1778:UDP:*:Enabled:HAVA Service

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\scredir32.exe" = C:\WINDOWS\system32\scredir32.exe:*:Enabled:Windows Update Service

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\JP\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe" = C:\Documents and Settings\JP\Application Data\Juniper Networks\Juniper Terminal Services Client\dsTermServ.exe:*:Enabled:Juniper Terminal Services Client -- (Juniper Networks)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\WINDOWS\system32\scredir32.exe" = C:\WINDOWS\system32\scredir32.exe:*:Enabled:Windows Update Service


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FA7621DC-7144-4A24-973C-B9BC0E945628}" = Ulead Straight-to-Disc SDK
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Carbonite Setup Lite" = Carbonite Online Backup Setup
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"eTrust Suite Personal" = CA Internet Security Suite
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free Studio_is1" = Free Studio version 5.0.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"ie8" = Windows Internet Explorer 8
"InstallShield_{081E540C-1A6F-4C46-994B-6E3229222A10}" = HAVA Software
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.0.1200
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"Uninstall_is1" = Uninstall 1.0.0.1
"VETWIN32Vp5" = CA Anti-Virus
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Juniper_Term_Services" = Juniper Terminal Services Client

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/6/2011 3:49:36 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 13570

Error - 7/6/2011 3:49:37 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/6/2011 3:49:37 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 14581

Error - 7/6/2011 3:49:37 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 14581

Error - 7/6/2011 3:49:39 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/6/2011 3:49:39 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 16684

Error - 7/6/2011 3:49:39 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 16684

Error - 7/6/2011 3:49:40 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 7/6/2011 3:49:40 PM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 17916

Error - 7/7/2011 11:21:00 AM | Computer Name = JP-DELL8600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 17916

[ System Events ]
Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7031
Description = The CAISafe service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 60000 milliseconds: Restart the
service.

Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The Google Update Service (gupdate) service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The HAVA Service service terminated unexpectedly. It has done this
1 time(s).

Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 7/8/2011 9:34:39 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 7/8/2011 9:34:40 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The Ulead Burning Helper service terminated unexpectedly. It has
done this 1 time(s).

Error - 7/8/2011 9:34:40 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7031
Description = The VET Message Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 7/8/2011 9:34:40 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The CaCCProvSP service terminated unexpectedly. It has done this
1 time(s).

Error - 7/8/2011 9:34:42 AM | Computer Name = JP-DELL8600 | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >


OTL logfile created on: 7/8/2011 9:41:53 AM - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Documents and Settings\JP\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.23 Mb Total Physical Memory | 92.22 Mb Available Physical Memory | 18.04% Memory free
1.22 Gb Paging File | 0.85 Gb Available in Paging File | 69.86% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 8.79 Gb Free Space | 25.58% Space Free | Partition Type: NTFS

Computer Name: JP-DELL8600 | User Name: JP | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/07/07 15:34:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
PRC - [2010/09/25 12:04:57 | 000,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
PRC - [2010/09/25 12:04:57 | 000,181,488 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
PRC - [2010/09/25 12:04:56 | 000,255,312 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
PRC - [2010/09/25 12:04:56 | 000,230,736 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
PRC - [2009/04/03 14:37:22 | 000,145,408 | ---- | M] (Monsoon Multimedia Inc.) -- C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe
PRC - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
PRC - [2008/04/14 08:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/25 12:04:57 | 000,214,256 | ---- | M] (CA, Inc.) [On_Demand | Running] -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP)
SRV - [2010/09/25 12:04:56 | 000,255,312 | ---- | M] (CA, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe -- (VETMSGNT)
SRV - [2009/04/03 14:37:22 | 000,145,408 | ---- | M] (Monsoon Multimedia Inc.) [Auto | Running] -- C:\Program Files\Monsoon Multimedia\HAVA\Common\havasvc.exe -- (havasvc)
SRV - [2008/08/30 15:14:36 | 000,144,696 | ---- | M] (Computer Associates International, Inc.) [Auto | Running] -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe -- (CAISafe)
SRV - [2004/12/13 04:34:32 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/09/25 12:16:55 | 000,746,216 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetefile.sys -- (VETEFILE)
DRV - [2010/09/25 12:16:55 | 000,130,280 | ---- | M] (Computer Associates International, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\veteboot.sys -- (VETEBOOT)
DRV - [2010/09/25 12:04:57 | 000,161,008 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetmonnt.sys -- (VETMONNT)
DRV - [2010/09/25 12:04:57 | 000,026,352 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-filt.sys -- (VET-FILT)
DRV - [2010/09/25 12:04:57 | 000,021,488 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vetfddnt.sys -- (VETFDDNT)
DRV - [2010/09/25 12:04:57 | 000,021,104 | ---- | M] (Computer Associates International, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\vet-rec.sys -- (VET-REC)
DRV - [2009/04/23 18:49:48 | 000,324,224 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HavaTV_10.sys -- (HavaTV_10)
DRV - [2009/04/23 18:49:48 | 000,324,224 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HavaTV.sys -- (HAVATV)
DRV - [2009/01/13 15:44:20 | 000,037,376 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\havabus.sys -- (havabus)
DRV - [2009/01/13 15:44:20 | 000,020,480 | ---- | M] (Monsoon Multimedia Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\havanet.sys -- (havanet)
DRV - [2004/10/21 17:56:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2004/09/15 21:53:06 | 000,263,608 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\stac97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2003/11/13 20:21:16 | 000,197,120 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2003/11/13 20:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/13 20:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/06/02 10:02:42 | 000,043,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://finance.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = AC AD AC 10 FE 1D EE 45 80 98 A8 91 85 18 F0 93 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://finance.yahoo.com/"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\JP\Local Settings\Application Data\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/07 15:34:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/23 00:14:48 | 000,000,000 | ---D | M]

[2010/09/25 12:06:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Extensions
[2011/07/07 14:22:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions
[2010/11/16 22:41:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/15 08:13:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/11/13 10:46:19 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Documents and Settings\JP\Application Data\Mozilla\Firefox\Profiles\iuuebuqm.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/03/27 01:33:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/07/07 15:34:07 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/07/08 09:36:12 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [CAVRID] C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe (CA, Inc.)
O4 - HKLM..\Run: [cctray] C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe (CA, Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Documents and Settings\JP\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Documents and Settings\JP\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\System32\VetRedir.dll (Computer Associates International, Inc.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://c3.prudentia...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.130 167.206.245.129
O20 - AppInit_DLLs: (C:\WINDOWS\system32\nddenb3232.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\JP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\JP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/25 11:31:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/07/08 09:34:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/07/07 14:32:03 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
[2011/07/07 14:24:47 | 001,458,992 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JP\Desktop\TDSSKiller.exe
[2011/07/07 14:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Desktop\GooredFix Backups
[2011/07/07 14:20:38 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\JP\Desktop\GooredFix.exe
[2011/07/07 14:10:10 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/07/07 14:09:05 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTM.exe
[2011/07/07 14:08:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/07/07 14:07:52 | 000,000,000 | ---D | C] -- C:\Erunt
[2011/07/07 13:52:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/07/07 13:52:19 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JP\My Documents\My Videos
[2011/07/07 13:52:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\JP\Start Menu\Programs\Administrative Tools
[2011/07/07 13:49:33 | 004,135,577 | R--- | C] (Swearware) -- C:\Documents and Settings\JP\Desktop\ComboFix.exe
[2011/06/15 03:24:34 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/12 02:29:50 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/06/10 03:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2011/06/10 00:03:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/06/10 00:03:46 | 000,000,000 | ---D | C] -- C:\Program Files\Combined Community Codec Pack
[2011/06/09 23:59:23 | 000,000,000 | ---D | C] -- C:\Program Files\Media Player Classic
[2011/06/09 23:58:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Application Data\Media Player Classic
[2011/06/09 23:53:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\My Hava Recordings
[2011/06/09 23:50:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\HAVA PC Player
[2011/06/09 23:49:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\HavaTimeShift
[2011/06/09 23:49:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\My Documents\HAVA Video Converter
[2011/06/09 23:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\Monsoon Multimedia
[2011/06/09 23:45:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\SetupWizard
[2011/06/09 23:45:09 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 23:43:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\HAVASO~1
[2011/06/09 23:10:36 | 000,131,072 | ---- | C] (Monsoon Multimedia Inc.) -- C:\WINDOWS\System32\IRBlaster32.dll
[2011/06/09 23:10:28 | 000,005,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstee.sys
[2011/06/09 23:10:12 | 000,010,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndisip.sys
[2011/06/09 23:10:04 | 000,015,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\streamip.sys
[2011/06/09 23:10:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ipsink.ax
[2011/06/09 23:10:03 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ipsink.ax
[2011/06/09 23:09:57 | 000,011,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\slip.sys
[2011/06/09 23:09:52 | 000,019,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wstcodec.sys
[2011/06/09 23:09:47 | 000,085,248 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\nabtsfec.sys
[2011/06/09 23:09:41 | 000,017,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ccdecode.sys
[2011/06/09 23:09:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vidcap.ax
[2011/06/09 23:09:18 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vidcap.ax
[2011/06/09 23:09:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kswdmcap.ax
[2011/06/09 23:09:17 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kswdmcap.ax
[2011/06/09 23:09:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kstvtune.ax
[2011/06/09 23:09:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kstvtune.ax
[2011/06/09 23:09:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vfwwdm32.dll
[2011/06/09 23:09:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vfwwdm32.dll
[2011/06/09 23:09:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\ksxbar.ax
[2011/06/09 23:09:17 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ksxbar.ax
[2011/06/09 23:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2011/06/09 23:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/06/09 23:08:17 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011/06/09 23:08:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Monsoon Multimedia
[2011/06/09 23:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Monsoon Multimedia
[2011/06/09 23:06:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\JP\Local Settings\Application Data\TempLogs
[2011/06/09 23:06:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft SOAP Toolkit Version 3
[2011/06/09 23:06:31 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2011/06/09 23:06:15 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Monsoon Multimedia
[1 C:\Documents and Settings\JP\*.tmp files -> C:\Documents and Settings\JP\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/07/08 09:50:17 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/07/08 09:38:24 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/07/08 09:38:23 | 000,021,612 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/07/08 09:37:33 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/08 09:37:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/07/08 09:36:12 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/07/07 16:16:05 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-839522115-1003UA.job
[2011/07/07 14:32:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTL.exe
[2011/07/07 14:24:15 | 001,327,397 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\tdsskiller.zip
[2011/07/07 14:20:45 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\JP\Desktop\GooredFix.exe
[2011/07/07 14:09:06 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\JP\Desktop\OTM.exe
[2011/07/07 14:06:18 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\erunt.zip
[2011/07/07 13:49:34 | 004,135,577 | R--- | M] (Swearware) -- C:\Documents and Settings\JP\Desktop\ComboFix.exe
[2011/07/06 15:18:33 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/07/03 12:19:54 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/01 18:46:24 | 001,458,992 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\JP\Desktop\TDSSKiller.exe
[2011/06/30 06:35:32 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/06/28 08:25:15 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\JP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/27 17:16:02 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-152049171-839522115-1003Core.job
[2011/06/23 00:14:50 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/06/15 03:28:51 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/15 03:28:51 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/10 03:53:40 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 00:22:25 | 000,000,406 | ---- | M] () -- C:\Documents and Settings\JP\My Documents\SHARE.lnk
[2011/06/10 00:00:01 | 000,000,766 | ---- | M] () -- C:\Documents and Settings\JP\Desktop\Shortcut to mplayerc.exe.lnk
[2011/06/09 23:45:09 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/06/09 23:42:09 | 000,250,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/06/09 23:08:04 | 000,002,015 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\HAVA PC Player.lnk
[1 C:\Documents and Settings\JP\*.tmp files -> C:\Documents and Settings\JP\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/07/07 14:24:11 | 001,327,397 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\tdsskiller.zip
[2011/07/07 14:06:15 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\erunt.zip
[2011/06/10 03:53:40 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2011/06/10 00:22:04 | 000,000,406 | ---- | C] () -- C:\Documents and Settings\JP\My Documents\SHARE.lnk
[2011/06/10 00:00:01 | 000,000,766 | ---- | C] () -- C:\Documents and Settings\JP\Desktop\Shortcut to mplayerc.exe.lnk
[2011/06/09 23:08:04 | 000,002,015 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\HAVA PC Player.lnk
[2010/12/23 00:50:32 | 000,056,816 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/05 13:24:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/27 22:54:44 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\JP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/25 12:18:30 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/09/25 12:10:17 | 000,021,612 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/09/25 12:06:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/25 11:35:12 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/25 11:27:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/09/25 07:14:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/25 07:13:06 | 000,250,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/04/14 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/14 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/14 08:00:00 | 000,432,924 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/14 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/14 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/14 08:00:00 | 000,067,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/14 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/14 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/14 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/14 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/14 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >
  • 0

#5
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Malwarebytes log:

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 7047

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/8/2011 10:18:31 AM
mbam-log-2011-07-08 (10-18-31).txt

Scan type: Quick scan
Objects scanned: 147117
Time elapsed: 10 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\02000000ed96368d1356c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ed96368d1356o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ed96368d1356p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ed96368d1356s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ed96368d1356c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ed96368d1356o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ed96368d1356p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ed96368d1356s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
  • 0

#6
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, Ran into a bit of a problem when I tried to run the Combofix.exe. I snoozed my CA anti-virus as directed before installing/running Combofix and this is the error message that popped up when I ran Combofix:

"Combofix cannot run when CA Anti-virus is installed. It would be dangerous to continue. Please uninstall CA Anti-virus or use another tool"

Please let me know how I should proceed. Thanks again for your help!
  • 0

#7
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
Just skip Combofix for now and go on with the others. Perhaps we won't need it.
  • 0

#8
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
aswMBR log:

aswMBR version 0.9.7.705 Copyright© 2011 AVAST Software
Run date: 2011-07-08 12:36:49
-----------------------------
12:36:49.992 OS Version: Windows 5.1.2600 Service Pack 3
12:36:49.992 Number of processors: 1 586 0xD06
12:36:49.992 ComputerName: JP-DELL8600 UserName: JP
12:36:51.474 Initialize success
12:37:14.627 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:37:14.637 Disk 0 Vendor: FUJITSU_MHT2040AH 006C Size: 38154MB BusType: 3
12:37:16.660 Disk 0 MBR read successfully
12:37:16.660 Disk 0 MBR scan
12:37:16.660 Disk 0 Windows XP default MBR code
12:37:18.673 Disk 0 scanning sectors +78124095
12:37:18.713 Disk 0 scanning C:\WINDOWS\system32\drivers
12:37:31.041 Service scanning
12:37:32.583 Disk 0 trace - called modules:
12:37:32.623 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
12:37:32.633 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x822fcab8]
12:37:32.633 3 CLASSPNP.SYS[f85a6fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x822fd830]
12:37:32.643 Scan finished successfully
12:38:05.721 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\JP\Desktop\MBR.dat"
12:38:05.761 The log file has been saved successfully to "C:\Documents and Settings\JP\Desktop\aswMBR.txt"
  • 0

#9
Jump

Jump

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi, The fix seems to be working. No redirects after trying 10 different searches. If possible, I would appreciate it if you can let me know how I can prevent this from happening in the future. Thanks again for all your help. Much appreciated.

Regards,
JP
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,029 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.

OTL has a Cleanup tab if you run it it will remove OTL and its backup files which contain the virus.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 26). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 22 which is new enough that it should be removed automatically. If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA is not enabled. CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA is OK but 0022 should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you can download and run the UpdateChecker:
http://www.filehippo.../updatechecker/


I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use Firefox (and you should use it or Chrome) then get the AdBlock Plus Add-on (also available for Chrome). WOT (Web of Trust) is another you might want to try tho I think it's only for Firefox at this time.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

I prefer the free Avast anti-virus over your CA:
Download and Save the installer:
http://www.avast.com...ivirus-download

Then uninstall CA and install Avast.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Make sure you register it. I like to turn off the Automatic updates announcements: Click on the Avast ball and then on Settings and then on Sounds then uncheck Automatic Updates and OK. This doesn't stop the updates. Just keeps the lady from announcing them in the middle of the night.

Online Armor is a good free firewall that works well with Avast.
http://www.online-ar...-armor-free.php

Some people like to use the
MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
which will keep you from going to many bad sites tho others claim it slows them down a bit.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP