PDA

View Full Version : Virus? XP Security, ping.exe, redirects



irving52
2011-12-18, 19:40
I had an XP Internet Security infection which I seem to have stopped by doing a System Restore (hope I didn't blow it there - but it made my computer inoperable by blocking any action I tried to do.) But I still have a problem when ping.exe uses up all my CPU. I go to Task Manager and close it. I'm also getting redirects from Google and pop-ups when I open other sites. I assume it's all related to one virus?
Here is my dds. Thanks SO MUCH!
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by OWNER at 9:10:06 on 2011-12-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.733 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\Program Files\Common Files\SupportSoft\bin\bcont.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Washer\WasherSvc.exe
C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\System32\ping.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe
uRun: [Desktop Software] "c:\program files\common files\supportsoft\bin\bcont.exe" /ini "c:\program files\comcastui\desktop software\uinstaller.ini" /fromrun /starthidden
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [<NO NAME>]
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307578475531
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{3E94C2FB-09D7-48F4-A6A9-6547B6972D13} : DhcpNameServer = 192.168.0.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\f4q8cx6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cruzio.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60401.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2011-6-9 9600]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsl7ed4871d;MpKsl7ed4871d;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d945d132-6628-4698-92ac-cce9dc5a7954}\MpKsl7ed4871d.sys [2011-12-16 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2011-6-30 618896]
S1 MpKsl77954acb;MpKsl77954acb;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4254461-b324-4aab-b754-c50cb017d1ae}\mpksl77954acb.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{f4254461-b324-4aab-b754-c50cb017d1ae}\MpKsl77954acb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-9 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-9 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-12-17 00:52:22 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d945d132-6628-4698-92ac-cce9dc5a7954}\MpKsl7ed4871d.sys
2011-12-17 00:52:05 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d945d132-6628-4698-92ac-cce9dc5a7954}\offreg.dll
2011-12-17 00:51:50 6823496 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d945d132-6628-4698-92ac-cce9dc5a7954}\mpengine.dll
2011-12-15 00:56:07 -------- d-----w- c:\program files\MW123
2011-12-13 17:12:39 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-12-13 17:12:39 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-25 17:24:15 -------- d-----w- c:\documents and settings\owner\local settings\application data\Identities
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-11-21 16:06:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-11-21 16:01:32 -------- d-----w- c:\program files\iPod
.
==================== Find3M ====================
.
2011-12-01 03:55:32 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-04 19:20:51 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20:51 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23:59 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07:10 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31:48 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37:08 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52:02 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 22:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 01:38:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-02 18:17:28 2400568 ----a-w- c:\program files\HousecallLauncher64.exe
.
============= FINISH: 9:10:40.30 ===============

jeffce
2011-12-22, 22:11
Hi and Welcome!! :) My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Watch Topic button to the right of your topic title and then choosing the notification method ( Recommended: Inmediate Notification)
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.

IMPORTANT NOTE : Please do not delete anything unless instructed to.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.
Doing so could make your system inoperable and could require a full reinstall of your OS losing all your programs and data.

Vista and Windows 7 users:
These tools MUST be run from the executable (.exe) every time you run them
with Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.
----------

**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.

Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.

If you would like to format and reinstall your Operating System please let me know and we can assist you with that.

If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------

Please download TDSSKiller.zip (http://support.kaspersky.com/downloads/utils/tdsskiller.zip)

Extract it to your desktop
Double click TDSSKiller.exe
Press Start Scan

Only if Malicious objects are found then ensure Cure is selected
Then click Continue > Reboot now

Copy and paste the log in your next reply

A copy of the log will be saved automatically to the root of the drive (typically C:\)

----------

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs (http://forums.whatthetech.com/How_to_Disable_your_Security_Programs_t96260.html)

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


http://img.photobucket.com/albums/v706/ried7/RCUpdate1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://img.photobucket.com/albums/v706/ried7/RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
----------

If you have chosen to attempt to clean, please post the logs created by TDSSKiller and ComboFix. :)

irving52
2011-12-24, 04:04
What you say is unsettling, to say the least. I do want to try to clean my computer. Please advise me if you think I should just delete everything and start from scratch. I do have a backup hard drive.
I ran the TDSSKiller; it didn't find anything.
(Note: between my original post and now, I received a Windows update and told it to run. I don't know if that addressed my infection at all.

Here is the log from combofix. Thanks for the help!:

ComboFix 11-12-23.01 - OWNER 12/23/2011 17:34:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.1072 [GMT -8:00]
Running from: c:\documents and settings\OWNER\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\Adobe\sp.Dll
c:\windows\$NtUninstallKB46948$
c:\windows\$NtUninstallKB46948$\1815599955\@
c:\windows\$NtUninstallKB46948$\1815599955\bckfg.tmp
c:\windows\$NtUninstallKB46948$\1815599955\cfg.ini
c:\windows\$NtUninstallKB46948$\1815599955\Desktop.ini
c:\windows\$NtUninstallKB46948$\1815599955\keywords
c:\windows\$NtUninstallKB46948$\1815599955\kwrd.dll
c:\windows\$NtUninstallKB46948$\1815599955\L\ivohefmz
c:\windows\$NtUninstallKB46948$\1815599955\lsflt7.ver
c:\windows\$NtUninstallKB46948$\1815599955\U\00000001.@
c:\windows\$NtUninstallKB46948$\1815599955\U\00000002.@
c:\windows\$NtUninstallKB46948$\1815599955\U\00000004.@
c:\windows\$NtUninstallKB46948$\1815599955\U\80000000.@
c:\windows\$NtUninstallKB46948$\1815599955\U\80000004.@
c:\windows\$NtUninstallKB46948$\1815599955\U\80000032.@
c:\windows\$NtUninstallKB46948$\2450200787
c:\windows\system32\oobe\isperror
c:\windows\system32\oobe\isperror\ispcnerr.htm
c:\windows\system32\oobe\isperror\ispdtone.htm
c:\windows\system32\oobe\isperror\isphdshk.htm
c:\windows\system32\oobe\isperror\ispins.htm
c:\windows\system32\oobe\isperror\ispnoanw.htm
c:\windows\system32\oobe\isperror\isppberr.htm
c:\windows\system32\oobe\isperror\ispphbsy.htm
c:\windows\system32\oobe\isperror\ispsbusy.htm
c:\windows\system32\SET12B.tmp
c:\windows\system32\SET137.tmp
F:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.afd
-------\Service_SPService
.
.
((((((((((((((((((((((((( Files Created from 2011-11-24 to 2011-12-24 )))))))))))))))))))))))))))))))
.
.
2011-12-24 01:48 . 2011-12-24 01:48 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1678539C-AEF4-4082-ADC2-4CD62E0AAA5B}\offreg.dll
2011-12-24 01:25 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{1678539C-AEF4-4082-ADC2-4CD62E0AAA5B}\mpengine.dll
2011-12-19 00:35 . 2011-12-19 00:35 -------- d-----w- c:\program files\Seagate
2011-12-19 00:35 . 2011-12-19 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2011-12-15 04:12 . 2011-12-15 04:12 -------- d-----w- c:\program files\ERUNT
2011-12-15 00:56 . 2011-12-15 00:56 -------- d-----w- c:\program files\MW123
2011-12-13 17:12 . 2011-12-13 17:12 -------- d-----w- c:\windows\system32\wbem\Repository
2011-11-25 17:24 . 2011-11-25 17:24 -------- d-----w- c:\documents and settings\OWNER\Local Settings\Application Data\Identities
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 03:55 . 2011-06-09 20:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-06-11 15:25 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 01:38 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-08 22:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2011-09-26 18:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2011-09-26 18:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2011-07-02 18:17 . 2011-07-02 18:17 2400568 ----a-w- c:\program files\HousecallLauncher64.exe
2011-11-05 06:53 . 2011-06-09 21:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2011-04-20 1633680]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-17 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2011-04-10 17:18 1733120 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2011-05-11 05:27 5607080 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [6/9/2011 1:31 PM 9600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 9:54 AM 116608]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/30/2011 3:49 PM 618896]
S1 MpKsl77954acb;MpKsl77954acb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4254461-B324-4AAB-B754-C50CB017D1AE}\MpKsl77954acb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4254461-B324-4AAB-B754-C50CB017D1AE}\MpKsl77954acb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2011 1:21 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2011 1:21 PM 135664]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc427b1e60cf5e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 21:21]
.
2011-12-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc427b1e9a082e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 21:21]
.
2011-12-24 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cruzio.com/
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{96AFBE69-C3B0-4b00-8578-D933D2896EE2} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-23 17:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2112)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\stsystra.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2011-12-23 17:52:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-24 01:52
.
Pre-Run: 252,923,031,552 bytes free
Post-Run: 253,468,565,504 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 9E50C984C2042BE423BFF61C331E07DB

jeffce
2011-12-24, 18:44
Hi,

Well, it looks like ComboFix has already neutralized the worst infection on the system so we may not need a restore. :)
----------

GMER

Download GMER Rootkit Scanner from here (http://www.gmer.net/gmer.zip) or here (http://www.majorgeeks.com/download.php?det=5198).

Extract the contents of the zipped file to desktop.
Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg)
Click the image to enlarge it

In the right panel, you will see several boxes that have been checked. Uncheck the following ...
IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)

Then click the Scan button & wait for it to finish.
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.

Save it where you can easily find it, such as your desktop, and attach it in your reply.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries.
----------

irving52
2011-12-25, 18:05
Here is the log from Gmer. I have my fingers crossed. My computer has been acting normal recently. No ping.exe issues or redirects from Google. I do worry something could be working in the background that is stealing my information. How does one know for sure?
Thanks again for the help. I, and I hope others reading this, will (should) send in a contribution.


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-25 06:53:03
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e ST3500630NS_Q rev.3.BTJ
Running: gmer.exe; Driver: C:\DOCUME~1\OWNER\LOCALS~1\Temp\kfwdrpog.sys


---- Kernel code sections - GMER 1.0.15 ----

? Combo-Fix.sys The system cannot find the file specified. !
? C:\ComboFix\catchme.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[1880] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 01262EC0 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Webroot\Washer\WasherSvc.exe[2056] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0008EE55 C:\Program Files\Webroot\Washer\WasherSvc.exe (Window Washer Engine/Webroot Software, Inc.)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3332] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 106AC350 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3332] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 106AC2E2 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3332] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 1045E363 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3332] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1045E91C C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

jeffce
2011-12-26, 05:02
Hi irving,

Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform quick scan, then click Scan as shown below.

http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM.jpg

When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.



The log can also be found here:
C:\Documents and Settings\<User name>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------

ESET Online Scanner
I'd like us to scan your machine with ESET Online Scan

Note: It is recommended to disable on-board anti-virus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your anti-virus along with your anti-spyware programs.



Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop.

Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png
Click the Start button.
Accept any security warnings from your browser.
Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the Back button.
Push Finish

http://www.eset.com/onlinescan/
----------

In your next reply please post the logs created by Malwarebytes and ESET online scanner. :)

irving52
2011-12-26, 19:30
Here are the results of the scans. Because of the additional steps of downloading the Eset scan in Mozilla, I ran it from IE. Does that matter? I usually use Mozilla. If it makes a difference, I could run it again in Mozilla.
Thanks again.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 911122602

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/26/2011 7:10:31 AM
mbam-log-2011-12-26 (07-10-31).txt

Scan type: Quick scan
Objects scanned: 178209
Time elapsed: 5 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


C:\BACKUP\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-35c6558f Java/Agent.DY trojan
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-2aae5079 Java/Exploit.CVE-2011-3544.F trojan
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\13\b6e408d-3ee52776 a variant of Java/Exploit.Blacole.AF trojan
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-742f8441 Java/Agent.DY trojan
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-1f5819a4 Java/Exploit.CVE-2011-3544.F trojan

irving52
2011-12-26, 19:33
Maybe you know this, but the last section (the C:\ section) is from the Eset scan.

jeffce
2011-12-26, 21:48
Hi irving52,


I ran it from IE. Does that matter?No you did everything just fine. :)
-------------



Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


File::
C:\BACKUP\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-35c6558f
C:\Documents and Settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-2aae5079
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\13\b6e408d-3ee52776
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-742f8441
C:\Documents and Settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-1f5819a4


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------

How is your system running now? :)

irving52
2011-12-26, 22:40
ComboFix 11-12-26.02 - OWNER 12/26/2011 12:27:11.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1526.917 [GMT -8:00]
Running from: c:\documents and settings\OWNER\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\OWNER\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\backup\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-35c6558f"
"c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-2aae5079"
"c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\13\b6e408d-3ee52776"
"c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-742f8441"
"c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-1f5819a4"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\backup\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudInternetSecurity7.zip
c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-35c6558f
c:\documents and settings\NetworkService\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-2aae5079
c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\13\b6e408d-3ee52776
c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\34\6924d4a2-742f8441
c:\documents and settings\OWNER\Application Data\Sun\Java\Deployment\cache\6.0\38\1b6211a6-1f5819a4
.
.
((((((((((((((((((((((((( Files Created from 2011-11-26 to 2011-12-26 )))))))))))))))))))))))))))))))
.
.
2011-12-26 18:16 . 2011-12-26 18:16 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659E631D-38DC-472E-B85E-330DD65E90F8}\MpKsl9215cbf2.sys
2011-12-26 18:16 . 2011-12-26 18:16 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659E631D-38DC-472E-B85E-330DD65E90F8}\offreg.dll
2011-12-26 18:15 . 2011-11-21 10:47 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659E631D-38DC-472E-B85E-330DD65E90F8}\mpengine.dll
2011-12-26 15:19 . 2011-12-26 15:19 -------- d-----w- c:\program files\ESET
2011-12-19 00:35 . 2011-12-19 00:35 -------- d-----w- c:\program files\Seagate
2011-12-19 00:35 . 2011-12-19 00:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2011-12-15 04:12 . 2011-12-15 04:12 -------- d-----w- c:\program files\ERUNT
2011-12-15 00:56 . 2011-12-15 00:56 -------- d-----w- c:\program files\MW123
2011-12-13 17:12 . 2011-12-13 17:12 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-01 03:55 . 2011-06-09 20:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-23 13:25 . 2004-08-10 11:00 1859584 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2011-06-11 15:25 6823496 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-11-04 19:20 . 2006-03-04 03:33 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 19:20 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:20 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2004-08-10 11:00 1288704 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:31 . 2004-08-10 11:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-25 13:37 . 2005-03-30 01:21 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 12:52 . 2005-03-30 01:01 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-24 22:29 . 2011-10-24 22:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 22:29 . 2011-10-24 22:29 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-15 01:38 . 2004-08-10 11:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2011-06-08 22:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-09-28 07:06 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32(2).dll
2011-07-02 18:17 . 2011-07-02 18:17 2400568 ----a-w- c:\program files\HousecallLauncher64.exe
2011-11-05 06:53 . 2011-06-09 21:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-12-24_01.49.09 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2011-04-20 1633680]
"Desktop Software"="c:\program files\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-10 169328]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-17 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Amazon Unbox.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
backup=c:\windows\pss\Amazon Unbox.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-05-12 06:12 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
2005-06-01 16:35 49152 ----a-w- c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeePass 2 PreLoad]
2011-04-10 17:18 1733120 ----a-w- c:\program files\KeePass Password Safe 2\KeePass.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDTray]
2011-05-11 05:27 5607080 ----a-w- c:\program files\Spybot - Search & Destroy 2\SDTray.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDTray.exe"=
"c:\\Program Files\\Spybot - Search & Destroy 2\\SDUpdate.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [6/9/2011 1:31 PM 9600]
R1 MpKsl9215cbf2;MpKsl9215cbf2;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{659E631D-38DC-472E-B85E-330DD65E90F8}\MpKsl9215cbf2.sys [12/26/2011 10:16 AM 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 10:25 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 10:41 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [5/4/2011 9:54 AM 116608]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [6/30/2011 3:49 PM 618896]
S1 MpKsl77954acb;MpKsl77954acb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4254461-B324-4AAB-B754-C50CB017D1AE}\MpKsl77954acb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F4254461-B324-4AAB-B754-C50CB017D1AE}\MpKsl77954acb.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2011 1:21 PM 135664]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/9/2011 1:21 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KFWDRPOG
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MPKSL765770AC
*NewlyCreated* - MPKSL9215CBF2
*Deregistered* - kfwdrpog
*Deregistered* - MpKsl765770ac
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc427b1e60cf5e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 21:21]
.
2011-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cc427b1e9a082e.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-09 21:21]
.
2011-12-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 22:39]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.cruzio.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 12:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2011-12-26 12:36:28
ComboFix-quarantined-files.txt 2011-12-26 20:36
ComboFix2.txt 2011-12-24 01:52
.
Pre-Run: 254,832,340,992 bytes free
Post-Run: 254,827,065,344 bytes free
.
- - End Of File - - 171FA40C0604B944693FB6E98018A6F7

jeffce
2011-12-27, 00:18
Hi,


How is your system running now?
---------------

Please run a new scan with DDS and post both of the logs created into your next reply. :)

irving52
2011-12-27, 02:49
I ran the DDS killer. It didn't find anything. (It didn't find anything the first time either). I'm not sure what you mean about posting both logs. Did you want me to run Combofix again too?

irving52
2011-12-27, 02:50
Things seem to be running fine. None of the original problems are happening now. Does this mean I'm clean?

jeffce
2011-12-27, 03:00
Hi,

Glad to hear things are running better. :)
--------

DDS is the very first scan that you ran. :) There will be two logs created...DDS.txt and Attach.txt

irving52
2011-12-27, 03:38
Sorry. I was confused there for a second. When I run the original DDS scan a black box opens up for a couple seconds, then disappears and there are no logs opened up when it's finished. Am I doing something wrong?

jeffce
2011-12-27, 05:17
Ok...go ahead and delete that copy of DDS, download a new copy and then run a new scan. :) If you still have problems let me know.

irving52
2011-12-27, 06:25
Yeah. I still have problems. I download the program and run it, the black box shows up for a second or so, disappears, and nothing happens. No log files show up, I went to bleepingcomputer to try and find the program and run it directly but I'm not sure where it is.
I ran it in IE too, with the same result.
Underneath the dds icon on my downloads, it says "screen saver". I'm not sure why it isn't running. Or, if it is running, what happens to it. Any ideas?
Sorry. This is frustrating, eh?
Do you have a download link? Not sure what to do.

jeffce
2011-12-27, 06:45
Hi,

Lets try another scan tool. :)


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.


----------

irving52
2011-12-27, 07:10
Here are the logs. In two posts.
Thanks.

OTL.TXT


OTL logfile created on: 12/26/2011 8:53:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OWNER\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 58.29% Memory free
3.34 Gb Paging File | 2.85 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 237.21 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 1.45 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-D9DC4BD2AF | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\OWNER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Webroot\Washer\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (catchme) -- File not found
DRV - (MpKsl520665a0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94311ED-7F9C-491F-B51E-0F1CAAAFC9D3}\MpKsl520665a0.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ISODisk) -- C:\WINDOWS\System32\drivers\ISODisk.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 AF D7 BA 4D C4 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cruzio.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Components: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\plugins

[2011/06/09 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2011/11/12 11:37:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions
[2010/12/08 17:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/12 10:43:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)
[2011/03/31 15:06:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com
[2011/12/26 19:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/26 19:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F4Q8CX6V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/09 13:36:44 | 000,001,920 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/26 12:34:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307578475531 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94C2FB-09D7-48F4-A6A9-6547B6972D13}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/08 14:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/26 20:51:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2011/12/26 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/26 19:04:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/26 13:14:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/26 07:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 09:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\Virus Work
[2011/12/23 17:24:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/23 17:22:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/23 17:22:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/23 17:22:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/23 17:22:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/23 17:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
[2011/12/18 16:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/18 09:10:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Administrative Tools
[2011/12/14 20:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/14 20:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/14 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/14 16:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\MW123
[2011/12/13 09:11:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\OWNER\Recent
[2011/12/12 23:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/12 23:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/12 23:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/02 10:17:02 | 002,400,568 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher64.exe
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/12/26 20:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2011/12/26 20:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc427b1e9a082e.job
[2011/12/26 17:17:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
[2011/12/26 12:34:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/26 07:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/26 02:29:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc427b1e60cf5e.job
[2011/12/26 02:06:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/23 17:47:56 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/23 17:24:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/12/23 17:18:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
[2011/12/21 20:09:16 | 000,252,970 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2011/12/21 20:09:15 | 000,194,749 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2011/12/20 10:10:37 | 000,030,208 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/19 08:59:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 16:37:39 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
[2011/12/18 16:35:41 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2011/12/18 09:29:43 | 000,017,704 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\Letter to Maria.odt
[2011/12/16 16:40:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 16:27:36 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/13 09:08:56 | 000,014,750 | -HS- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/13 09:08:56 | 000,014,750 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/08 08:49:14 | 000,000,032 | ---- | M] () -- C:\cookies.dom
[2011/12/05 10:45:53 | 048,922,159 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
[2011/11/30 19:55:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/30 09:53:06 | 032,519,421 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/12/23 17:24:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/12/23 17:24:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/23 17:22:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/23 17:22:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/23 17:22:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/23 17:22:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/23 17:22:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 17:18:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
[2011/12/18 16:37:39 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
[2011/12/18 16:35:41 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2011/12/12 23:45:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/08 08:44:55 | 000,000,032 | ---- | C] () -- C:\cookies.dom
[2011/12/05 10:45:49 | 048,922,159 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
[2011/11/30 09:53:04 | 032,519,421 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3
[2011/11/12 02:29:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{54509B50-054B-4C96-9E42-87ACA108E25B}
[2011/11/09 12:48:21 | 000,252,970 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2011/11/09 12:48:02 | 000,194,749 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2011/07/27 07:38:51 | 000,022,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/02 10:15:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\housecall.guid.cache
[2011/06/13 20:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/06/13 09:43:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2011/06/09 19:51:53 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/09 16:34:00 | 000,081,078 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2011/06/09 16:34:00 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2011/06/09 16:33:51 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/06/09 13:36:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/06/09 13:31:45 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2011/06/09 13:31:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/06/09 13:17:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/09 13:17:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/09 13:16:59 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/09 13:16:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/09 13:16:58 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/08 14:48:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 14:40:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/08 07:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/08 07:32:28 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/06 11:24:34 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 14:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 03:00:00 | 000,501,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 03:00:00 | 000,087,346 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/07/06 19:12:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/06/08 14:53:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2011/12/18 16:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/07/16 09:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/06/19 09:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/06/09 12:49:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/22 17:01:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Amazon
[2011/07/06 20:26:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Audacity
[2011/07/18 10:59:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\EA
[2011/09/24 10:44:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\Foxit Software
[2011/06/13 12:52:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\inkscape
[2011/06/13 14:05:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\OWNER\Application Data\LibreOffice
[2011/12/26 02:06:39 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

irving52
2011-12-27, 07:11
Extras.Txt

OTL Extras logfile created on: 12/26/2011 8:53:37 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OWNER\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.87 Gb Available Physical Memory | 58.29% Memory free
3.34 Gb Paging File | 2.85 Gb Available in Paging File | 85.34% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 237.21 Gb Free Space | 50.93% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 1.45 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-D9DC4BD2AF | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1E38D402-2678-4668-9812-45CD06658846}" = LibreOffice 3.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 30
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BF731945-7AAD-45E3-A202-A60C9213915C}_is1" = ISODisk 1.1
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C5307DF8-9370-4646-9034-C28E2B44992C}" = Foxit Reader
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D22002ED-EE2A-4CB1-A63D-430E62A2E8D8}" = Google SketchUp 8
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{E7394A0F-3F80-45B1-87FC-ABCD51893246}" = Python 2.6.4
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F1670367-C07F-411f-A196-79D2C65CBEC0}" = PS8200
"{F1CECE09-7CBE-4E98-B435-DA87CDA86167}" = Skype™ 5.3
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic
"7-Zip" = 7-Zip 9.22beta
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.12
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"DVD Flick_is1" = DVD Flick 1.3.0.7
"DVDFab 8 Qt_is1" = DVDFab 8.0.9.8 (08/06/2011) Qt
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"ESPNMotion" = ESPNMotion
"FileHippo.com" = FileHippo.com Update Checker
"Google Chrome" = Google Chrome
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"HandBrake" = HandBrake 0.9.5
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Index.dat Analyzer_is1" = Index.dat Analyzer v2.0
"Inkscape" = Inkscape 0.48.1
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"IrfanView" = IrfanView (remove only)
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.15
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.5.0 (Full)
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Miro" = Miro
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (5.0b1)" = Mozilla Thunderbird (5.0b1)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Personal Backup_is1" = Personal Backup 4.5
"Phlinx To Go" = Phlinx To Go
"Picasa 3" = Picasa 3
"Pidgin" = Pidgin
"PROSet" = Intel(R) PRO Network Connections Drivers
"Recuva" = Recuva
"Scribus 1.4.0" = Scribus 1.4.0rc3
"Songbird-release-1959" = Songbird 1.9.3 (Build 1959)
"VLC media player" = VLC media player 1.1.10
"Window Washer" = Window Washer
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WM Capture" = WM Capture
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/12/2011 12:40:37 PM | Computer Name = USER-D9DC4BD2AF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/12/2011 12:53:35 PM | Computer Name = USER-D9DC4BD2AF | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/12/2011 12:53:45 PM | Computer Name = USER-D9DC4BD2AF | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072742.

Error - 11/12/2011 12:56:17 PM | Computer Name = USER-D9DC4BD2AF | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/12/2011 12:56:21 PM | Computer Name = USER-D9DC4BD2AF | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072742.

Error - 11/12/2011 1:00:58 PM | Computer Name = USER-D9DC4BD2AF | Source = JavaQuickStarterService | ID = 1
Description =

Error - 11/12/2011 1:01:05 PM | Computer Name = USER-D9DC4BD2AF | Source = Media Center Extender Services | ID = 36865
Description = ERROR: Device Service Listener - UDP networking failed. Error code
0x80072742.

Error - 11/12/2011 1:11:58 PM | Computer Name = USER-D9DC4BD2AF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/12/2011 1:37:43 PM | Computer Name = USER-D9DC4BD2AF | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80080005, P2 beginsearch, P3 search, P4
3.0.8402.0, P5 mpsigdwn.dll, P6 3.0.8402.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

Error - 11/12/2011 1:42:35 PM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Security Client | ID = 5000
Description =

[ System Events ]
Error - 12/22/2011 3:04:12 AM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1438.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/23/2011 2:58:26 AM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1438.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/23/2011 3:04:51 AM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1438.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/23/2011 5:41:54 AM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1438.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/23/2011 9:16:22 PM | Computer Name = USER-D9DC4BD2AF | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 12/23/2011 9:35:46 PM | Computer Name = USER-D9DC4BD2AF | Source = DCOM | ID = 10010
Description = The server {7F6316B4-4D69-4765-B0A3-B2598F2FA80A} did not register
with DCOM within the required timeout.

Error - 12/24/2011 9:42:51 PM | Computer Name = USER-D9DC4BD2AF | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort1, did not respond within the timeout
period.

Error - 12/25/2011 9:48:16 PM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1704.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/25/2011 9:53:17 PM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1704.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 12/26/2011 6:06:40 AM | Computer Name = USER-D9DC4BD2AF | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.117.1704.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.7903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

jeffce
2011-12-27, 20:38
Hi irving52,

Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL



:Services

:OTL
[2011/06/09 19:51:53 | 000,030,208 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[2011/12/12 21:42:08 | 000,014,750 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/11/12 10:43:01 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)
[2011/03/31 15:06:19 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com

:Files
ipconfig /flushdns /c

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" =-

:Commands
[purity]
[resethosts]
[clearallrestorepoints]
[emptyflash]
[emptyjava]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered. There will be a log created when it completes that I will need in your next reply. Reboot when it is done.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

----------

In your next reply please post the logs that are created by OTL and also let me know how your system is running. :)

irving52
2011-12-27, 21:44
OTL fix log. Then the OTL scan log. My computer is running fine. I monitor the Task Manager and there aren't any processes running amok like before - mainly ping.exe and svchost.exe. It there some reason I have svchost.exe EIGHT times in my processes? 3 times as SYSTEM, 3 times as LOCAL SERVICE, and 2 times as NETWORK SERVICE. My router is connected to a wireless unit for another user. Just wondering.
Anyway, here are the logs. THANKS again!!

All processes killed
========== SERVICES/DRIVERS ==========
========== OTL ==========
C:\Documents and Settings\OWNER\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\OWNER\Local Settings\Application Data\wuhbph4v0vae7wml0lsb4w120x8j moved successfully.
C:\Documents and Settings\All Users\Application Data\wuhbph4v0vae7wml0lsb4w120x8j moved successfully.
C:\WINDOWS\003004_.tmp deleted successfully.
C:\WINDOWS\SET2D.tmp deleted successfully.
C:\WINDOWS\SET2E.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\searchplugin(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\modules(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\META-INF(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\defaults(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\components(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2)\chrome(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}(2) folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\engine@conduit.com folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\OWNER\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\OWNER\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\1900:UDP deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore points cleared and new OTL Restore Point set!

[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 56468 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 20988 bytes

User: OWNER
->Flash cache emptied: 57341 bytes

User: USER

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Java cache emptied: 5287 bytes

User: OWNER
->Java cache emptied: 57182 bytes

User: USER

Total Java Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65536 bytes
->Temporary Internet Files folder emptied: 32835 bytes

User: NetworkService
->Temp folder emptied: 4024 bytes
->Temporary Internet Files folder emptied: 9437318 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: OWNER
->Temp folder emptied: 15685133 bytes
->Temporary Internet Files folder emptied: 8147504 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 133433212 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: USER

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 284573 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 67 bytes
RecycleBin emptied: 6127027 bytes

Total Files Cleaned = 165.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12272011_111906

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


OTL logfile created on: 12/27/2011 11:27:13 AM - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\OWNER\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.49 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 65.32% Memory free
3.34 Gb Paging File | 2.94 Gb Available in Paging File | 87.84% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 242.65 Gb Free Space | 52.10% Space Free | Partition Type: NTFS
Drive F: | 232.88 Gb Total Space | 1.45 Gb Free Space | 0.62% Space Free | Partition Type: NTFS

Computer Name: USER-D9DC4BD2AF | User Name: OWNER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\OWNER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
PRC - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
PRC - C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\6303e256d2ac0843c3e4c24172c90544\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\90b90e700e59d73d6d692cf74e1ba16e\System.Management.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\bce0720436dc6cb76006377f295ea365\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\70cacc44f0b4257f6037eda7a59a0aeb\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\c10bea3c4bb7ef654651141bf9419090\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\Webroot\Washer\Languages\English.dll ()
MOD - C:\Program Files\Webroot\Washer\sqlite3.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\Program Files\Amazon\Amazon Unbox Video\LimelightDownloadManager.dll ()
MOD - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\pdfcmnnt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (wwEngineSvc) -- C:\Program Files\Webroot\Washer\WasherSvc.exe (Webroot Software, Inc.)
SRV - (ADVService) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe (Amazon.com)
SRV - (NMSAccess) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (Basics Service) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe (Seagate Technology LLC)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (MpKsl2461894e) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94311ED-7F9C-491F-B51E-0F1CAAAFC9D3}\MpKsl2461894e.sys (Microsoft Corporation)
DRV - (MpKsl520665a0) -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{C94311ED-7F9C-491F-B51E-0F1CAAAFC9D3}\MpKsl520665a0.sys (Microsoft Corporation)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (ISODisk) -- C:\WINDOWS\System32\drivers\ISODisk.sys ()
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 88 AF D7 BA 4D C4 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.cruzio.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files\Mozilla Sunbird\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files\Mozilla Sunbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Components: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\components [2011/11/21 08:06:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0b1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 5.0 Beta 1\plugins

[2011/06/09 10:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Extensions
[2011/12/27 11:19:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions
[2010/12/08 17:54:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\OWNER\Application Data\Mozilla\Firefox\Profiles\f4q8cx6v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/12/26 19:04:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/26 19:04:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\F4Q8CX6V.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011/11/04 22:53:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/09 13:36:44 | 000,001,920 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml
[2011/11/04 19:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/04 19:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\15.0.874.106\pdf.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2011/12/27 11:19:10 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKCU..\Run: [Desktop Software] C:\Program Files\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1307578475531 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E94C2FB-09D7-48F4-A6A9-6547B6972D13}: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\OWNER\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/06/08 14:45:01 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/12/27 11:19:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/26 20:51:03 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2011/12/26 19:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/12/26 19:04:28 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/12/26 19:04:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/12/26 13:14:53 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/12/26 07:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/12/25 09:22:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\OWNER\Desktop\Virus Work
[2011/12/23 17:24:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/12/23 17:22:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/23 17:22:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/23 17:22:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/23 17:22:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/23 17:11:31 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/23 14:52:26 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
[2011/12/18 16:35:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seagate
[2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2011/12/18 16:35:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2011/12/18 09:10:07 | 000,000,000 | R--D | C] -- C:\Documents and Settings\OWNER\Start Menu\Programs\Administrative Tools
[2011/12/14 20:13:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/12/14 20:12:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/12/14 20:12:32 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/14 16:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\MW123
[2011/12/13 09:11:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\OWNER\Recent
[2011/12/12 23:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/12 23:44:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/12 23:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/07/02 10:17:02 | 002,400,568 | ---- | C] (Trend Micro Inc.) -- C:\Program Files\HousecallLauncher64.exe

========== Files - Modified Within 30 Days ==========

[2011/12/27 11:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA1cc427b1e9a082e.job
[2011/12/27 11:26:30 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/12/27 11:21:25 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc427b1e60cf5e.job
[2011/12/27 11:21:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/27 11:19:10 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/12/27 11:13:51 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
[2011/12/27 11:13:51 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
[2011/12/26 20:51:12 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\OWNER\Desktop\OTL.exe
[2011/12/26 17:17:32 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\OWNER\Desktop\TDSSKiller.exe
[2011/12/26 07:48:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/23 17:24:22 | 000,000,325 | RHS- | M] () -- C:\boot.ini
[2011/12/23 17:18:28 | 000,000,660 | ---- | M] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
[2011/12/21 20:09:16 | 000,252,970 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2011/12/21 20:09:15 | 000,194,749 | ---- | M] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2011/12/19 08:59:04 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/18 16:37:39 | 000,000,826 | ---- | M] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
[2011/12/18 16:35:41 | 000,001,964 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2011/12/18 09:29:43 | 000,017,704 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\Letter to Maria.odt
[2011/12/16 16:40:31 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/14 16:27:36 | 000,130,888 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/08 08:49:14 | 000,000,032 | ---- | M] () -- C:\cookies.dom
[2011/12/05 10:45:53 | 048,922,159 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
[2011/11/30 19:55:32 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/30 09:53:06 | 032,519,421 | ---- | M] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3

========== Files Created - No Company Name ==========

[2011/12/27 11:13:51 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\NTREGOPT.lnk
[2011/12/27 11:13:51 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\ERUNT.lnk
[2011/12/23 17:24:22 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/12/23 17:24:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/12/23 17:22:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/23 17:22:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/23 17:22:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/23 17:22:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/23 17:22:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/23 17:18:28 | 000,000,660 | ---- | C] () -- C:\Documents and Settings\OWNER\Desktop\Shortcut to ComboFix.lnk
[2011/12/18 16:37:39 | 000,000,826 | ---- | C] () -- C:\Documents and Settings\OWNER\.recently-used.xbel
[2011/12/18 16:35:41 | 000,001,964 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Drive Manager.lnk
[2011/12/12 23:45:48 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/08 08:44:55 | 000,000,032 | ---- | C] () -- C:\cookies.dom
[2011/12/05 10:45:49 | 048,922,159 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\SYDemo_HOUR.mp3
[2011/11/30 09:53:04 | 032,519,421 | ---- | C] () -- C:\Documents and Settings\OWNER\My Documents\5ChinaRide5.mp3
[2011/11/12 02:29:30 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\{54509B50-054B-4C96-9E42-87ACA108E25B}
[2011/11/09 12:48:21 | 000,252,970 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\census.cache
[2011/11/09 12:48:02 | 000,194,749 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\ars.cache
[2011/07/27 07:38:51 | 000,022,364 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/07/02 10:15:32 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\housecall.guid.cache
[2011/06/13 20:30:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
[2011/06/13 09:43:09 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\OWNER\Local Settings\Application Data\fusioncache.dat
[2011/06/09 16:34:00 | 000,081,078 | ---- | C] () -- C:\WINDOWS\HPHins08.dat
[2011/06/09 16:34:00 | 000,004,011 | ---- | C] () -- C:\WINDOWS\hphmdl08.dat
[2011/06/09 16:33:51 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/06/09 13:36:53 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/06/09 13:31:45 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\ISODisk.sys
[2011/06/09 13:31:24 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011/06/09 13:17:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/06/09 13:17:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/06/09 13:16:59 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/06/09 13:16:59 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/06/09 13:16:58 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/06/08 14:48:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/06/08 14:40:58 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/06/08 07:33:43 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/08 07:32:28 | 000,130,888 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/06 11:24:34 | 000,000,471 | ---- | C] () -- C:\WINDOWS\System32\OEMInfo.ini
[2005/08/05 13:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/03/22 14:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 14:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 03:00:00 | 000,501,822 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 03:00:00 | 000,087,346 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >

jeffce
2011-12-28, 00:18
Hi irving52,


I have svchost.exe EIGHT times in my processesThat is not a problem and is common. :)
-------------

IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :) SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :)

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)

http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg
----------

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

----------

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:
Open Internet Explorer
Click on Tools > Internet Options
Press Security tab
Select Internet zone then place check next to Enable Protected Mode if not already done
Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)

5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

6. Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

7. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

8.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

irving52
2011-12-28, 10:01
Thanks for all your help. I really appreciate it. Things seems to be running fine but I will take your advice to heart.
I will follow your advice concerning IE and other security issues. I'm not sure why, but most people I know seem to think that Mozilla is less intrusive - or more safe - and I wonder why your security advice mostly pertains to IE.
If you think that IE, with the adjustments / settings that you recommend is important for safe web surfing, I will probably follow your advice. I'm just curious if you think Mozilla is less secure than IE.
Anyway, thanks again - so much for your help. I hope we won't need to be communicating again.:crowned:

jeffce
2011-12-28, 20:02
Hi irving52,


I'm just curious if you think Mozilla is less secure than IE.No I don't think that. I use Firefox all the time. :) I make a point to make sure people have their IE as secure as we can make it because that is the browser that Windows uses to update its software. I am going to; however, add a Mozilla section into my final response for people that use Firefox as well. :bigthumb:

irving52
2011-12-28, 23:00
Thanks. I would say my problem is officially resolved. I am studying your advice on firewalls and other ways to protect my computer. Is Tea Timer something to look at?
Thanks for your time and I appreciate you helping me and others.

jeffce
2011-12-29, 07:30
Is Tea Timer something to look at?this is part of spybot s/d and I do recommend using it. :)


Thanks for your time and I appreciate you helping me and others.The pleasure is mine.


Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you are the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.