# 'Program name.exe Bad Image' Error



## Rozzy (Dec 1, 2009)

Hello - I would appreciate your help. Every time I open a program I keep getting an error message 'program name.exe Bad Image' - once I click on it the program opens and works fine. Here is an acutal error message:

"WINWORD.exe Bad Image This application or DLL c:\windows\system32\sejutedi.dll is not a valid Windows image. Please check this against your installation diskette" 

Every time I restart my computer I must click all the pop ups as well.

I've run the following scans - Windows: Defender, Live OneCare Safety, Malicious Software Removal Tool, Essentials Tool, and downloaded SP2 and SP3. Also ran SuperAntiSpyware and Malwarebytes and downloaded HijackThis.

After reading some solutions from your website I rand Secunia OSI and PSI - updated all applications on my computer. Also noticed that some used 'ComboFix' that solved this problem for someone else.

Is this some type of trojan virus?

My system is Windows XP, SP3, Home edition, Dell 2400, IE6

Please, please help - I do not what else to do! Warmest regards, Rozzy

Here's my HijackThis Report:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:45:48 PM, on 12/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [LexWebUpdate] C:\Program Files\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:ENGLISH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - http://www5.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - https://www2.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - AppInit_DLLs: c:\windows\system32\sejutedi.dll,C:\WINDOWS\system32\gafafomu.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 10283 bytes


----------



## eddie5659 (Mar 19, 2001)

Hiya

Are you still having this problem? If so, is it related to this:

http://forums.techguy.org/general-security/882384-error-loading-but-app-been.html

If so, can you do the following:

Download GMER from *Here*. Note the file's name and save it to your root folder, such as C:\.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on *this link* to see a list of programs that should be disabled.
Double-click on *the downloaded file* to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "*No*", save the log and post back the results.
If not prompted, click the "*Rootkit/Malware*" tab.
On the right-side, all items to be scanned should be checked by default _except_ for "Show All". Leave that box *unchecked*.
Select all drives that are connected to your system to be scanned.
Click the *Scan* button to begin. _(Please be patient as it can take some time to complete)_
When the scan is finished, click *Save* to save the scan results to your Desktop.
Save the file as *Results.log* and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Please include the *Results.log and a fresh HijackThis log *in your next reply

Regards

eddie


----------



## Rozzy (Dec 1, 2009)

Hi, I am still having the 'bad image' error message. The other error message has been resolved - http://forums.techguy.org/general-se...-app-been.html

Do your instructions pertain to the 'bad image' error message?


----------



## eddie5659 (Mar 19, 2001)

The file c:\windows\system32\sejutedi.dll is considered not to be good, so the first program I posted is checking for RootKits.

I tend to reply with a basic reply to start with, as most threads I pick are a week old, and some (80%) don't reply at all to mine.

If you run that program first, that will tell if anything is hidden. Also, as its been a week, a fresh HijackThis log is needed, as things may have changed 

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Microsoft called me today this is what they did and the popups stopped (see below checklist). Is it possible that additional viruses could be hidden? If so, should I follow the steps you recommended?

Action: run process explorer
Result: no malicious process

Action: run autoruns
Result: deleted
-- c:\windows\system32\sejutedi.dll c:\windows\system32\sejutedi.dll

Action: checked system32
Result: deleted sejutedi.dll

Action: checked windows
Result: no malilcious files

Action: checked application data
Result: no malicious files

Action: checked drivers
Result: no malilcious files

Action: restarted the computer
Result: no more popups

ACTION : trying to use the computer
RESULT : getting bad image error when opening applications
CAUSE : spyware
RESOLUTION : manual removal


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's my new Hijackthis log. Also, I've been told that I should choose between my Verizon Security Suite and Microsoft Essentials Security Package - should not have two running.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:05 PM, on 12/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - (no file)
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [LexWebUpdate] C:\Program Files\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:ENGLISH
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Nikon Monitor.lnk = ?
O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - http://www5.snapfish.com/SnapfishOutlookImport.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - 
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - https://www2.gotomeeting.com/default/applets/g2mdlax.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
--
End of file - 9783 bytes


----------



## eddie5659 (Mar 19, 2001)

That was the file, so lets just scan with OTL to see if its all clear:


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's tPart 1 of the OTL.Txt Log

OTL logfile created on: 12/11/2009 3:34:39 PM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 38.26% Memory free
1.30 Gb Paging File | 0.53 Gb Available in Paging File | 41.14% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 45.75 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSALINEMYERS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaMonitor.exe (Sana Security)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe (Sana Security)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
SRV - (RP_FWS) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe (Sana Security)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (Sana Security, Inc. )
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (RPPKT) Radialpoint Filter (x86) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys (Radialpoint, Inc.)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SABProcEnum) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
DRV - (BrSerWDM) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrParWdm) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

[2008/09/15 18:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\56sxoj5f.default\extensions
[2009/12/01 20:30:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2004/05/07 15:31:40 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\components\MSVCR71.DLL
[2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: (1080 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - No CLSID value found.
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [LexWebUpdate] File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [OurPictures] C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www5.snapfish.com/SnapfishOutlookImport.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Value error. (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/07 19:23:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/27 11:47:06 | 00,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/11 15:32:51 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/10 13:04:55 | 00,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2009/12/10 13:01:17 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/12/10 12:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2009/12/10 12:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/12/08 14:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/08 09:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/12/02 19:11:09 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL Log.exe
[2009/12/02 18:45:42 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC Temp File Cleaner.exe
[2009/12/01 22:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2009/12/01 22:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
[2009/12/01 22:50:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2009/12/01 22:50:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/12/01 21:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\nos
[2009/12/01 21:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2009/12/01 20:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
[2009/12/01 20:16:49 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/01 20:16:48 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/01 20:16:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/01 20:16:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/01 20:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/12/01 20:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
[2009/12/01 20:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/12/01 20:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/12/01 20:02:12 | 32,441,648 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Owner\Desktop\QuickTimeInstaller.exe
[2009/12/01 16:54:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/01 16:53:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/01 16:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/01 01:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/11/30 20:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
[2009/11/30 20:34:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
[2009/11/30 12:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
[2009/11/30 00:10:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/29 19:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2009/11/29 14:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2009/11/28 19:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Intuit
[2009/11/27 14:54:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2009/11/27 04:02:07 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2009/11/27 03:19:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2009/11/27 03:19:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2009/11/27 03:19:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2009/11/27 02:54:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
[2009/11/27 02:13:43 | 16,835,104 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-client-enu.exe
[2009/11/27 02:11:00 | 60,338,208 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-fullfile-enu.exe
[2009/05/06 16:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/04/03 03:45:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/08 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/07 19:30:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/07 19:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's Part 2 of the OTL.Txt Log

========== Files - Modified Within 30 Days ==========

[2009/12/11 15:32:51 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2009/12/11 15:31:57 | 01,486,112 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2009/12/11 15:31:38 | 99,181,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2009/12/10 14:17:24 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2009/12/10 13:25:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/10 13:20:02 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2009/12/10 13:19:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/10 13:19:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/10 13:18:49 | 00,141,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2009/12/10 13:18:48 | 01,306,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2009/12/10 13:18:23 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2009/12/10 13:18:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2009/12/10 13:04:55 | 00,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2009/12/10 12:36:00 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/10 12:35:59 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/10 12:35:59 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/10 03:07:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/12/08 14:31:43 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/08 09:43:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/06 20:19:02 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
[2009/12/05 05:55:00 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Printer Software Update.job
[2009/12/04 19:35:56 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Access - passwords 8-09.doc
[2009/12/02 19:11:18 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL Log.exe
[2009/12/02 18:45:48 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC Temp File Cleaner.exe
[2009/12/02 05:56:31 | 00,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
[2009/12/01 22:56:45 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/12/01 22:55:13 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/01 20:35:50 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/12/01 20:16:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/12/01 20:16:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/12/01 20:16:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/12/01 20:16:05 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/12/01 20:16:04 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/12/01 20:02:36 | 32,441,648 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Owner\Desktop\QuickTimeInstaller.exe
[2009/12/01 20:01:45 | 33,281,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AdbeRdrUpd817_all_incr.msp
[2009/12/01 17:59:06 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wording for Skills Resume.doc
[2009/12/01 16:54:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 19:58:46 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwareBot.lnk
[2009/11/30 19:38:01 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2009/11/30 00:10:19 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 19:36:18 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/11/29 19:35:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/29 14:56:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/28 19:09:13 | 00,075,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/11/28 19:06:17 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/11/28 18:55:48 | 00,000,091 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/11/27 15:17:35 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2009/11/27 02:51:53 | 00,250,048 | RHS- | M] () -- C:\ntldr
[2009/11/27 02:13:51 | 16,835,104 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-client-enu.exe
[2009/11/27 02:11:16 | 60,338,208 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-fullfile-enu.exe
[2009/11/26 03:22:12 | 00,000,304 | RHS- | M] () -- C:\boot.ini
[2009/11/25 14:25:10 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Loretta Lillian Pollard - surgery & cancer.doc
[2009/11/17 21:36:26 | 00,009,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Convert MM Table_A4-quer.pdf
[2009/11/12 20:25:36 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/11/12 03:07:53 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vasupopa
[2009/12/10 13:25:15 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/08 14:31:42 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2009/12/01 22:56:45 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
[2009/12/01 22:55:12 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/12/01 20:35:50 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
[2009/12/01 20:04:52 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/12/01 20:01:24 | 33,281,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AdbeRdrUpd817_all_incr.msp
[2009/12/01 16:54:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/11/30 19:58:46 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwareBot.lnk
[2009/11/30 00:10:19 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
[2009/11/29 19:36:18 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2009/11/29 14:56:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2009/11/18 14:27:01 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Loretta Lillian Pollard - surgery & cancer.doc
[2009/11/17 21:36:26 | 00,009,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Convert MM Table_A4-quer.pdf
[2009/09/19 17:53:19 | 00,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/19 17:53:18 | 00,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/19 16:59:26 | 00,000,647 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2009/09/19 16:59:22 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/19 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/19 16:59:07 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/09/19 16:56:51 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/06/23 11:29:38 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 11:11:05 | 00,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2009/03/30 08:39:37 | 03,336,230 | -HS- | C] () -- C:\WINDOWS\System32\isitiraj.ini
[2009/03/29 20:38:51 | 03,314,383 | -HS- | C] () -- C:\WINDOWS\System32\igurohib.ini
[2009/03/29 08:39:14 | 03,314,383 | -HS- | C] () -- C:\WINDOWS\System32\amevamey.ini
[2009/03/28 20:38:09 | 03,314,382 | -HS- | C] () -- C:\WINDOWS\System32\atetadaf.ini
[2009/03/28 08:37:47 | 03,314,364 | -HS- | C] () -- C:\WINDOWS\System32\egumajeb.ini
[2009/03/27 20:37:34 | 03,314,392 | -HS- | C] () -- C:\WINDOWS\System32\osetihun.ini
[2009/03/27 08:37:19 | 03,313,656 | -HS- | C] () -- C:\WINDOWS\System32\omunajid.ini
[2009/03/26 20:37:25 | 03,313,458 | -HS- | C] () -- C:\WINDOWS\System32\emunijuh.ini
[2009/03/26 08:37:43 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\ivabevar.ini
[2009/03/25 15:19:00 | 03,313,421 | -HS- | C] () -- C:\WINDOWS\System32\efuweton.ini
[2009/03/25 03:18:34 | 03,311,444 | -HS- | C] () -- C:\WINDOWS\System32\akukebor.ini
[2009/03/24 15:19:18 | 03,318,186 | -HS- | C] () -- C:\WINDOWS\System32\elepunak.ini
[2009/03/24 03:19:11 | 01,401,332 | -HS- | C] () -- C:\WINDOWS\System32\agesewan.ini
[2009/03/23 15:18:00 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\ugodohum.ini
[2009/03/23 03:17:40 | 01,410,297 | -HS- | C] () -- C:\WINDOWS\System32\enekitil.ini
[2009/03/22 15:17:37 | 01,791,160 | -HS- | C] () -- C:\WINDOWS\System32\afuyejim.ini
[2009/03/22 03:17:19 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\olunutat.ini
[2009/03/21 03:17:00 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\evivifum.ini
[2009/03/20 15:17:17 | 01,791,156 | -HS- | C] () -- C:\WINDOWS\System32\eyebuzaw.ini
[2008/10/14 15:09:12 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/04/27 15:50:44 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/04/27 15:44:40 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ambience
[2008/04/27 15:44:40 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\AccountTypes
[2008/04/27 15:44:40 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/04/27 15:13:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2008/04/27 15:13:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Action Clauses
[2008/04/27 15:13:59 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/03/08 17:00:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LexFV.ini
[2008/03/08 16:59:22 | 00,000,556 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2008/03/08 11:10:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/04 13:48:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\OPShDwn.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/08/06 00:00:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== Files - Unicode (All) ==========
[2009/06/09 10:51:54 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/09 10:51:54 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B992F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB
< End of report >


----------



## Rozzy (Dec 1, 2009)

HI Eddie,

Here's the Extra.Txt OTL Log...
OTL Extras logfile created on: 12/11/2009 3:34:39 PM - Run 1
OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 38.26% Memory free
1.30 Gb Paging File | 0.53 Gb Available in Paging File | 41.14% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 45.75 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSALINEMYERS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" = C:\Program Files\Raxco\PerfectDisk\PDAgent.exe:*:EnabledDAgent -- File not found
"C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" = C:\Program Files\Raxco\PerfectDisk\PDEngine.exe:*:EnabledDEngine -- File not found
"C:\Program Files\Windows Defender\MsMpEng.exe" = C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng -- File not found
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
"{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
"{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
"{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3C7B1086-F873-4826-91A5-195CB5364C5B}" = RPS PerfectDiskStub
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
"{44850125-B5A7-420F-BF19-FFF249F95896}" = RPS Firewall
"{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
"{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
"{4CB90CB9-DD58-4CCC-A053-08FA70A42941}" = Verizon Internet Security Suite
"{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5DE3D989-A820-4247-8963-9287C28B3613}" = RPS Ksdk
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{61D85BCA-6150-4A90-938B-D426BF166777}" = RPS ParentalControl
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
"{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96E3EC-FADB-4C6C-86E1-022269B39939}" = My Property Pro
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A486CFF9-A3E6-4312-A1B9-ABD28F9FC255}" = RPS PopupBlocker
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{C03B8026-694C-4326-88A8-1387097B50E8}" = RPS RpsCore
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD55BC4A-C299-4632-91A9-88705157EAC2}" = RitzPix E-Z Print & Share
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
"{D55DA406-3031-42AB-B7C4-2183C00803F3}" = RPS SafeConnect
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F573B950-CC14-4E55-8F29-F054485E11AA}" = RPS Diagnostic Utility
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"{FFE078E6-0288-4405-B26D-05D38F20295E}" = RPS Burn
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"FontVision" = FontVision
"Glary Utilities_is1" = Glary Utilities 2.11.0.638
"HijackThis" = HijackThis 2.0.2
"InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
"InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"MSPUB4" = Microsoft Publisher 97
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
"Secunia PSI" = Secunia PSI
"Verizon Help and Support" = Verizon Help and Support Tool
"Verizon Online DSL_is1" = Verizon Online DSL
"vol_toolbar" = Verizon Broadband Toolbar
"WIC" = Windows Imaging Component
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows XP Service Pack" = Windows XP Service Pack 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/1/2009 9:12:13 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/1/2009 9:47:34 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/2/2009 3:55:32 AM | Computer Name = ROSALINEMYERS | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/2/2009 9:50:40 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/4/2009 9:55:29 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/8/2009 4:55:40 PM | Computer Name = ROSALINEMYERS | Source = MPSampleSubmission | ID = 5000
Description =

Error - 12/8/2009 5:35:23 PM | Computer Name = ROSALINEMYERS | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2009 5:35:23 PM | Computer Name = ROSALINEMYERS | Source = Application Hang | ID = 1002
Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module 
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/8/2009 10:02:02 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 12/10/2009 10:09:29 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This operation returned because the timeout period expired.

[ System Events ]
Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:02:01 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:02:01 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:20:25 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 12/10/2009 2:20:50 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
StarOpen

< End of report >


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like there's still some infected files in there, so can you do this:

Download ComboFix from one of these locations:

*Link 2*
*Link 3*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

ComboFix is currently not available to be downloaded - as soon as it is available, I will follow your instructions. Here's the message on their site:

ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page. 
DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com! 
Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again. 
We will also announce when ComboFix is available on our Twitter and Facebook pages.


----------



## eddie5659 (Mar 19, 2001)

Yep, its been removed for the moment 

off to bed, but I can look at this first thing tomorrow night, as we will have to do things manually


----------



## eddie5659 (Mar 19, 2001)

Download the *HostsXpert 4.2 - Hosts File Manager*.

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

---------

Please download *VundoFix.exe* to your desktop

Double-click *VundoFix.exe* to run it.
Click the *Scan for Vundo* button.
Once it's done scanning, click the *Remove Vundo* button.
You will receive a prompt asking if you want to remove the files, click *YES*
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click *OK*.
Please post the contents of C:\*vundofix.txt* and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the *Scan for Vundo* button" when VundoFix appears upon rebooting.

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

This is a litter scary - I am a beginner and just have an out of the box Dell computer, if it has 'Custom Hosts' - I would not have a clue how to 'replace any of those entries.'

I am fine with downloading, saving files to c-drive and running them; not -- not good with troubleshooting.

Is there a way to know about 'Custom Hosts' before I start this step?

Rozzy


----------



## eddie5659 (Mar 19, 2001)

The reason for the Hosts file editing, is due to this:



> O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
> O1 - Hosts: 82.98.235.133 best-click-scanner.info
> O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
> O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
> ...


The IP address, 82.98.235.133 is in Belgium, but you're in the UK. Also, most of the websites above are actually links to bad sites. This may mean that clicking on a website that is safe may redirect you to a site that isn't, hence the infection. Removing those will help your system.

If Dell put them there, which I highly doubt, then they need to re-think their systems. Even microsoft.browser-security-center.com is a dodgy site.

As for the Custom Hosts, all that means is, if you manually edited them then you would have to re-do that. However, as you said that you don't know how, then its okay to remove them 

The other program, VundoFix, is because you have a Vundo infection. Normally ComboFix would do these, but as its down at the moment, we have to use other tools 

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Great...I will follow your instructions on Monday, 12/21. Have family emergency to attend too.

Thanks,
Roz


----------



## eddie5659 (Mar 19, 2001)

That's okay, family, friends and work take priority, so any time is fine


----------



## Rozzy (Dec 1, 2009)

Hello Eddie,

It's been a while and I would really appreciate it if you could continue to help me. Family emergency during the last 4 weeks - my sister-in-law died suddenly and my daughter-in-law had emergency open heart surgery. Things have settled down a bit and I'm needing to get this virus off my computer.

I can follow your last instruction and download HostsXpert 4.2 (They have a 4.3 out now) and VundoFix.exe. ComboFix is back up as well.

Would you like to review another OTL Log?

Thanks ever so much,
Roz
_*HAPPY NEW YEAR!*_


----------



## eddie5659 (Mar 19, 2001)

Sorry to hear about your loss, my condolences to you and your family 

Family comes before computers, so any time is okay with me.

As ComboFix is up and running, can you use that as follows, which will be a great start 

Download ComboFix from one of these locations:

*Link 1*
*Link 2*

** IMPORTANT !!! Save ComboFix.exe to your Desktop*


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

Double click on ComboFix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.








Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:










Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the *C:\ComboFix.txt* in your next reply.

eddie


----------



## Rozzy (Dec 1, 2009)

Hello Eddie,

I really hope you are still available to help me...so sorry for the delays. More family crisis and digging out of 3 snow storms ....WHEW! Thanks Eddie, Roz Myers

Below is my COMBOFIX Log:

ComboFix 10-02-11.04 - Owner 02/11/2010 21:25:54.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.618 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\afuyejim.ini
c:\windows\system32\agesewan.ini
c:\windows\system32\akukebor.ini
c:\windows\system32\amevamey.ini
c:\windows\system32\atetadaf.ini
c:\windows\system32\efuweton.ini
c:\windows\system32\egumajeb.ini
c:\windows\system32\elepunak.ini
c:\windows\system32\emunijuh.ini
c:\windows\system32\enekitil.ini
c:\windows\system32\evivifum.ini
c:\windows\system32\eyebuzaw.ini
c:\windows\system32\igurohib.ini
c:\windows\system32\isitiraj.ini
c:\windows\system32\ivabevar.ini
c:\windows\system32\olunutat.ini
c:\windows\system32\omunajid.ini
c:\windows\system32\osetihun.ini
c:\windows\system32\ugodohum.ini
.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-01-25 18:57 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-23 06:53 . 2010-01-23 06:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-23 06:44 . 2010-01-23 06:47 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-13 13:04 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 02:40 . 2008-12-12 21:34 1097718304 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-02-12 02:39 . 2008-12-12 21:34 1817376 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-11 19:25 . 2009-12-20 01:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-11 19:23 . 2009-08-17 00:40 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-11 19:21 . 2008-12-12 21:34 170888 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-11 19:21 . 2008-12-12 21:34 14497184 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-10 23:38 . 2008-04-27 20:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-01-19 00:16 . 2009-03-27 03:47 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-18 18:22 . 2008-04-27 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-18 00:30 . 2009-03-31 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 16:12 . 2009-10-03 02:57 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2003-07-16 20:51 667136 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2008-03-08 21:36 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-20 21:25 . 2008-11-21 19:31 -------- d-----w- c:\program files\Citrix
2009-12-20 01:12 . 2009-11-29 19:56 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 03:32 . 2008-03-09 02:16 -------- d-----w- c:\program files\Verizon
2009-12-16 18:43 . 2008-03-08 00:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2003-07-16 20:39 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 02:14 . 2009-12-02 02:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-02 01:16 . 2009-03-13 23:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 01:12 . 2009-12-02 01:12 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-29 00:09 . 2008-03-08 21:48 75920 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 08:30 . 2008-03-08 00:22 71627 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-11-21 15:51 . 2003-07-16 20:23 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2004-05-07 20:31 . 2009-11-30 17:48 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"OurPictures"="c:\program files\RitzPix E-Z Print & Share\OurPictures.exe" [2006-06-19 4796416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-20 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-27 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 3:58 PM 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 5:28 PM 4937752]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 5:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 5:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 5:28 PM 27376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/19/2009 4:56 PM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [9/19/2009 4:56 PM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [9/19/2009 4:56 PM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/19/2009 4:56 PM 60416]
S3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 3:58 PM 910600]
S3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 9:38 AM 170736]
.
Contents of the 'Scheduled Tasks' folder
2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-02-11 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-27 21:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www
.
- - - - ORPHANS REMOVED - - - -
BHO-{1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - (no file)

**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-11 21:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(896)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2010-02-11 21:44:39
ComboFix-quarantined-files.txt 2010-02-12 02:44
Pre-Run: 47,188,725,760 bytes free
Post-Run: 47,234,322,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect
- - End Of File - - 8211B2DB44D1E01A9D73BBB3BDF5CABE


----------



## eddie5659 (Mar 19, 2001)

That's fine, home life is more important 

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to your desktop ( click on the link underneath this post & if you are using internet explorer when the "File download" pop up comes press SAVE and choose desktop in the list of selections in that window & press save)










Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at *C:\ComboFix.txt* which I will require in your next reply.

----------------

Can you re-run OTL for me, to see what's happened, as its been a while. If you're not sure how, this is the link if you haven't got it anymore:


Download *OTL* to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath *Output* at the top change it to *Minimal Output*.
Under the *Standard Registry* box change it to *All*.
Check the boxes beside *LOP Check* and *Purity Check*.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. *OTListIt.Txt* and *Extras.Txt*. These are saved in the same location as OTL.
Please copy *(Edit->Select All, Edit->Copy)* the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.


-------------------

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Thanks. Below is the Pat 1 of the OTL Log. The system limit is 3K words had to create a part 1 and part 2. OTL.exe did not produce an Extras.Txt. I will now download CFScript.txt and follow your instructions:

OTL logfile created on: 2/13/2010 12:19:00 PM - Run 2
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 321.00 Mb Available Physical Memory | 31.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 56.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.86 Gb Free Space | 58.88% Space Free | Partition Type: NTFS
Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSALINEMYERS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe (Verizon)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Verizon\McciBrowser.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaMonitor.exe (Sana Security)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe (Sana Security)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
SRV - (RP_FWS) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe (Sana Security)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (Sana Security, Inc. )
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (RPPKT) Radialpoint Filter (x86) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys (Radialpoint, Inc.)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SABProcEnum) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
DRV - (BrSerWDM) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrParWdm) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/01 20:16:09 | 000,000,000 | ---D | M]

[2008/09/15 18:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\56sxoj5f.default\extensions
[2009/12/01 20:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/01 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2004/05/07 15:31:40 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\components\MSVCR71.DLL
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/12/01 20:16:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/01 20:10:24 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/01 20:10:24 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2009/03/30 12:44:42 | 000,001,080 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
O1 - Hosts: 82.98.235.133 best-click-scanner.info
O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
O1 - Hosts: 82.98.235.133 onlinenotifyq.net
O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OurPictures] C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www5.snapfish.com/SnapfishOutlookImport.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Value error. (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

_ End of Part 1 OTL Log _


----------



## Rozzy (Dec 1, 2009)

Hi Eddie - Below is Part 2 of the OTL Log - (Note: there was not an 019 section) - Roz

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/07 19:23:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/27 11:47:06 | 000,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/12 17:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCMM2010
[2010/02/12 16:53:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/02/12 16:52:04 | 009,758,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.4.exe
[2010/02/11 21:21:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/11 21:18:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/11 21:18:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/11 21:18:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/11 21:18:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/11 21:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/11 21:17:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 13:57:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/25 13:57:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/23 01:56:03 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/23 01:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/01/23 01:44:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/12/08 09:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/06 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/04/03 03:45:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/08 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/07 19:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/13 12:25:08 | 1185,262,880 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/13 12:16:32 | 001,831,200 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/13 12:15:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/13 12:07:06 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/02/12 17:13:11 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Email download issue 2-12-10 Task.doc
[2010/02/12 16:52:04 | 009,758,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.4.exe
[2010/02/11 22:03:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/02/11 22:03:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/11 22:03:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/11 22:02:29 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/11 22:02:25 | 000,172,664 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/11 22:02:24 | 014,723,696 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/11 22:01:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/11 21:40:28 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/11 21:21:17 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/02/11 21:14:24 | 003,856,004 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/11 14:23:32 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2010/02/11 03:26:06 | 003,440,128 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Birthday PHotos.doc
[2010/02/10 19:28:48 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Access 8-09.doc
[2010/02/10 18:42:30 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 18:38:30 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/10 03:19:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 09:43:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/01 13:54:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 17:50:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/23 01:55:11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/23 01:55:11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/23 01:54:13 | 000,000,642 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/23 01:44:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vasupopa
[2010/02/12 17:13:10 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Email download issue 2-12-10 Task.doc
[2010/02/11 21:21:16 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2010/02/11 21:21:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/11 21:18:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/11 21:18:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/11 21:18:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/11 21:18:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/11 21:18:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/11 21:14:23 | 003,856,004 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/11 14:23:32 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2010/02/11 03:26:04 | 003,440,128 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Birthday PHotos.doc
[2010/01/23 01:44:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/09/19 17:53:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/19 17:53:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/19 16:59:26 | 000,000,647 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2009/09/19 16:59:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/19 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/19 16:59:07 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/09/19 16:56:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/06/23 11:29:38 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 11:11:05 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/10/14 15:09:12 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/04/27 15:50:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/04/27 15:44:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ambience
[2008/04/27 15:44:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\AccountTypes
[2008/04/27 15:44:40 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/04/27 15:13:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2008/04/27 15:13:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Action Clauses
[2008/04/27 15:13:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/03/08 17:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LexFV.ini
[2008/03/08 16:59:22 | 000,000,556 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2008/03/08 11:10:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/04 13:48:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\OPShDwn.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/08/06 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== LOP Check ==========

[2009/12/10 12:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/05/06 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/04/27 15:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Pictures
[2009/04/02 18:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/04/27 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drum Kits
[2008/04/27 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/05/29 18:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/06/23 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/04/27 15:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/04/02 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/06 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/05/29 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/27 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/04/02 17:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2009/03/26 19:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/02/12 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\licenses
[2009/06/23 14:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies
[2009/06/23 13:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/04/01 07:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2009
[2010/02/12 17:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2010
[2009/12/01 01:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/08/16 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/05/28 17:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2009/11/30 12:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
[2008/04/01 22:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vol_toolbar
[2010/02/11 22:03:24 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/06/09 10:51:54 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/09 10:51:54 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B992F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB
< End of report >


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,
Below is the COMBOFIX Log - Roz

ComboFix 10-02-12.01 - Owner 02/13/2010 12:59:16.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.524 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: Verizon Internet Security Suite Firewall *disabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FILE ::
"c:\windows\system32\drivers\fidbox.dat"
"c:\windows\system32\drivers\fidbox2.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\fidbox.dat . . . . failed to delete
c:\windows\system32\drivers\fidbox2.dat . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2010-01-13 to 2010-02-13 )))))))))))))))))))))))))))))))
.
2010-02-13 18:31 . 2010-02-13 18:34 389152 ----a-w- c:\windows\system32\drivers\fidbox.dat
2010-02-13 18:31 . 2010-02-13 18:32 3616 ----a-w- c:\windows\system32\drivers\fidbox2.dat
2010-02-12 22:00 . 2010-02-12 22:00 -------- d-----w- c:\documents and settings\Owner\Application Data\PCMM2010
2010-01-23 06:53 . 2010-01-23 06:53 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-23 06:44 . 2010-01-23 06:47 -------- d-----w- c:\windows\system32\drivers\UMDF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-13 18:32 . 2009-12-20 01:12 52224 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-02-13 18:31 . 2009-08-17 00:40 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-02-13 18:30 . 2008-12-12 21:34 174800 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-02-13 18:30 . 2008-12-12 21:34 15909440 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-02-12 22:00 . 2009-04-01 12:22 -------- d-----w- c:\documents and settings\Owner\Application Data\licenses
2010-02-10 23:38 . 2008-04-27 20:13 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2010-01-19 00:16 . 2009-03-27 03:47 -------- d-----w- c:\program files\Windows Live Safety Center
2010-01-18 18:22 . 2008-04-27 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-18 00:30 . 2009-03-31 19:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-14 16:12 . 2009-10-03 02:57 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-31 16:50 . 2003-07-16 20:46 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:21 . 2003-07-16 20:51 667136 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:20 . 2008-03-08 21:36 81920 ------w- c:\windows\system32\ieencode.dll
2009-12-20 21:25 . 2008-11-21 19:31 -------- d-----w- c:\program files\Citrix
2009-12-20 01:12 . 2009-11-29 19:56 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-12-19 03:32 . 2008-03-09 02:16 -------- d-----w- c:\program files\Verizon
2009-12-16 18:43 . 2008-03-08 00:20 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2003-07-16 20:26 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2003-07-16 20:39 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2003-07-16 20:34 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-02 02:14 . 2009-12-02 02:14 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-12-02 01:16 . 2009-03-13 23:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-02 01:12 . 2009-12-02 01:12 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-29 00:09 . 2008-03-08 21:48 75920 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-27 17:11 . 2003-07-16 20:42 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2001-08-17 22:36 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2003-07-16 20:36 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2003-07-16 20:36 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2003-07-16 20:24 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2001-08-17 22:36 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2004-05-07 20:31 . 2009-11-30 17:48 348160 ----a-w- c:\program files\mozilla firefox\components\MSVCR71.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"OurPictures"="c:\program files\RitzPix E-Z Print & Share\OurPictures.exe" [2006-06-19 4796416]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-20 2002160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-03-10 1553920]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2003-10-02 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-10-02 118784]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2009-03-12 2303216]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-02 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-5-15 479232]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2008-10-30 282624]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2008-4-27 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/23/2009 8:43 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/23/2009 8:43 AM 74480]
R2 PD91Agent;PD91Agent;c:\program files\Raxco\PerfectDisk2008\PD91Agent.exe [9/22/2008 3:58 PM 693512]
R2 RadialpointSafeConnectAgent;Verizon Internet Security Suite SafeConnectAgent;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe [11/14/2008 5:28 PM 4937752]
R3 PD91Engine;PD91Engine;c:\program files\Raxco\PerfectDisk2008\PD91Engine.exe [9/22/2008 3:58 PM 910600]
R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [4/22/2009 9:38 AM 170736]
R3 RadialpointSafeConnectDriver;RadialpointSafeConnectDriver;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys [11/14/2008 5:28 PM 161304]
R3 RadialpointSafeConnectFilter;RadialpointSafeConnectFilter;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys [11/14/2008 5:28 PM 29720]
R3 RadialpointSafeConnectShim;RadialpointSafeConnectShim;c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys [11/14/2008 5:28 PM 27376]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/23/2009 8:43 AM 7408]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [9/19/2009 4:56 PM 2944]
S3 brparimg;Brother Multi Function Parallel Image driver;c:\windows\system32\drivers\BrParImg.sys [9/19/2009 4:56 PM 3168]
S3 BrParWdm;Brother WDM Parallel Driver;c:\windows\system32\drivers\BrParwdm.sys [9/19/2009 4:56 PM 39552]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [9/19/2009 4:56 PM 60416]
.
Contents of the 'Scheduled Tasks' folder
2010-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-02-13 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-03-27 21:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\oas.support
Trusted Zone: microsoft.com\support
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\www
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 13:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ... 
scanning hidden autostart entries ... 
scanning hidden files ... 
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1123561945-879983540-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(904)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'explorer.exe'(3784)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\program files\Verizon\Verizon Internet Security Suite\rps.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
c:\program files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe
.
**************************************************************************
.
Completion time: 2010-02-13 13:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-13 18:44
ComboFix2.txt 2010-02-12 02:44
Pre-Run: 47,071,580,160 bytes free
Post-Run: 47,123,955,712 bytes free
- - End Of File - - BDDD2A1DA3EDAFDB8579F012276A10FD


----------



## eddie5659 (Mar 19, 2001)

Download the *HostsXpert 4.3 - Hosts File Manager*.

Unzip HostsXpert 4.3 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.3 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

After doing that, can you post a fresh OTL log 

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's the new OTL Log - Part 1 of 2:

OTL logfile created on: 2/15/2010 2:29:49 PM - Run 3
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 405.00 Mb Available Physical Memory | 40.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 43.72 Gb Free Space | 58.69% Space Free | Partition Type: NTFS
Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ROSALINEMYERS
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe (Verizon)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaMonitor.exe (Sana Security)
PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe (Sana Security)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
PRC - C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
SRV - (RP_FWS) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe (Sana Security)
SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc. )
DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (Sana Security, Inc. )
DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFS.sys (Raxco Software, Inc.)
DRV - (RPPKT) Radialpoint Filter (x86) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys (Radialpoint, Inc.)
DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SABProcEnum) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
DRV - (BrSerWDM) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrParWdm) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/01 20:16:09 | 000,000,000 | ---D | M]

[2008/09/15 18:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\56sxoj5f.default\extensions
[2009/12/01 20:30:34 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/01 20:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2004/05/07 15:31:40 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\components\MSVCR71.DLL
[2008/06/18 01:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/12/01 20:16:07 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2007/03/22 18:23:30 | 000,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/12/01 20:10:23 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/12/01 20:10:24 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/12/01 20:10:24 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2007/03/09 18:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/02/15 14:28:28 | 000,000,698 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [OurPictures] C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Reg Error: Key error.)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www5.snapfish.com/SnapfishOutlookImport.cab (Reg Error: Key error.)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Value error. (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
_End of Part 1 of the OTL Log _


----------



## Rozzy (Dec 1, 2009)

Hi Eddie...here is part 2 of 2: (Note there is no 019) - thanks Roz

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/07 19:23:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/08/27 11:47:06 | 000,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/15 14:22:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HostsXpert
[2010/02/13 14:00:36 | 000,000,000 | ---D | C] -- C:\COMBOFIX
[2010/02/13 13:46:37 | 000,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2010/02/12 17:00:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PCMM2010
[2010/02/12 16:52:04 | 009,758,152 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.4.exe
[2010/02/11 21:21:03 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/02/11 21:18:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/02/11 21:18:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/02/11 21:18:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/02/11 21:18:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/02/11 21:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/02/11 21:17:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/01/25 13:57:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2010/01/25 13:57:13 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/01/23 01:56:03 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2010/01/23 01:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Connect 2
[2010/01/23 01:44:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\UMDF
[2009/12/08 09:43:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2009/05/06 16:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2009/04/03 03:45:36 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2008/03/08 16:48:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/03/07 19:30:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/15 14:35:38 | 112,394,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/15 14:28:28 | 000,000,698 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/02/15 14:22:30 | 000,018,976 | ---- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/15 14:14:13 | 000,353,485 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.zip
[2010/02/15 14:10:39 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
[2010/02/13 14:03:05 | 000,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2010/02/13 14:02:58 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/02/13 14:02:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/02/13 14:02:14 | 015,909,440 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
[2010/02/13 14:02:14 | 000,174,800 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
[2010/02/13 14:01:48 | 006,029,312 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
[2010/02/13 14:01:48 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2010/02/13 13:46:37 | 000,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
[2010/02/13 13:32:58 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/02/13 12:55:18 | 003,857,112 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/13 12:15:41 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2010/02/12 17:13:11 | 000,121,344 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Email download issue 2-12-10 Task.doc
[2010/02/12 16:52:04 | 009,758,152 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\windows-kb890830-v3.4.exe
[2010/02/11 21:21:17 | 000,000,374 | RHS- | M] () -- C:\boot.ini
[2010/02/11 14:23:32 | 000,000,020 | ---- | M] () -- C:\WINDOWS\System32\SYSTEM
[2010/02/11 03:26:06 | 003,440,128 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Birthday PHotos.doc
[2010/02/10 19:28:48 | 000,038,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Access 8-09.doc
[2010/02/10 18:42:30 | 000,009,216 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/10 18:38:30 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/02/10 03:19:22 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/02/09 09:43:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/01 13:54:37 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/01/27 17:50:00 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
[2010/01/23 01:55:11 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/01/23 01:55:11 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/01/23 01:54:13 | 000,000,642 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/01/23 01:44:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2099/01/01 12:00:00 | 000,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vasupopa
[2010/02/15 14:14:07 | 000,353,485 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HostsXpert.zip
[2010/02/13 13:31:44 | 112,132,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2010/02/13 13:31:44 | 000,018,976 | ---- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2010/02/12 17:13:10 | 000,121,344 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Email download issue 2-12-10 Task.doc
[2010/02/11 21:21:16 | 000,000,304 | ---- | C] () -- C:\Boot.bak
[2010/02/11 21:21:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/02/11 21:18:33 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/02/11 21:18:33 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/02/11 21:18:33 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/02/11 21:18:33 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/02/11 21:18:33 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/02/11 21:14:23 | 003,857,112 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2010/02/11 14:23:32 | 000,000,020 | ---- | C] () -- C:\WINDOWS\System32\SYSTEM
[2010/02/11 03:26:04 | 003,440,128 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Birthday PHotos.doc
[2010/01/23 01:44:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\UMDF\MsftWdf_user_01_00_00.Wdf
[2009/09/19 17:53:19 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2009/09/19 17:53:18 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2009/09/19 16:59:26 | 000,000,647 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2009/09/19 16:59:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/19 16:59:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2009/09/19 16:59:07 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
[2009/09/19 16:56:51 | 000,000,026 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2009/06/23 11:29:38 | 000,009,216 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/06 11:11:05 | 000,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2008/10/14 15:09:12 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
[2008/04/27 15:50:44 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2008/04/27 15:44:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ambience
[2008/04/27 15:44:40 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\AccountTypes
[2008/04/27 15:44:40 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
[2008/04/27 15:13:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
[2008/04/27 15:13:59 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Action Clauses
[2008/04/27 15:13:59 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2008/03/08 17:00:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\LexFV.ini
[2008/03/08 16:59:22 | 000,000,556 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2008/03/08 11:10:20 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/10/04 13:48:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\OPShDwn.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/08/06 00:00:00 | 000,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

========== LOP Check ==========

[2009/12/10 12:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/05/06 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/04/27 15:44:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Desktop Pictures
[2009/04/02 18:06:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2008/04/27 15:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Drum Kits
[2008/04/27 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2009/05/29 18:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/06/23 14:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2008/04/27 15:14:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2009/04/02 17:22:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/05/06 11:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 10
[2009/05/29 18:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/04/27 15:50:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2009/04/02 17:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\DriverCure
[2009/03/26 19:19:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GlarySoft
[2010/02/12 17:00:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\licenses
[2009/06/23 14:42:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\muvee Technologies
[2009/06/23 13:42:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nikon
[2009/04/01 07:22:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2009
[2010/02/12 17:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PCMM2010
[2009/12/01 01:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
[2009/08/16 19:47:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skinux
[2009/05/28 17:59:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SpinTop
[2009/11/30 12:47:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
[2008/04/01 22:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\vol_toolbar
[2010/02/13 14:03:05 | 000,000,312 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/06/09 10:51:54 | 000,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
[2009/06/09 10:51:54 | 000,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B992F
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB
< End of report >


----------



## eddie5659 (Mar 19, 2001)

Please run OTL.exe

Under the *Custom Scans/Fixes* box at the bottom, paste in the following


```
:Files
C:\WINDOWS\System32\&#14915;&#20572;&#28530;&#29287;&#28001;&#17952;&#27753;&#29541;&#22108;&#29285;&#31337;&#28271;&#22108;&#29285;&#31337;&#28271;&#18720;&#29806;&#29285;&#25966;&#8308;&#25939;&#30051;&#26994;&#31092;&#21280;&#26997;&#25972;&#21340;&#26209;&#17253;&#28271;&#25966;&#29795;&#17244;&#28271;&#26982;&#23655;&#22104;&#25961;&#11895;&#28515;&#26222;&#26473;
C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2
C:\Documents and Settings\All Users\Application Data\TEMP:036B992F
C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB
:Commands
[purity]
[emptytemp]
[Reboot]
```

Then click the *Run Fix* button at the top
Let the program run unhindered, reboot when it is done
It will produce a log for you on reboot, please post that log in your next reply.

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Needed another break to take care of family.

Completed the OTL, Custome Scans/Fixes - below is the re OTL Log from the reboot.

Thanks much,
Roz

All processes killed
========== FILES ==========
C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩 moved successfully.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2 not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:036B992F not found.
File\Folder C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Owner
->Temp folder emptied: 1159284 bytes
->Temporary Internet Files folder emptied: 237719161 bytes
->Java cache emptied: 47585860 bytes
->FireFox cache emptied: 2496044 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1165461 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 745770 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 278.00 mb

OTL by OldTimer - Version 3.1.28.0 log created on 03012010_205330
Files\Folders moved on Reboot...
C:\Documents and Settings\Owner\Local Settings\Temp\[email protected] moved successfully.
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\K1UZ05YJ\index[1].htm not found!
Registry entries deleted on Reboot...


----------



## eddie5659 (Mar 19, 2001)

That's okay, take as much time as you need. If this thread is closed (as it will after 45 days no replies), just send me a message 

Do you know what this folder is:

*C:\WINDOWS\System32\vasupopa*

If not, can you do the following:

Please download *SystemLook* from one of the links below and save it to your Desktop.
*Download Mirror #1
Download Mirror #2*

Double-click *SystemLook.exe* to run it.
Copy the content of the following codebox into the main textfield:

```
:dir
C:\WINDOWS\System32\vasupopa
```

Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
*Note:* The log can also be found at on your Desktop entitled *SystemLook.txt*


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's the results from the systemLook.ext scan - thanks, Roz

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:45 on 03/03/2010 by Owner (Administrator - Elevation successful)
========== dir ==========
C:\WINDOWS\System32\vasupopa - Unable to find folder.
-=End Of File=-


----------



## eddie5659 (Mar 19, 2001)

Looks clear on that part, so lets have a look at an online scan:

Using Internet Explorer or Firefox, visit *Kaspersky Online Scanner*

*1.* Click *Accept*, when prompted to download and install the program files and database of malware definitions.

*2.* To *optimize scanning time* and produce a more sensible report for review:

Close any open programs
Turn off the real time scanner of any existing antivirus program while performing the online scan. Click *HERE* to see how to disable the most common antivirus programs.
*3.* Click *Run* at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.

Once the update is complete, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
[*]Spyware, adware, dialers, and other riskware
[*]Archives
[*]E-mail databases

Click on *My Computer* under the green *Scan* bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do *NOT* be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click *View report...* at the bottom.
 Click the *Save report...* button.










 Change the *Files of type* dropdown box to *Text file (.txt)* and name the file *KasReport.txt* to save the file to your desktop so that you may post it in your next reply

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

I've tried and tried, but the *Kaspersky Online Scanner* will not work. I downloaded Java, made sure it was enabled as instructed on their website and rebooted. 
Your Java is Working
Your Java configuration is as follows:
Vendor: Sun Microsystems Inc.
Version: *Java 6 Update 18*
Operating System: *Windows XP 5.1*
Architecture: *x86* 
 
I turned off antivirus (Verizon), ensured that Microsoft Firewall was off as well. Cleared temp files and cookies and rebooted again. It still will not work. The 'accept' button remains grayed out. Here are the two messages I keep getting in 'red print'. 

*Attention!* Kaspersky Online Scanner 7.0 may fail to start if another anti-virus program is already installed and running on your computer. Please deactivate the anti-virus software installed on your computer prior to starting Kaspersky Online Scanner 7.0.

Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later.

Your thoughts, please
Rozzy

ps - I do have two anti-virus tools on my system, but they only scan when I download updates and click, Full Scan. Do I need to remove them from my computer (SuperAntispyware, Malwarebytes and Glary Utilities)?


----------



## eddie5659 (Mar 19, 2001)

For the SuperAntispyware and Malwarebytes, if you right-click on the icons and select Close (by the clock in the Taskbar), that should stop them.

Same with Glary Utilities, though not really heard of this one.

What it means, is that you don't have to uninstall the programs, just stop them from scanning whilst you're running the scan.

If you still have problems, try this one instead:

Please run a free online scan with the *ESET Online Scanner*
*Note*_: You will need to use Internet Explorer for this scan_
Tick the box next to *YES, I accept the Terms of Use*
Click *Start*
When asked, allow the ActiveX control to install
Click *Start*
Make sure that the options *Remove found threats* and the option *Scan unwanted applications* is checked
Click *Scan* (This scan can take several hours, so please be patient)
Once the scan is completed, you may close the window
Use *Notepad* to open the logfile located at C:\Program Files\EsetOnlineScanner\*log.txt*
Copy and paste that log as a reply to this topic

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

The ESET Online Scanner worked - founded 40 viruses. Whew! Here's the log. Roz

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=6.00.2900.5512 (xpsp.080413-2105)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=15641dc61a3fd146a6ca0ea1f639deca
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-08 01:40:46
# local_time=2010-03-07 08:40:46 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 7532224 7532224 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=68959
# found=40
# cleaned=40
# scan_time=4410
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A1A47246-1123-4B3C-9ED8-FDBBB12E3E7A} Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EDDAFCDB-5CB8-45E3-BED9-A21B881470A5} Win32/Qhost trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\afuyejim.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\agesewan.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\akukebor.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\amevamey.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\atetadaf.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\efuweton.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\egumajeb.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\elepunak.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\emunijuh.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\enekitil.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\evivifum.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\eyebuzaw.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\igurohib.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\isitiraj.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ivabevar.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\olunutat.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\omunajid.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\osetihun.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\ugodohum.ini.vir Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056653.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056654.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056655.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056656.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056657.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056658.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056659.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056660.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056661.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056662.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056663.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056664.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056665.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056666.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056667.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056668.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056669.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056670.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{2F83B0D8-3588-4212-A184-29C676ADED62}\RP797\A0056671.ini Win32/Adware.Virtumonde.NEO application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C


----------



## eddie5659 (Mar 19, 2001)

Excellent 

Okay, lets have a look at this little program, as I think we're getting close 

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie....attached is the RSReport. Roz


----------



## Rozzy (Dec 1, 2009)

Hi Eddie...I looked at the link of the scan at this URL: 
http://www.runscanner.net/report.aspx?report=dea3efb6-f3e7-4470-aad9-e12d0de03749
Roz


----------



## eddie5659 (Mar 19, 2001)

Is that the online checking of the log? I tend to do it myself, so I know nothing has been overlooked 

Looking in the log, do you know what this is:

*D:\openme.exe*

If not, we'll get that looked at.

Don't try and open it if you're not sure what it is, we'll get it looked at first.

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie - no, I do not know what this is - *D:\openme.exe. *Yes, this was the online checking of the log; of course, I did not have a clue what I was look at, just trying to look at and become familiar with what all of these logs look like as you continue to take me on this journey of clearing the 'bugs' out of my computer - I am ever so greatful!. Thanks, Roz


----------



## eddie5659 (Mar 19, 2001)

Sorry for the lateness, just started a second job, so doing 13 hours a day now, so playing catchup 

As for the looking at the logs yourself, that is a great idea 

I know that mostly, we come along, remove stuff, and you're all okay. But many are curious what was on there in the first place, and what the other files are (the legit ones). If anyone wants to know, I'll try and help them as much as I can.

Okay, lets remove that file:

First off, was there any CD in the drive when you ran RunScanner? Just want to make sure its not part of your game cd, and I ruin one.

Can you just make sure there is nothing in the drive, then re-run Runscanner as before and post the log again.

eddie


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

Here's the new RSReport. I did have a CD in the CD holder when I ran the last scan.

Thanks much,
Roz


----------



## eddie5659 (Mar 19, 2001)

That may be why. Also, no RSReport uploaded


----------



## Rozzy (Dec 1, 2009)

Hi Eddie,

OK, this is another try in uploading the RSReport. Not sure what step I missed the first time. Here it is the report and log.

Roz


----------



## eddie5659 (Mar 19, 2001)

Okay, looks like its the exact same file that is uploaded, as the scan time and date match eachother 

Can you delete the RunScanner program you have on your Desktop, along with the RSReport.run, RSReport.txt and runscanner.log and runscanner2.log.

Then, re-download and do the scan as follows again 

Please download *Runscanner* to your desktop and run it.

When the first page comes up select *Beginner Mode*
On the next page select *Save a binary .Run file (Recommended)* then click *Start full scan* at the top.
At this time Runscanner.exe may request *access to the Internet* through your firewall please allow it to do so, it will then run for two or three minutes.
On completion it will ask for a location to save the file and a name. It will do this for both the *.run file* and the *log file*
Call the .run file *"RSReport"* and save it to your desktop. You will see the *RSReport.run* file on your desktop. Rightclick on it and select *Send To* then select *Compressed (zipped) Folder * and upload that zip here. Click on the *Go Advanced* button for the uploading options at the bottom of this page (in the picture below  )











In there, at the bottom, click on the button *Manage Attachments* (in the picture below  .
A window will appear, and then Browse to *RSReport.zip* on your Desktop.
Click Upload, and when uploaded click *Close this Window*
Then, in the previous window, click on *Add Reply*










eddie


----------

