Results 1 to 10 of 10
  1. #1
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default I think that I've been HiJacked to distribute spam

    windows XP mediacenter 2005 1.5 gb 1 terrabite disk.
    Pentium 4 processor. Started accumulating error message from e-mail server [from postmaster@mail.hotmail.com - Delivery Status Notification (Failure)].
    Message:
    Dear friend:
    Long time no see.
    I find a very nice website recently, maybe you will like it.
    I bought some goods from them, good quality with good price.
    And the product can international warranty one year . Besides, the delivery cost is not very high.
    if you are interested, please visit: li-fan7.comI am sure it will satisfy your demand .
    Yours !

    {mail_from_name}
    I followed the directions. The following is the accumulated data:

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6422

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    4/22/2011 7:42:46 PM
    Anti-Malware-log-2011-04-22 (19-41-58).txt

    Scan type: Quick scan
    Objects scanned: 159927
    Time elapsed: 3 minute(s), 58 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 27

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Adware Professional (Rogue.AdwarePro) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adware Professional 5.0_is1 (Rogue.AdwarePro) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\adware professional (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup (Rogue.AdwarePro) -> No action taken.
    c:\documents and settings\all users\start menu\Programs\adware professional (Rogue.AdwarePro) -> No action taken.

    Files Infected:
    c:\documents and settings\Jackson\Desktop\adware professional.lnk (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\adware professional.exe (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadware4_062010.na (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadware4_080610.na (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\nutilities.dll (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\unins000.dat (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\unins000.exe (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(10-3-2011) time(11-29-28).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(11-2-2011) time(19-42-55).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(14-7-2010) time(18-7-7).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(14-9-2010) time(8-31-30).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(15-4-2011) time(13-59-37).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(18-11-2010) time(19-34-8).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(2-2-2011) time(10-25-27).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(21-10-2010) time(17-35-53).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(23-6-2010) time(11-42-37).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(28-2-2011) time(17-10-42).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(6-8-2010) time(16-32-34).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(6-8-2010) time(16-32-43).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\logs\date(7-9-2010) time(18-17-52).txt (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup\2,28,2011_17,10,27.zip (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup\4,15,2011_13,59,20.zip (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup\6,23,2010_11,41,55.zip (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup\7,14,2010_18,6,42.zip (Rogue.AdwarePro) -> No action taken.
    c:\program files\adware professional\noadwarebackup\9,14,2010_8,31,22.zip (Rogue.AdwarePro) -> No action taken.
    c:\documents and settings\all users\start menu\Programs\adware professional\adware professional .lnk (Rogue.AdwarePro) -> No action taken.
    c:\documents and settings\all users\start menu\Programs\adware professional\uninstall adware professional .lnk (Rogue.AdwarePro) -> No action taken.

    I have Adware Professional with Microsoft Security Essentials.

    The Hijack log follows:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 7:52:51 PM, on 4/22/2011
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17096)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\tinySpell\tinyspell.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = Internet Explorer downloads - Microsoft Windows
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (file missing)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: ALaunchCombo.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
    O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.symantec.com/tech...bs/tgctlsr.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1276811675312
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/actives.../as2stubie.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: SonicStageMonitoring - Sony Corporation - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe
    O23 - Service: Sony TV Tuner Controller - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe
    O23 - Service: Sony TV Tuner Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe
    O23 - Service: Sony TVTA Manager - Sony Corporation - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe
    O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
    O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
    O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
    O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
    O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
    O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe

    --
    End of file - 10879 bytes

    Any help would be appreciated. This is the third repetition of the error.

    johndgorman1

  2. #2
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello johndgorman1 and Welcome to the Help2Go Spyware Help Forum

    Sorry for the delay!!
    .


    My nick is Net_Surfer and I will be helping you with your malware issues, this may or may not solve other issues you may have with your machine.

    Please note that whatever repairs we make, are for fixing "your computer problems only" and by no means should be used on another computer.

    I would also like to inform you that most of us here at help2go support forums offer our expert assistance out of the goodness of our hearts. Please be courteous and appreciative for the assistance provided!


    Please be patient and I'd be grateful if you would note the following:

    The cleaning process is not instant. Combofix, OTL and hijackthis logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.

    1. Please Read All Instructions Carefully and perform the steps fully and in the order they are written.
    2. If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    3. Do not attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process.
    4. In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.
    5. Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.
    6. Please continue to review my answers until I tell you that your machine is clean and free of malware. (Absence of symptoms does not mean that everything is clear.
    Just because you can't see a problem doesn't mean it isn't there.

    If you can do these things, everything should go smoothly!

    OK..If you have a Vista computer ensure that you right click on the tools and run them as an Admin. IF XP double click on the program to run them.

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.
    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    If you can not download and run the following tools, then I would like for you to try another approach:

    If you have the use of another computer please either use a Flash Drive or a CD to download the following and transfer them for use on the infected machine.
    Be sure you put them on the desktop of the infected computer.


    Step 1.

    * exeHelper by Raktor.

    Please download: exeHelper to your desktop.
    Double-click on exeHelper.com to run the fix.
    A black window should pop up, press any key to close once the fix is completed.
    Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
    Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

    Step 2.

    You did not select the infected objects that malwarebytes found so they can be removed!!!

    We should Re-run MBAM like this:

    Let's get your MalwareBytes AntiMalware updated and run a final scan:

    Please update MBAM and run another scan:
    Start MBAM
    Click on the Update tab



    click Check for Updates



    If it says that MBAM needs to close to update it... let it close and then restart.
    Then click the Scan button.

    Don't forget:
    • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box and continue with the removal process.
    • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked, and click Remove Selected.
    • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
    • Copy and paste the contents of that report in your next reply and exit MBAM.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
    Post the report that comes up after the scan.


    Step 3.

    Download >> ToolBar S&D <-- here
    • Double-click ToolBar S&D.exe
    • Choose the language and hit Enter key, then choose Option 2 (Fix) and hit Enter key again.
    • Wait till the end of the scan

    Copy and paste the log which was created: (%SystemDrive%\TB.txt)

    Next...


    We will use ComboFix to install the Microsoft Recovery Console for windows XP

    - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat.

    Note: If you already have a copy of ComboFix on your system it is essential that you delete it before downloading this copy.

    Please visit this webpage for instructions if you have problems downloading and running ComboFix:
    >> A guide and tutorial on using ComboFix <<

    Please download Combofix from any of the links below and ensure that you save it to your desktop.
    Link 1
    Link 2


    To work properly, you must install ComboFix on the Desktop..
    • If you are using Firefox, make sure that your download settings are as follows:

      * Tools->Options->Main tab
      * Set to "Always ask me where to Save the files".
    • For Internet Explorer:
      o Choose to save, not open the file
      o When prompted - save the file to your desktop

    Run Combofix as follows:
    • Please, never rename Combofix unless instructed.
    • Please insert your flash drive and all usb-drives before running Combofix


    -----------------------------------------------------------
    1. Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    2. Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      -----------------------------------------------------------
    3. Close any open browsers.
    4. WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    5. Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    6. If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      -----------------------------------------------------------
    7. Double click on combofix.exe on your desktop & follow the prompts.
    8. **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
    9. If you receive a message that Combofix has detected the presence of rootkit activity and needs to reboot, kindly write down on paper the list of files present in the message before continuing, and post it in your next reply.
    10. Install the Recovery Console upon request.
      NOTE: If you have Windows XP: Combofix may ask you to install the Recovery Console, please allow it to do so.
    11. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    12. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


    When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review.

    A word of advise if you are a lurker:
    Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix.
    It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert.


    Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.
    Please read >> Combofix's Disclaimer. <<


    __________________________
    Important notes regarding ComboFix:

    ComboFix may reset a number of Internet Explorer's settings, including making it the default browser. This can easily be changed once we're finished.

    ComboFix also prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you, please let me know. This can be undone manually when we're finished. Read HERE for an article written by dvk01 on why we disable autoruns.

    Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.
    Do not run Combofix more than once.
    Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.
    The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
    Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Kind regards
    Net_Surfer


    ===========
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  3. #3
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default I've followed instructions to the best of my ability!

    Net_Surfer,

    I followed the instructions meticulously. The only problem that I encountered was with Combofix. I had shutdown microsoft's firewall and Security Essentials but when I tried to run Combofix It thought I was running Avira (which I use to have but was uninstalled). Combofix ran inspite of Avira and here are the following results:

    exehelperlog.txt -

    exeHelper by Raktor
    Build 20100414
    Run at 15:14:48 on 05/15/11
    Now searching...
    Checking for numerical processes...
    Checking for sysguard processes...
    Checking for bad processes...
    Checking for bad files...
    Checking for bad registry entries...
    Resetting filetype association for .exe
    Resetting filetype association for .com
    Resetting userinit and shell values...
    Resetting policies...
    --Finished--

    mbam-log-2011-05-15 (15-58-16).txt -

    Malwarebytes' Anti-Malware 1.50.1.1100
    Malwarebytes : Free anti-malware, anti-virus and spyware removal download

    Database version: 6585

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    5/15/2011 3:58:16 PM
    mbam-log-2011-05-15 (15-58-16).txt

    Scan type: Full scan (C:\|D:\|N:\|)
    Objects scanned: 229014
    Time elapsed: 30 minute(s), 28 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 2
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 4
    Files Infected: 30

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Adware Professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Adware Professional 5.0_is1 (Rogue.AdwarePro) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    c:\program files\adware professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Programs\adware professional (Rogue.AdwarePro) -> Quarantined and deleted successfully.

    Files Infected:
    c:\program files\adware professional\adware professional.exe (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\nutilities.dll (Rogue.Agent) -> Quarantined and deleted successfully.
    n:\my documents\microsoftsecurityessentials\quarantine\A0013654.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    n:\my documents\microsoftsecurityessentials\quarantine\adwareprofessional-full.exe (Rogue.Installer) -> Quarantined and deleted successfully.
    c:\documents and settings\Jackson\Desktop\adware professional.lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadware4_062010.na (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadware4_080610.na (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\unins000.dat (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\unins000.exe (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(10-3-2011) time(11-29-28).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(10-5-2011) time(20-17-12).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(11-2-2011) time(19-42-55).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(14-7-2010) time(18-7-7).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(14-9-2010) time(8-31-30).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(15-4-2011) time(13-59-37).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(18-11-2010) time(19-34-8).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(2-2-2011) time(10-25-27).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(21-10-2010) time(17-35-53).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(23-6-2010) time(11-42-37).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(28-2-2011) time(17-10-42).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(6-8-2010) time(16-32-34).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(6-8-2010) time(16-32-43).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\logs\date(7-9-2010) time(18-17-52).txt (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup\2,28,2011_17,10,27.zip (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup\4,15,2011_13,59,20.zip (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup\6,23,2010_11,41,55.zip (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup\7,14,2010_18,6,42.zip (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\program files\adware professional\noadwarebackup\9,14,2010_8,31,22.zip (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Programs\adware professional\adware professional .lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.
    c:\documents and settings\all users\start menu\Programs\adware professional\uninstall adware professional .lnk (Rogue.AdwarePro) -> Quarantined and deleted successfully.

    TB.txt -


    -----------\\ ToolBar S&D 1.2.9 XP/Vista

    Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) 4 CPU 3.20GHz )
    BIOS : BIOS Date: 10/01/04 13:06:46 Ver: 08.00.08
    USER : Jackson ( Administrator )
    BOOT : Normal boot
    Antivirus : Microsoft Security Essentials 2.1.6805.0 (Not Activated)
    A:\ (USB)
    C:\ (Local Disk) - NTFS - Total:25 Go (Free:8 Go)
    D:\ (Local Disk) - NTFS - Total:440 Go (Free:300 Go)
    F:\ (CD or DVD)
    G:\ (CD or DVD)
    H:\ (USB)
    I:\ (USB)
    J:\ (USB)
    N:\ (Local Disk) - NTFS - Total:365 Go (Free:335 Go)

    "C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
    Option : [2] ( Sun 05/15/2011|16:13 )

    -----------\\ Searching for Files - Folders ...


    -----------\\ Extensions

    (Jackson) - {20a82645-c095-46ed-80e3-08825760534b} => chrome_user


    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\WINDOWS\\system32\\blank.htm"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "First Home Page"="http://go.microsoft.com/fwlink/?LinkId=54843"
    "Start Page"="http://my.msn.com/"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68928"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=44406"
    "Url"="http://go.microsoft.com/fwlink/?LinkID=68929"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://www.msn.com/"


    --------------------\\ Searching for other infections


    No other infections found !


    1 - "C:\ToolBar SD\TB_1.txt" - Sun 05/15/2011|16:14 - Option : [2]

    -----------\\ Scan completed at 16:14:06.26

    ComboFix.txt -

    ComboFix 11-05-15.03 - Jackson 05/15/2011 16:39:31.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.958 [GMT -4:00]
    Running from: c:\documents and settings\Jackson\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
    AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Desktop\PC Fix 2011.lnk
    c:\documents and settings\All Users\Start Menu\Programs\PC Fix 2011 Registry Cleaner
    c:\documents and settings\All Users\Start Menu\Programs\PC Fix 2011 Registry Cleaner\PC Fix 2011.lnk
    c:\documents and settings\All Users\Start Menu\Programs\PC Fix 2011 Registry Cleaner\Uninstall PC Fix 2011.lnk
    c:\documents and settings\Jackson\Application Data\PCFix
    c:\documents and settings\Jackson\Application Data\PCFix\log.dat
    c:\program files\PCFix
    c:\program files\PCFix\AssistPCFix.exe
    c:\program files\PCFix\backup\20110415_1640.dat
    c:\program files\PCFix\backup\20110415_1655.dat
    c:\program files\PCFix\backup\20110415_1704.dat
    c:\program files\PCFix\backup\20110415_1714.dat
    c:\program files\PCFix\backup\20110417_2047.dat
    c:\program files\PCFix\Loading.gif
    c:\program files\PCFix\PCFix.exe
    c:\program files\PCFix\rebooter.exe
    c:\program files\PCFix\unins000.dat
    c:\program files\PCFix\unins000.exe
    c:\program files\PCFix\unins000.msg
    c:\program files\Search Toolbar
    c:\program files\Search Toolbar\icon.ico
    c:\program files\Search Toolbar\SearchToolbar.dll
    c:\program files\Search Toolbar\SearchToolbarUninstall.exe
    c:\program files\Search Toolbar\SearchToolbarUpdater.exe
    c:\windows\system32\Data
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-04-15 to 2011-05-15 )))))))))))))))))))))))))))))))
    .
    .
    2011-05-15 20:11 . 2011-05-15 20:14 -------- d-----w- C:\ToolBar SD
    2011-05-15 20:04 . 2011-05-15 20:04 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE8C067E-FA01-4CC5-8746-2BE9C201E7BD}\MpKsld3bae9f0.sys
    2011-05-15 04:34 . 2011-04-11 07:04 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE8C067E-FA01-4CC5-8746-2BE9C201E7BD}\mpengine.dll
    2011-05-02 19:17 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2011-05-02 19:17 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2011-05-02 19:17 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2011-05-02 19:17 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2011-05-02 19:17 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2011-05-02 19:17 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2011-05-02 19:17 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2011-05-02 19:17 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2011-04-22 23:32 . 2011-04-22 23:32 -------- d-----w- c:\documents and settings\Jackson\Application Data\Malwarebytes
    2011-04-22 23:32 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-04-22 23:32 . 2011-04-22 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2011-04-22 23:32 . 2011-04-25 23:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-04-22 23:32 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-04-22 21:51 . 2011-04-22 21:51 -------- d-----w- c:\documents and settings\Jackson\Application Data\SUPERAntiSpyware.com
    2011-04-22 21:51 . 2011-04-22 21:51 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
    2011-04-22 21:51 . 2011-04-22 21:51 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-04-22 20:36 . 2011-04-22 20:36 -------- d-----w- c:\program files\CCleaner
    2011-04-22 20:34 . 2011-04-22 20:34 -------- d-----w- c:\documents and settings\Jackson\Application Data\Javacool Software
    2011-04-21 21:18 . 2002-08-12 15:03 704512 ----a-w- c:\program files\Mozilla Firefox\plugins\NPSWF32.dll
    2011-04-21 21:18 . 2002-01-09 07:26 32768 ----a-w- c:\program files\Mozilla Firefox\plugins\np32dsw.dll
    2011-04-20 20:21 . 2005-08-25 22:19 115920 ----a-w- c:\windows\system32\MSINET.OCX
    2011-04-20 20:21 . 2011-04-20 20:21 -------- d-----w- c:\program files\EULAlyzer
    2011-04-15 21:24 . 2011-04-22 20:34 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2011-04-15 21:21 . 2011-04-15 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-15 20:43 . 2010-07-22 14:58 1409 ----a-w- c:\windows\QTFont.for
    2011-04-15 17:21 . 2011-04-15 17:21 388096 ----a-r- c:\documents and settings\Jackson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-04-11 07:04 . 2010-07-21 21:49 7071056 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2011-03-29 15:05 . 2010-06-23 23:16 398760 ----a-r- c:\windows\system32\cpnprt2.cid
    2011-03-17 22:29 . 2011-02-14 22:05 71072 ----a-w- c:\windows\CouponPrinter.ocx
    2011-03-07 05:33 . 2003-03-03 23:57 692736 ----a-w- c:\windows\system32\inetcomm.dll
    2011-03-04 06:45 . 2006-03-15 12:00 434176 ----a-w- c:\windows\system32\vbscript.dll
    2011-03-03 13:21 . 2006-03-15 12:00 1857920 ----a-w- c:\windows\system32\win32k.sys
    2011-02-17 19:00 . 2006-03-15 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
    2011-02-17 19:00 . 2006-03-15 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2011-02-17 19:00 . 2006-03-15 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
    2011-02-17 19:00 . 2006-03-15 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2011-02-17 13:18 . 2006-03-15 12:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-02-17 13:18 . 2006-03-15 12:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-02-17 12:32 . 2010-06-17 22:07 5120 ----a-w- c:\windows\system32\xpsp4res.dll
    2011-02-17 11:44 . 2006-03-15 12:00 389120 ----a-w- c:\windows\system32\html.iec
    2011-02-15 12:56 . 2006-03-15 12:00 290432 ----a-w- c:\windows\system32\atmfd.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "tinySpell"="c:\program files\tinySpell\tinyspell.exe" [2010-08-22 221184]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
    "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2003-12-04 77824]
    .
    c:\documents and settings\Jackson\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    .
    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\CalibAdobe Gamma Loader.exe [N/A]
    ALaunchCombo.exe [2003-7-11 53248]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
    Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-10-2 57344]
    Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
    2011-04-20 15:57 2423752 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
    "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "427:UDP"= 427:UDP:SLP_Port(427)
    .
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/22/2010 10:17 AM 28552]
    R0 SonyLSM;LED State Service;c:\windows\system32\drivers\SonyLSM.sys [12/3/2003 1:23 PM 4736]
    R1 MpKsld3bae9f0;MpKsld3bae9f0;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DE8C067E-FA01-4CC5-8746-2BE9C201E7BD}\MpKsld3bae9f0.sys [5/15/2011 4:04 PM 28752]
    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MPKSLD3BAE9F0
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    HPService REG_MULTI_SZ HPSLPSVC
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-05-15 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26]
    .
    .
    ------- Supplementary Scan -------
    .
    mWindow Title =
    FF - ProfilePath - c:\documents and settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\
    FF - prefs.js: browser.startup.homepage - hxxps://www.highmarkblueshield.com/chmptl/chm/jsp/Splash.do?site=pbs
    FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=ZUGO&form=ZGAADF&q=
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    - - - - ORPHANS REMOVED - - - -
    .
    MSConfigStartUp-PCFix - c:\program files\PCFix\PCFix.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2011-05-15 16:44
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10p_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(704)
    c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2011-05-15 16:45:40
    ComboFix-quarantined-files.txt 2011-05-15 20:45
    .
    Pre-Run: 8,520,884,224 bytes free
    Post-Run: 8,790,233,088 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    .
    - - End Of File - - 97D6AD181648B02CDC26910ECC077DD9

    Let me know If there's anything more I need to do.

    - johndgorman1

  4. #4
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again Johndgorman1

    ----------------------------^-------------------------------

    Before we begin, you should save these instructions in Notepad to your Desktop, or print them, for easy reference and to make sure you don't get lost.

    Make sure to work through the fixes in the exact order in which they are mentioned below and do not miss any steps out. If at any point you have questions, or are unsure of the instructions, do not hesitate to post here and ask for clarification before proceeding with the fixes.

    Please carefully follow the next set of steps:


    Let's continue cleaning and securing your computer.

    Step 1.
    Update Adobe Reader

    Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy
    • Go to Start > Control Panel > Add/Remove Programs (<<-- XP), Programs and Features if Vista/Win7.
    • Remove ALL instances of Adobe Reader
    • Re-boot your computer as required.
    • Once ALL versions of Adobe Reader have been uninstalled, visit: <<here>> and download the latest version of Adobe Reader.


    Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from >>here<< Foxit Reader has fewer add-ons therefore loads more quickly.

    NOTE: Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
    ============
    Step 2.

    • Download: >>> OTL by Old Timer <<< to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check
    .

    .

    • Now copy the lines below.

      netsvcs
      msconfig
      %SYSTEMDRIVE%\*.exe
      /md5start
      eventlog.dll
      scecli.dll
      netlogon.dll
      cngaudit.dll
      sceclt.dll
      ntelogon.dll
      logevent.dll
      iaStor.sys
      nvstor.sys
      atapi.sys
      IdeChnDr.sys
      viasraid.sys
      AGP440.sys
      vaxscsi.sys
      nvatabus.sys
      viamraid.sys
      nvata.sys
      nvgts.sys
      iastorv.sys
      ViPrt.sys
      eNetHook.dll
      ahcix86.sys
      KR10N.sys
      nvstor32.sys
      ahcix86s.sys
      nvrd32.sys
      symmpi.sys
      adp3132.sys
      /md5stop
      %systemroot%\*. /mp /s
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      CREATERESTOREPOINT


    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


      .
    • Click the Run Scan button.


    • Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply.

    =========

    Summary of the logs I will need in your next reply:
    • The TWO repot logs of OTL.

    How are things your end ?


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Again, Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day then I will close the topic.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  5. #5
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default

    Net_Surfer, before I begin I should add something else. When I ran ComboFix I believe that it didn't install recovery console. There was an installation failure which I forgot to mention. I'll wait 'till I hear form you again before I proceed.
    - johndgorman1

  6. #6
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default

    Net_Surfer,

    Installed the lattest version of Adobe Reader and ran OTL as directed. The following is the output by OTL:

    OTL.txt -

    OTL logfile created on: 5/20/2011 9:10:23 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jackson\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 25.00 Gb Total Space | 7.19 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
    Drive D: | 440.76 Gb Total Space | 306.07 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
    Drive N: | 365.75 Gb Total Space | 335.73 Gb Free Space | 91.79% Space Free | Partition Type: NTFS

    Computer Name: MEDIACENTER | User Name: Jackson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Jackson\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
    PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
    PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
    PRC - C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
    PRC - C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)
    PRC - C:\WINDOWS\system32\sol.exe (Microsoft Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Jackson\Desktop\OTL.exe (OldTimer Tools)
    MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
    MOD - C:\Program Files\tinySpell\tskh1920.dll (KEDMI Scientific Computing)


    ========== Win32 Services (SafeList) ==========

    SRV - (nosGetPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
    SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
    SRV - (VAIOMediaPlatform-VideoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-VideoServer-UPnP) VAIO Media Video Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-PhotoServer-UPnP) VAIO Media Photo Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-MusicServer-UPnP) VAIO Media Music Server (UPnP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-VideoServer-HTTP) VAIO Media Video Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-PhotoServer-HTTP) VAIO Media Photo Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-MusicServer-HTTP) VAIO Media Music Server (HTTP) -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-PhotoServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe (Sony Corporation)
    SRV - (VAIOMediaPlatform-MusicServer-AppServer) -- C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe (Sony Corporation)
    SRV - (SonicStageMonitoring) -- C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe (Sony Corporation)
    SRV - (Sony TVTA Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe (Sony Corporation)
    SRV - (Sony TV Tuner Controller) -- C:\Program Files\Sony\Sony TV Tuner Library\halsv.exe (Sony Corporation)
    SRV - (Sony TV Tuner Manager) -- C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe (Sony Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (MpKsl22cf1cee) -- File not found
    DRV - (MpKsl52673fb7) -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{482DB765-2BDD-4DC7-8BBB-F03C59DD7872}\MpKsl52673fb7.sys (Microsoft Corporation)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (pavboot) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
    DRV - (IrBus) -- C:\WINDOWS\system32\drivers\irbus.sys (Microsoft Corporation)
    DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
    DRV - (P17) -- C:\WINDOWS\system32\drivers\P17.sys (Creative Technology Ltd.)
    DRV - (nvport) -- C:\WINDOWS\system32\drivers\nvport.sys (NVIDIA Corporation.)
    DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)
    DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
    DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
    DRV - (PfModNT) -- C:\WINDOWS\system32\drivers\Pfmodnt.sys (Creative Technology Ltd.)
    DRV - (smrt) -- C:\WINDOWS\system32\drivers\smrt.sys (Sony Corporation)
    DRV - (SonyLSM) -- C:\WINDOWS\System32\Drivers\SonyLSM.sys (Sony Corporation)
    DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
    DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN.com

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Welcome to Windows Live
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.highmarkblueshield.com/chmptl/chm/jsp/Splash.do?site=pbs"
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=ZUGO&form=ZGAADF&q="

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/29 11:05:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/20 08:58:20 | 000,000,000 | ---D | M]

    [2011/01/06 14:03:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Extensions
    [2011/04/21 19:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions
    [2011/01/06 18:26:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/02/28 16:12:33 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com
    [2011/02/28 16:12:34 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\searchplugins\bing-zugo.xml
    [2011/04/21 19:18:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/04/14 14:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/22 12:01:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/07/27 09:45:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    [2011/03/17 18:29:27 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2011/02/02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2011/03/17 18:29:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2002/08/12 11:03:32 | 000,704,512 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll

    O1 HOSTS File: ([2011/05/15 16:43:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKCU..\Run: [tinySpell] C:\Program Files\tinySpell\tinyspell.exe (KEDMI Scientific Computing)
    O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager] C:\Program Files\NOS\bin\getPlusUninst_Adobe.exe (NOS Microsystems Ltd.)
    O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe (Adobe Systems, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ALaunchCombo.exe (Sony Electronics, Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\Jackson\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} https://h20364.www2.hp.com/CSMWeb/Cu...ataManager.CAB (Hewlett-Packard Online Support Services)
    O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/s...irector/sw.cab (Shockwave ActiveX Control)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Symantec Script Runner Class)
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/...ds/sysinfo.cab (SysData Class)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1276811675312 (WUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} http://acs.pandasoftware.com/actives.../as2stubie.cab (ActiveScan 2.0 Installer Class)
    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1280x1024.bmp
    O24 - Desktop BackupWallPaper: C:\WINDOWS\VAIO BrightColor Wallpaper TrueColor 1280x1024.bmp
    O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2003/12/03 14:32:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    MsConfig - StartUpReg: MSMSGS - hkey= - key= - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
    MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    MsConfig - State: "system.ini" - 0
    MsConfig - State: "win.ini" - 0
    MsConfig - State: "bootini" - 0
    MsConfig - State: "services" - 0
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT*
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/05/20 09:00:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jackson\Desktop\OTL.exe
    [2011/05/20 08:54:43 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
    [2011/05/20 08:54:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2011/05/16 19:51:13 | 001,895,344 | ---- | C] (WebSite-Watcher - Software to check websites for updates and changes (web page monitoring) ) -- N:\My Documents\AM-DeadLinkSetup.exe
    [2011/05/15 16:38:47 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2011/05/15 16:37:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2011/05/15 16:37:29 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2011/05/15 16:37:29 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2011/05/15 16:37:29 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2011/05/15 16:37:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2011/05/15 16:34:54 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/05/15 16:11:58 | 000,000,000 | ---D | C] -- C:\ToolBar SD
    [2011/05/02 15:17:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
    [2011/05/02 15:17:26 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
    [2011/05/02 15:17:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
    [2011/05/02 15:17:26 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
    [2011/05/02 15:17:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
    [2011/05/02 15:17:26 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
    [2011/05/02 15:17:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
    [2011/05/02 15:17:23 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
    [2011/04/22 19:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackson\Application Data\Malwarebytes
    [2011/04/22 19:32:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2011/04/22 19:32:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/04/22 19:32:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2011/04/22 19:32:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2011/04/22 19:32:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/04/22 19:29:46 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- N:\My Documents\Anti-MalwareSetup-1.50.1.1100.exe
    [2011/04/22 17:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackson\Application Data\SUPERAntiSpyware.com
    [2011/04/22 17:51:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    [2011/04/22 17:51:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
    [2011/04/22 17:51:25 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/04/22 17:48:42 | 010,953,096 | ---- | C] (SUPERAntiSpyware.com) -- N:\My Documents\SuperAntiSpywareSetup.exe
    [2011/04/22 16:50:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jackson\Recent
    [2011/04/22 16:36:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
    [2011/04/22 16:36:00 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/04/22 16:34:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jackson\Application Data\Javacool Software
    [2011/04/22 16:27:18 | 003,050,664 | ---- | C] (Piriform Ltd) -- N:\My Documents\CCleanerSetup305.exe
    [2011/04/21 15:34:46 | 000,235,168 | ---- | C] (Adobe Systems, Inc.) -- N:\My Documents\UninstalFflashPlayer.exe
    [2011/04/21 14:31:18 | 009,520,304 | ---- | C] (Adobe Systems Inc.) -- N:\My Documents\FullShockwaveInstaller.exe
    [2011/04/20 16:21:42 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSINET.OCX
    [2011/04/20 16:21:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EULAlyzer
    [2011/04/20 16:21:25 | 000,000,000 | ---D | C] -- C:\Program Files\EULAlyzer
    [2011/04/20 16:16:59 | 001,746,856 | ---- | C] (Javacool Software LLC ) -- N:\My Documents\eulalyzersetup20.exe
    [2003/12/03 13:23:31 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\A3d.dll
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/05/20 09:04:51 | 000,001,410 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\Windows Live Hotmail.url
    [2011/05/20 09:00:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jackson\Desktop\OTL.exe
    [2011/05/20 08:58:23 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
    [2011/05/20 08:58:23 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
    [2011/05/20 08:58:20 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/05/20 08:29:51 | 000,000,145 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\Lean Cuisine Delicious Rewards.url
    [2011/05/18 15:01:28 | 002,147,840 | ---- | M] () -- N:\My Documents\LighteningInAjar.pps
    [2011/05/17 13:22:50 | 000,004,224 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\VirusRemovalInstructions[2].rtf
    [2011/05/16 22:04:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2011/05/16 21:59:15 | 000,000,043 | ---- | M] () -- C:\active.dpt
    [2011/05/16 21:59:11 | 000,186,910 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
    [2011/05/16 21:59:04 | 000,012,620 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2011/05/16 21:59:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2011/05/16 21:58:58 | 1610,010,624 | -HS- | M] () -- C:\hiberfil.sys
    [2011/05/16 19:51:28 | 001,895,344 | ---- | M] (WebSite-Watcher - Software to check websites for updates and changes (web page monitoring) ) -- N:\My Documents\AM-DeadLinkSetup.exe
    [2011/05/15 16:43:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2011/05/15 16:21:33 | 004,348,896 | R--- | M] () -- C:\Documents and Settings\Jackson\Desktop\ComboFix.exe
    [2011/05/15 16:10:20 | 000,343,020 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\ToolBarSD.exe
    [2011/05/15 16:04:37 | 000,000,209 | -HS- | M] () -- C:\boot.ini
    [2011/05/15 15:12:47 | 000,294,400 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\exeHelper.com
    [2011/05/14 08:52:42 | 000,010,698 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\VirusRemovalInstructions.rtf
    [2011/05/11 12:22:44 | 000,000,204 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\STOUFFER'S® Dinner Club.url
    [2011/05/04 14:12:41 | 005,210,046 | ---- | M] () -- N:\My Documents\HBOmay11.pdf
    [2011/04/27 09:50:20 | 000,003,685 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\Weather Bethlehem, PA.url
    [2011/04/22 19:52:34 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\HiJackThis.lnk
    [2011/04/22 19:32:22 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/22 19:29:47 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- N:\My Documents\Anti-MalwareSetup-1.50.1.1100.exe
    [2011/04/22 17:51:29 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/22 17:48:48 | 010,953,096 | ---- | M] (SUPERAntiSpyware.com) -- N:\My Documents\SuperAntiSpywareSetup.exe
    [2011/04/22 16:36:01 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/04/22 16:27:34 | 003,050,664 | ---- | M] (Piriform Ltd) -- N:\My Documents\CCleanerSetup305.exe
    [2011/04/21 15:34:51 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- N:\My Documents\UninstalFflashPlayer.exe
    [2011/04/21 14:31:40 | 009,520,304 | ---- | M] (Adobe Systems Inc.) -- N:\My Documents\FullShockwaveInstaller.exe
    [2011/04/20 16:21:53 | 000,000,640 | ---- | M] () -- C:\Documents and Settings\Jackson\Desktop\EULAlyzer.lnk
    [2011/04/20 16:17:29 | 001,746,856 | ---- | M] (Javacool Software LLC ) -- N:\My Documents\eulalyzersetup20.exe
    [5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/05/20 08:58:20 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
    [2011/05/20 08:58:20 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
    [2011/05/19 09:38:42 | 000,000,145 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\Lean Cuisine Delicious Rewards.url
    [2011/05/18 14:43:06 | 002,147,840 | ---- | C] () -- N:\My Documents\LighteningInAjar.pps
    [2011/05/17 13:22:50 | 000,004,224 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\VirusRemovalInstructions[2].rtf
    [2011/05/15 16:38:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2011/05/15 16:37:29 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2011/05/15 16:37:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2011/05/15 16:37:29 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2011/05/15 16:37:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2011/05/15 16:37:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2011/05/15 16:21:08 | 004,348,896 | R--- | C] () -- C:\Documents and Settings\Jackson\Desktop\ComboFix.exe
    [2011/05/15 16:10:18 | 000,343,020 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\ToolBarSD.exe
    [2011/05/15 15:12:46 | 000,294,400 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\exeHelper.com
    [2011/05/14 08:52:42 | 000,010,698 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\VirusRemovalInstructions.rtf
    [2011/05/04 14:12:41 | 005,210,046 | ---- | C] () -- N:\My Documents\HBOmay11.pdf
    [2011/04/22 19:32:22 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/04/22 17:51:29 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2011/04/22 16:52:36 | 1610,010,624 | -HS- | C] () -- C:\hiberfil.sys
    [2011/04/22 16:36:01 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
    [2011/04/20 16:21:53 | 000,000,640 | ---- | C] () -- C:\Documents and Settings\Jackson\Desktop\EULAlyzer.lnk
    [2011/01/06 14:03:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
    [2010/09/14 17:29:47 | 000,118,873 | ---- | C] () -- C:\WINDOWS\hpoins30.dat
    [2010/09/14 17:29:47 | 000,000,449 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat
    [2010/09/13 13:55:51 | 000,062,540 | ---- | C] () -- C:\WINDOWS\hpqins01.dat.temp
    [2010/09/11 15:41:09 | 000,063,106 | ---- | C] () -- C:\WINDOWS\hpqins05.dat.temp
    [2010/09/11 15:39:40 | 000,062,540 | ---- | C] () -- C:\WINDOWS\hpqins01.dat
    [2010/07/24 11:37:24 | 000,023,112 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
    [2010/07/24 11:34:45 | 000,063,106 | ---- | C] () -- C:\WINDOWS\hpqins05.dat
    [2010/07/09 14:23:09 | 000,118,903 | ---- | C] () -- C:\WINDOWS\hpoins30.dat.temp
    [2010/07/09 14:23:09 | 000,000,449 | ---- | C] () -- C:\WINDOWS\hpomdl30.dat.temp
    [2010/06/22 10:01:00 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Jackson\Local Settings\Application Data\housecall.guid.cache
    [2010/06/22 09:46:50 | 000,000,050 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2010/06/17 15:29:01 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Jackson\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/06/17 15:29:01 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Jackson\Local Settings\Application Data\fusioncache.dat
    [2010/06/17 13:35:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2010/06/17 13:32:59 | 000,001,295 | ---- | C] () -- C:\WINDOWS\System32\Px.ini
    [2010/06/17 13:24:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
    [2010/06/17 13:24:49 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
    [2010/06/17 13:24:49 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
    [2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
    [2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
    [2008/05/16 14:01:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
    [2008/05/16 14:01:00 | 001,630,208 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
    [2008/05/16 14:01:00 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
    [2008/05/16 14:01:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
    [2008/05/16 14:01:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
    [2008/05/16 14:01:00 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
    [2008/05/16 14:01:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
    [2008/01/14 17:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
    [2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
    [2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
    [2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
    [2006/03/15 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
    [2006/03/15 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
    [2006/03/15 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
    [2006/03/15 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
    [2006/03/15 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
    [2006/03/15 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
    [2006/03/15 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
    [2006/03/15 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
    [2006/03/15 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
    [2005/08/26 15:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
    [2005/08/26 15:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
    [2005/08/26 15:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
    [2004/08/10 00:11:42 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2003/12/04 15:07:32 | 000,000,911 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2003/12/04 15:04:35 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
    [2003/12/04 15:03:13 | 000,262,416 | ---- | C] () -- C:\WINDOWS\System32\ASFV2.DLL
    [2003/12/04 15:02:21 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\TDI-SonyOMG.dll
    [2003/12/04 15:02:07 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
    [2003/12/04 15:00:59 | 000,009,192 | ---- | C] () -- C:\WINDOWS\mozver.dat
    [2003/12/04 14:16:12 | 000,526,184 | ---- | C] () -- C:\WINDOWS\q329692.exe
    [2003/12/04 14:12:38 | 000,236,392 | ---- | C] () -- C:\WINDOWS\q329112.exe
    [2003/12/03 16:09:53 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2003/12/03 14:51:43 | 000,042,897 | ---- | C] () -- C:\WINDOWS\System32\LudaP17.ini
    [2003/12/03 14:51:43 | 000,000,029 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2003/12/03 14:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
    [2003/12/03 14:30:07 | 000,023,680 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
    [2003/12/03 13:23:58 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
    [2003/12/03 13:23:56 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
    [2003/12/03 13:23:40 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
    [2003/12/03 13:23:32 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\P17.dll
    [2003/12/03 13:23:32 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\P17CPI.dll
    [2003/12/03 13:23:27 | 000,000,738 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2003/12/03 13:23:16 | 000,463,750 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
    [2003/12/03 13:23:16 | 000,079,102 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
    [2003/12/03 13:23:15 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
    [2003/12/03 06:27:12 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2003/12/03 06:26:41 | 000,256,656 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2003/07/23 12:53:30 | 000,373,967 | ---- | C] () -- C:\WINDOWS\ml-uninstall-v10.exe
    [2002/08/06 15:55:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\ml-WA3Shutdown.exe
    [2002/06/12 16:21:12 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\winchip.dll
    [2002/04/02 21:08:34 | 000,311,108 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
    [2002/04/02 21:08:32 | 000,036,868 | ---- | C] () -- C:\WINDOWS\ml-winamp-shutdown.exe

    ========== LOP Check ==========

    [2011/01/03 18:13:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2011/02/02 20:48:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RegWork
    [2011/04/22 16:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2011/02/06 12:56:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
    [2010/07/22 11:15:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\InterVideo
    [2011/04/22 16:34:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\Javacool Software
    [2010/11/11 12:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\licenses
    [2010/07/27 09:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\OpenOffice.org
    [2010/11/11 12:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\PCMM2009
    [2010/11/11 12:33:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\PCMM2010
    [2010/09/01 17:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\tinySpell
    [2011/03/01 15:34:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\TweakNow PowerPack 2011
    [2010/08/03 12:36:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\Ulead Systems
    [2010/12/06 12:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\Windows Desktop Search
    [2010/12/08 19:51:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jackson\Application Data\Windows Search
    [2011/05/16 22:04:34 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.exe >


    < MD5 for: AGP440.SYS >
    [2006/03/15 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
    [2010/06/22 15:57:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
    [2010/06/22 15:57:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
    [2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
    [2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

    < MD5 for: ATAPI.SYS >
    [2006/03/15 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
    [2010/06/22 15:57:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
    [2003/07/30 08:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
    [2010/06/22 15:57:43 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
    [2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
    [2006/03/15 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

    < MD5 for: EVENTLOG.DLL >
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
    [2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
    [2006/03/15 08:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

    < MD5 for: NETLOGON.DLL >
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
    [2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
    [2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
    [2006/03/15 08:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

    < MD5 for: SCECLI.DLL >
    [2006/03/15 08:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
    [2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

    < %systemroot%\*. /mp /s >

    < %systemroot%\system32\*.dll /lockedfiles >
    [2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
    [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\system32\drivers\*.sys /lockedfiles >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 148 bytes -> N:\My Documents\DTLite4356-0091.exe:SummaryInformation
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3

    < End of report >

    Extras.txt -

    OTL Extras logfile created on: 5/20/2011 9:10:23 AM - Run 1
    OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jackson\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
    3.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
    Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 25.00 Gb Total Space | 7.19 Gb Free Space | 28.75% Space Free | Partition Type: NTFS
    Drive D: | 440.76 Gb Total Space | 306.07 Gb Free Space | 69.44% Space Free | Partition Type: NTFS
    Drive N: | 365.75 Gb Total Space | 335.73 Gb Free Space | 91.79% Space Free | Partition Type: NTFS

    Computer Name: MEDIACENTER | User Name: Jackson | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
    "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "427:UDP" = 427:UDP:*:Enabled:SLP_Port(427)
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "G:\setup\HPZnui01.exe" = G:\setup\HPZnui01.exe:*:Enabled:hpznui01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\Smart Web Printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe
    "C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\support.com\client\bin\tgcmd.exe" = C:\Program Files\support.com\client\bin\tgcmd.exe:*:Enabled:tgcmd Module -- (Support.com, Inc.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
    "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
    "C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
    "C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe" = C:\Program Files\Common Files\HP\Digital Imaging\bin\hpqPhotoCrm.exe:*:Enabled:hpqphotocrm.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpsapp.exe:*:Enabled:hpqpsapp.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqpse.exe:*:Enabled:hpqpse.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqsudi.exe:*:Enabled:hpqsudi.exe -- (Hewlett-Packard Development Co. L.P.)
    "C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{055FEF8E-4B86-400F-A5C6-8FAC0042DCD9}" = NVIDIA PureVideo Decoder
    "{0BC1A5B2-79A1-4716-B3E5-4071E9AB6F43}" = HP Photosmart C4500 All-In-One Driver 12.0 Rel .4
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1EB317D8-8945-4FD6-B37F-DF470317C6AB}" = VAIO Media 2.6
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 24
    "{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
    "{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
    "{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
    "{3B24B725-D81F-442D-8CE5-2AF05A4A4CC9}" = Music Visualizer Library 1.4.00
    "{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
    "{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
    "{40D1BC4F-56CB-458E-BE8C-35A025CC52FB}" = Sony TV Tuner Library 1.0
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{48D0B1A3-11AC-4A87-AFB2-2002CCB88B34}" = PS_AIO_04_C4580_Software_Min
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4BE15737-07C5-4705-9DFC-D9D533939942}" = NVIDIA Media Center Extensions
    "{4D1D6640-CD43-4AD9-A52F-E48265DB28E0}" = VAIO BrightColor Wallpaper
    "{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "{5DF4AA9A-4F53-499C-977B-6CD216B574A5}" = Screenblast Sound Forge 1.1
    "{5FA1C51C-6E35-42C1-B2EC-DC9FA1E20694}" = OpenMG Secure Module 3.3.01
    "{612F4E20-3661-4D44-AD79-823F1B613FB3}" = HP Update
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{685BCC47-B8EC-45EC-BBCE-77DF2451502C}" = DVgate Plus
    "{6990A2BF-D1D2-11D3-81BC-00609789C908}" = Sony Video Shared Library
    "{7128C69B-8F7E-4336-8698-3FD3CDD955EC}" = VAIO Media Redistribution 2.6
    "{7148F0A8-6813-11D6-A77B-00B0D0142010}" = Java 2 Runtime Environment, SE v1.4.2_01
    "{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}" = SonicStage 1.6.00
    "{761C9026-14F0-4352-8658-934558272404}" = VAIO Edit Components
    "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
    "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
    "{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
    "{7A79D11B-FD82-4A5E-834F-20173515DD14}" = VAIO Media Integrated Server 2.6
    "{7B7D1750-582F-11D5-BEAF-0010B5557565}" = Ulead PhotoImpact 7
    "{7C2F71B2-6C73-11D6-B659-00C04F790F76}" = Click to DVD 1.3.01
    "{7F34A21F-2DEB-4598-BB19-611D6BD24271}" = Managed DirectX (0901)
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{87A9A9A9-FAB7-4224-9328-0FA2058C0FD5}" = Network
    "{88DA0A52-3372-4803-971A-ADFB961707E8}" = PictureGear Studio 2.0
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8D5AC6EF-B91C-4E03-99DE-C72536BB381F}" = TweakMCE
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD 5 for VAIO
    "{91A0C8FB-8152-450B-B27D-2DDCD81C9E46}" = Screenblast ACID 4.0
    "{93B80FB1-7A23-11D3-B250-00105A1F4184}" =
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9B953606-000E-491C-B74D-78ECFDD520A0}" = OpenMG Metadata Extractor for Windows Media Player
    "{9CCCFD9C-248F-47FE-9496-1680E3E5C163}" = Scan
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
    "{AC13BA3A-336B-45a4-B3FE-2D3058A7B533}" = Toolbox
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
    "{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{BF3B304B-8A18-452D-A19F-6012CA8418D7}" = SonicStage Mastering Studio 1.1
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD7D5804-C157-48A6-AEE0-4A40A4B5C054}" = VAIO System Information
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{CEB481CC-F57C-4397-81A0-DADD22257047}" = Sound Blaster Audigy LS
    "{D0448678-1203-4158-A58F-B3D0B616BF9E}" = Sony Certificate PCH
    "{DA7ECDA9-C6DD-4E4A-8EB8-9899E08C6740}" = SonicStage MP3 Add-on program
    "{DDC146FA-73E0-4FA1-A353-841EA14BF600}" = Drag'n Drop CD+DVD
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
    "{EE7EB179-5AA2-4B28-AC92-5CBAAF82BA7F}" = SonicStage Mastering Studio Plugins 1.0
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F8131A35-47FD-27AD-116D-0E79AF5DE5EE}" = Acrobat.com
    "{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "ActiveScan 2.0" = Panda ActiveScan 2.0
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
    "Adobe Premiere 6 LE" = Adobe Premiere 6 LE
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "Agere Systems Soft Modem" = Agere Systems AC'97 Modem
    "CCleaner" = CCleaner
    "CNXT_MODEM_PCI_VEN_8086&DEV_24D6&SUBSYS_8181104D" = SoftV92 Data Fax Modem
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
    "EULAlyzer_is1" = EULAlyzer 2.0
    "FLV Player" = FLV Player 2.0 (build 25)
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{315BA29D-2644-4760-B5FD-5AC04A52B8C5}" = VAIO Registration
    "InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
    "InstallShield_{E68B38DE-D7DD-4FB3-A453-3F03A947EA8E}" = VAIO Help and Support
    "InstallShield_{FA11D5B5-7D0A-43E8-88C4-960F97B194DE}" = VAIO Survey Standalone
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Client" = Microsoft Security Essentials
    "MoodLogic" = MoodLogic
    "Movielink eHome_is1" = Movielink eHome version 1.1
    "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "NVIDIA Drivers" = NVIDIA Drivers
    "PROSet" = Intel(R) PRO Network Adapters and Drivers
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealOne Player
    "Shockwave" = Shockwave
    "tinySpell_is1" = tinySpell 1.9.20
    "TweakNow PowerPack 2011_is1" = TweakNow PowerPack 2011
    "VAIO Support" = VAIO Support
    "ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
    "Welcome to VAIO life" = Welcome to VAIO life
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Adobe Connect Add-in" = Adobe Connect Add-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 5/10/2011 11:04:24 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1001
    Description = Fault bucket -1999627588.

    Error - 5/15/2011 4:38:48 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1000
    Description = Faulting application extract.cfxxe, version 0.0.0.0, faulting module
    crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

    Error - 5/15/2011 4:38:58 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1001
    Description = Fault bucket 1425821508.

    Error - 5/16/2011 6:29:40 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 9:59:47 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 9:59:56 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:01 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    [ Application Events ]
    Error - 5/10/2011 11:04:24 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1001
    Description = Fault bucket -1999627588.

    Error - 5/15/2011 4:38:48 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1000
    Description = Faulting application extract.cfxxe, version 0.0.0.0, faulting module
    crtdll.dll, version 4.0.1183.1, fault address 0x000115ce.

    Error - 5/15/2011 4:38:58 PM | Computer Name = MEDIACENTER | Source = Application Error | ID = 1001
    Description = Fault bucket 1425821508.

    Error - 5/16/2011 6:29:40 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 9:59:47 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 9:59:56 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:00 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    Error - 5/16/2011 10:00:01 PM | Computer Name = MEDIACENTER | Source = Media Center Scheduler | ID = 0
    Description =

    [ Media Center Events ]
    Error - 1/6/2011 1:55:21 PM | Computer Name = MEDIACENTER | Source = Recording | ID = 19
    Description = The recording schedule has been corrupted and was automatically deleted
    on 1/6/2011 12:55:21 PM. You may need to reschedule your recordings.

    [ System Events ]
    Error - 5/3/2011 11:58:54 AM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/3/2011 9:05:25 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/4/2011 4:40:04 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/10/2011 8:10:39 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/10/2011 11:04:30 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/10/2011 11:06:27 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/13/2011 4:02:04 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/15/2011 4:04:59 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/15/2011 4:55:24 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.

    Error - 5/16/2011 9:59:30 PM | Computer Name = MEDIACENTER | Source = Service Control Manager | ID = 7031
    Description = The Media Center Receiver Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    5000 milliseconds: Restart the service.


    < End of report >

    Please let me know if there's anything else that I should do.

    - johndgorman1

  7. #7
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again johndgorman1 and sorry for the delay

    Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

    Update Software Optional
    Code:
    Mozilla Firefox (3.6.13)
    Going over your logs I noticed that you are using an old version of Mozilla Firefox browser, You need to update to the latest version: 4.01

    Click on the help tab on top of your firefox page and select: "Check for Updates"

    Older versions contain holes that hackers can use to manipulate your machine.

    Please download the newest version of Adobe Acrobat Reader from >> Adobe.com <<

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Please carefully follow my next set of steps:


    Step 1.


    Let's fix some issues with OTL by doing the following:

    Double click on the Icon at your desktop to run it.
    (Vista users right click and run as an Admin.)
    Copy the lines in the codebox below. (make sure that :Otl is on the first line ) just highlight everything in the code box (starting with :Otl ) and copy and paste it into the 'Custom scan/fix' box on OTL.
    Code:
    :otl
    DRV - (MpKsl22cf1cee) -- File not found
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    [2011/02/28 16:12:33 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com
    [2011/02/28 16:12:34 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\searchplugins\bing-zugo.xml
    [2011/04/14 14:24:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/22 12:01:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2010/07/27 09:45:59 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - File not found
    O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - File not found
    O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - File not found
    O3 - HKCU\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} Java Plug-in Technology (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_24)
    @Alternate Data Stream - 148 bytes -> N:\My Documents\DTLite4356-0091.exe:SummaryInformation
    @Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3
    
    
    :Files
    ipconfig /flushdns /c
    %systemroot%\prefetch\*.*
    
    :commands
    [PURITY]
    [RESETHOSTS]
    [EMPTYTEMP]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [REBOOT]
    • Return to OTL,
    • right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste.


    • Click the red Run Fix button.

    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    • After the reboot, you may need to double click OTL to launch the program and retrieve the log.


    Copy and paste the contents of the OTL log that comes up after the fix in your next reply.

    if you lose the report, there will be a copy here:
    C:\_OTL\MovedFiles


    Step 2.

    Important Note: Older versions of Java have vulnerabilities that malicious sites can use to exploit and infect your system.

    Microsoft: ‘Unprecedented Wave of Java Exploitation’
    Drive-by Trojan preying on out-of-date Java installations
    Ghosts of Java Haunt Users

    Please follow these steps to remove older version Java components and update:

    Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
    Look for "Java Platform, Standard Edition".
    Click the "Download JRE" button to the right.
    Select your Platform: "Windows" (32-bit) or "Windows x64" (64-bit).
    Select your Language: "Multi-language".
    Read the License Agreement, and then check the box that says: "I agree to the Java SE...License Agreement".
    Click Continue and the page will refresh.
    Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
    Close any programs you may have running - especially your web browser.


    Go to Start > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.

    Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
    Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
    Reboot your computer once all Java components are removed.
    Then from your desktop double-click on jre-6u25-windows-i586.exe to install the newest version.
    If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
    When the Java Setup - Welcome window opens, click the Install > button.
    If offered to install a Toolbar, just uncheck the box before continuing unless you want it.


    -- Starting with Java 6u10, the uninstaller incorporated in each new release uses Enhanced Auto update to automatically remove the previous version when updating to a later update release. It will not remove older versions, so they will need to be removed manually.
    -- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.


    Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
    To disable the JQS service if you don't want to use it:

    Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
    Click Ok and reboot your computer.

    Step 3.

    Clear the Java cache:

    Go to Start -> Control Panel.
    In the Control Panel, double-click the Java icon.
    The Java Control Panel appears.
    Click Settings... under "Temporary Internet Files".
    The Temporary Files Settings dialog box appears.
    Click Delete Files...
    The Delete Temporary Files dialog box appears.
    Click OK on the Delete Temporary Files window.
    NOTE: This deletes all the Downloaded Applications and Applets from the cache!
    Click OK on the Temporary Files Settings window.
    Close the Java Control Panel.

    You can also view these instructions along with screenshots here.

    Step 4.


    * ESET Online Scan

    Sometimes malware that is removed from your computer leaves other traces behind. These traces may not be active, but they are unwanted on your computer.
    Therefore, by using ESET online scanner it is possible for us to find leftover or missed malware files on your computer and we can now further clean up your computer
    .

    You can use either Internet Explorer or Mozilla FireFox for this scan.
    NOTE:This scan requires Internet Explorer to work. Vista/Windows 7 users need to run Internet Explorer as Administrator.
    To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu
    .
    • Please go here then click on:
      Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
      All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.

    NOTE: A log.txt file will also be created and automatically saved in the C:\Program Files\EsetOnlineScanner\ folder.
    If you did not save the ESETScan log, click Start > Run..., then type or copy and paste everything inside the code box below into the Open dialogue box:

    Code:
    C:\Program Files\ESET\EsetOnlineScanner\log.txt
    • Click Ok and the scan results will open in Notepad.
    • Copy and paste the contents of log.txt in your next reply.


    In some instances if no malware is found there will be no log produced.

    Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
    ~~~~~~~~~~~~~

    Please DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean and free of malware!!!

    Summary of the logs I will need in your next reply:
    • The report log of OTL
    • The report log of Eset Online Scan.

    And a description of any remaining problems.

    How are things your end ???.


    Upon completing the above steps I will review your logs again and take the steps necessary with you to get your machine back in working order clean and free of malware.

    Kind regards
    Net_Surfer
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  8. #8
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default

    Net_Surfer,

    everything is complete. Are we finished? The requested reports follow:

    OTL LOG:

    All processes killed
    ========== OTL ==========
    Error: Unable to stop service MpKsl22cf1cee!
    Service\Driver key MpKsl22cf1cee not found.
    File File not found not found.
    Prefs.js: jqs@sun.com:1.0 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\defaults\preferences folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\defaults folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\components folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\chrome\skin folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\chrome\content folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com\chrome folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\extensions\searchtoolbar@zugo.com folder moved successfully.
    C:\Documents and Settings\Jackson\Application Data\Mozilla\Firefox\Profiles\fxqx8tbj.default\searchplugins\bing-zugo.xml moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome\content folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\chrome folder moved successfully.
    C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} folder moved successfully.
    C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
    C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
    C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0347C33E-8762-4905-BF09-768834316C61}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}\ deleted successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ deleted successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk moved successfully.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallVisualStyle deleted successfully.
    C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles moved successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\InstallTheme deleted successfully.
    C:\WINDOWS\Resources\Themes\Royale.Theme moved successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE87865-83C5-48c4-8357-2F5B1AA84522}\ deleted successfully.
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
    Unable to delete ADS N:\My Documents\DTLite4356-0091.exe:SummaryInformation .
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:84098FD3 deleted successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\Jackson\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\Jackson\Desktop\cmd.txt deleted successfully.
    C:\WINDOWS\prefetch\ADBERDR1001_EN_US.EXE-2B749823.pf moved successfully.
    C:\WINDOWS\prefetch\ADOBE_UPDATER.EXE-06B3E975.pf moved successfully.
    C:\WINDOWS\prefetch\ALG.EXE-0F138680.pf moved successfully.
    C:\WINDOWS\prefetch\AM_BASE.EXE-20AD945D.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA.EXE-2F7A6F0C.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH1.EXE-1E34A3CB.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH2.EXE-1B96EA75.pf moved successfully.
    C:\WINDOWS\prefetch\AM_DELTA_PATCH3.EXE-3367F33D.pf moved successfully.
    C:\WINDOWS\prefetch\AM_ENGINE_PATCH1.EXE-0C15AD30.pf moved successfully.
    C:\WINDOWS\prefetch\ARH.EXE-20ECD32B.pf moved successfully.
    C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf moved successfully.
    C:\WINDOWS\prefetch\COUPONPRINTER[1].EXE-090F300C.pf moved successfully.
    C:\WINDOWS\prefetch\CSC.EXE-1113BFA6.pf moved successfully.
    C:\WINDOWS\prefetch\CTEQ.EXE-292A40DC.pf moved successfully.
    C:\WINDOWS\prefetch\CVTRES.EXE-13DEB540.pf moved successfully.
    C:\WINDOWS\prefetch\DEFRAG.EXE-273F131E.pf moved successfully.
    C:\WINDOWS\prefetch\DFRGNTFS.EXE-269967DF.pf moved successfully.
    C:\WINDOWS\prefetch\DLLHOST.EXE-5353C76C.pf moved successfully.
    C:\WINDOWS\prefetch\DMADMIN.EXE-00BCB146.pf moved successfully.
    C:\WINDOWS\prefetch\EHMSAS.EXE-181DA6C9.pf moved successfully.
    C:\WINDOWS\prefetch\EHRECVR.EXE-20796750.pf moved successfully.
    C:\WINDOWS\prefetch\EHSHELL.EXE-00D8CD6D.pf moved successfully.
    C:\WINDOWS\prefetch\EHTRAY.EXE-02EFC9BD.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSPLUS_ADOBE.EXE-2A28536F.pf moved successfully.
    C:\WINDOWS\prefetch\GETPLUSPLUS_ADOBE_REG.EXE-1D24FB07.pf moved successfully.
    C:\WINDOWS\prefetch\HELPSVC.EXE-2878DDA2.pf moved successfully.
    C:\WINDOWS\prefetch\HPQUSGL.EXE-30AB38A7.pf moved successfully.
    C:\WINDOWS\prefetch\HPWUCLI.EXE-2587F620.pf moved successfully.
    C:\WINDOWS\prefetch\IEDIT.EXE-0FD7B78F.pf moved successfully.
    C:\WINDOWS\prefetch\IEXPLORE.EXE-27122324.pf moved successfully.
    C:\WINDOWS\prefetch\IMAPI.EXE-0BF740A4.pf moved successfully.
    C:\WINDOWS\prefetch\IPCONFIG.EXE-2395F30B.pf moved successfully.
    C:\WINDOWS\prefetch\IRSETUP.EXE-220DD785.pf moved successfully.
    C:\WINDOWS\prefetch\JAUCHECK.EXE-0CBF467B.pf moved successfully.
    C:\WINDOWS\prefetch\JAVA.EXE-0C263507.pf moved successfully.
    C:\WINDOWS\prefetch\JAVAW.EXE-2DC32ABC.pf moved successfully.
    C:\WINDOWS\prefetch\JAVAWS.EXE-021AC9A9.pf moved successfully.
    C:\WINDOWS\prefetch\Layout.ini moved successfully.
    C:\WINDOWS\prefetch\LOGONUI.EXE-0AF22957.pf moved successfully.
    C:\WINDOWS\prefetch\MCRDSVC.EXE-0560ADD0.pf moved successfully.
    C:\WINDOWS\prefetch\MMC.EXE-39071BCC.pf moved successfully.
    C:\WINDOWS\prefetch\MPCMDRUN.EXE-1F94F686.pf moved successfully.
    C:\WINDOWS\prefetch\MPSIGSTUB.EXE-1D30D19B.pf moved successfully.
    C:\WINDOWS\prefetch\MSIEXEC.EXE-2F8A8CAE.pf moved successfully.
    C:\WINDOWS\prefetch\MSMSGS.EXE-2B6052DE.pf moved successfully.
    C:\WINDOWS\prefetch\NOTEPAD.EXE-189578DA.pf moved successfully.
    C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf moved successfully.
    C:\WINDOWS\prefetch\NTOSBOOT-B00DFAAD.pf moved successfully.
    C:\WINDOWS\prefetch\OLREG.EXE-376F4E55.pf moved successfully.
    C:\WINDOWS\prefetch\OTL.EXE-37E53FED.pf moved successfully.
    C:\WINDOWS\prefetch\REGSVR32.EXE-25EEFE2F.pf moved successfully.
    C:\WINDOWS\prefetch\RM_SV.EXE-229E1864.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-147710F4.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-1BC55A4F.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-2576181F.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-276B85AE.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-2E5AF1D7.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-31610E45.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-35A483DA.pf moved successfully.
    C:\WINDOWS\prefetch\RUNDLL32.EXE-451FC2C0.pf moved successfully.
    C:\WINDOWS\prefetch\SCAPX.EXE-0315A57B.pf moved successfully.
    C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf moved successfully.
    C:\WINDOWS\prefetch\SEARCHINDEXER.EXE-1AD3307F.pf moved successfully.
    C:\WINDOWS\prefetch\SEARCHPROTOCOLHOST.EXE-34E0253A.pf moved successfully.
    C:\WINDOWS\prefetch\SETUP.EXE-2D35A07A.pf moved successfully.
    C:\WINDOWS\prefetch\SIMPRESS.EXE-36866A3E.pf moved successfully.
    C:\WINDOWS\prefetch\SOFFICE.BIN-01E25E9C.pf moved successfully.
    C:\WINDOWS\prefetch\SOFFICE.EXE-358D937C.pf moved successfully.
    C:\WINDOWS\prefetch\SOL.EXE-1C0C14EB.pf moved successfully.
    C:\WINDOWS\prefetch\SPKSET.EXE-15092CC6.pf moved successfully.
    C:\WINDOWS\prefetch\SSBEZIER.SCR-01465E32.pf moved successfully.
    C:\WINDOWS\prefetch\SURMIXER.EXE-01E7A7E0.pf moved successfully.
    C:\WINDOWS\prefetch\SVCHOST.EXE-3530F672.pf moved successfully.
    C:\WINDOWS\prefetch\SWRITER.EXE-38A9F6BD.pf moved successfully.
    C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf moved successfully.
    C:\WINDOWS\prefetch\VOE.EXE-1E026A94.pf moved successfully.
    C:\WINDOWS\prefetch\WINHLP32.EXE-2C18E975.pf moved successfully.
    C:\WINDOWS\prefetch\WMIAPSRV.EXE-1E2270A5.pf moved successfully.
    C:\WINDOWS\prefetch\WMIPRVSE.EXE-28F301A9.pf moved successfully.
    C:\WINDOWS\prefetch\WORDPAD.EXE-24533991.pf moved successfully.
    C:\WINDOWS\prefetch\WSCNTFY.EXE-1B24F5EB.pf moved successfully.
    C:\WINDOWS\prefetch\WUAUCLT.EXE-399A8E72.pf moved successfully.
    ========== COMMANDS ==========
    C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 78991 bytes
    ->Flash cache emptied: 642 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56504 bytes

    User: Jackson
    ->Temp folder emptied: 2508596 bytes
    ->Temporary Internet Files folder emptied: 46645328 bytes
    ->Java cache emptied: 76543 bytes
    ->FireFox cache emptied: 48410112 bytes
    ->Flash cache emptied: 8021505 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 30646 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1240100 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 159607 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 102.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jackson
    ->Flash cache emptied: 0 bytes

    User: LocalService

    User: NetworkService

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.22.3 log created on 05262011_103106

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\Y5MS76DO\LocalStorage[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\Y5MS76DO\WeeklyAd[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\EYBV51V4\activityi;src=2828607;type=retar102;cat=pfcha257;ord=1615799909377[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\EYBV51V4\activityi;src=2828607;type=retar102;cat=pfcha257;ord=4013741081718[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\EYBV51V4\pixel[1].gif moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\activityi;src=2828607;type=retar102;cat=pfcha257;ord=4009475048047[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\AdPod[10].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\default[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\InboxLight[2].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\Messenger[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\pixel[1].gif moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\WebIMPop[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\BGZR81AH\xmlProxy[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\6CJCJOLS\activityi;src=2828607;type=retar102;cat=pfcha257;ord=5336938093705[1].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\6CJCJOLS\AdPod[4].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\6CJCJOLS\AdPod[5].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\Content.IE5\6CJCJOLS\xmlProxy[2].htm moved successfully.
    C:\Documents and Settings\Jackson\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

    Registry entries deleted on Reboot...

    ESET LOG:

    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)
    # OnlineScanner.ocx=1.0.0.6522
    # api_version=3.0.2
    # EOSSerial=617632e70ee75b418ba911f5a5d57a9c
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-26 03:33:31
    # local_time=2011-05-26 11:33:31 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 2613813 2613813 0 0
    # compatibility_mode=1024 16777215 100 0 26551040 26551040 0 0
    # compatibility_mode=5891 16776533 42 87 0 17528392 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=4710
    # found=0
    # cleaned=0
    # scan_time=481
    esets_scanner_update returned -1 esets_gle=53251
    # version=7
    # IEXPLORE.EXE=7.00.6000.17096 (vista_gdr.110211-1830)
    # OnlineScanner.ocx=1.0.0.6522
    # api_version=3.0.2
    # EOSSerial=617632e70ee75b418ba911f5a5d57a9c
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2011-05-26 05:32:18
    # local_time=2011-05-26 01:32:18 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 2614359 2614359 0 0
    # compatibility_mode=1024 16777215 100 0 26551586 26551586 0 0
    # compatibility_mode=5891 16776533 42 87 0 17528938 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=76763
    # found=6
    # cleaned=0
    # scan_time=7062
    C:\Qoobox\Quarantine\C\Program Files\PCFix\PCFix.exe.vir probably a variant of Win32/Adware.PCFixCleaner application (unable to clean) 00000000000000000000000000000000 I
    C:\Qoobox\Quarantine\C\Program Files\Search Toolbar\SearchToolbar.dll.vir Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{9EB11C26-F7D9-4FB7-B426-D4B624B3F43D}\RP331\A0019735.exe probably a variant of Win32/Adware.PCFixCleaner application (unable to clean) 00000000000000000000000000000000 I
    C:\System Volume Information\_restore{9EB11C26-F7D9-4FB7-B426-D4B624B3F43D}\RP331\A0019739.dll Win32/Toolbar.Zugo application (unable to clean) 00000000000000000000000000000000 I
    C:\WINDOWS\CouponsBar.dll probably a variant of Win32/Adware.Softomate.AD application (unable to clean) 00000000000000000000000000000000 I
    N:\My Documents\FotosizerSetup.exe Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I

    Regards,

    - johndgorman1

  9. #9
    Member Net_Surfer's Avatar
    Join Date
    May 2008
    Location
    Paradise Ca.
    Posts
    1,179
    Points
    89
    Blog Entries
    4

    Default

    Hello again johndgorman1

    It's time to clean up all of the tools we used and the logs they created.

    Please Follow my next set of final instructions and read how to secure and speed up your computer:

    Clean-up & Prevention:

    Please follow my next set of steps:

    Step 1.

    Uninstall Combofix
    • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
    • Make sure that combofix.exe that you downloaded is on your Desktop but Do not run it!
      o *If it is not on your Desktop, the below will not work.
    • Click on your Start Menu, then Run....
    • Now copy & paste the green bolded text in the run-box and click OK.

      ComboFix /Uninstall

      <Notice the space between the "x" and "/".> <--- It needs to be there
      Windows vista users: Press the Windows Key + R to bring the Run... Command and then from there you can add in the Combofix /Uninstall
    • Please advise if this step is missed for any reason as it performs some important actions:

    "This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
    It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore".


    Note: If you have trouble and it doesn't want to uninstall using the method described above, you can rename ComboFix.exe to Uninstall.exe and double click on it to uninstall it.


    Step 2.

    Restart MBAM.

    Click on the Quarantine tab
    Make sure everything is selected and then click Delete All.

    Close MBAM.

    Step 3.

    Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

    To help you with this chores do the following:


    • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
    • Then Click the big button.
    • You will get a prompt saying "Begin Cleanup Process". Please select Yes.
    • Restart your computer when prompted.


    OTL will delete itself and any logs that any of the tools produced.

    Step 4.

    Remove any other tools or files we used by right-clicking on them or any folders they created, hold down the Shift key, and select "Delete" by clicking on it. This will delete the files without sending them to the RecycleBin.

    You can also uninstall the other programs (HijackThis or MalwareBytes if we used them) by going to Start > Control Panel > Add/Remove programs (The Control Panel is different in different versions of Windows. It will be Programs and Features in Vista and Programs > Uninstall a Program in 7)

    You might want to keep MalwareBytes AntiMalware though and that's fine Make sure you update it before you run the scans in the future.

    • Use Control Panel, Add or Remove Programs (if Windows Xp, Win7 and Vista: Programs and Features) and Uninstall any entry related to an On-Line scanner we may have used. If you find any files or folders created during this cleanup operation remaining, please feel free to delete them.
    • Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
    • If I asked you to Disable something like TeaTimer or another malware blocker, please go ahead an re-enable them if you wish.



    Step 5.

    Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

    The easiest and safest way to do this is:
    • Go to Start > Programs > Accessories > System Tools and click "System Restore".
    • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
    • Then use Disk Cleanup to remove all but the most recently created Restore Point.
    • Go to Start > Run and type: Cleanmgr
    • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
    • Click the "More Options" tab, then click the "Clean up" button under System Restore.
    • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
    • Click Yes, then click Ok.
    • Click Yes again when prompted with "Are you sure you want to perform these actions?"
    • Disk Cleanup will remove the files and close automatically.
    Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

    Windows 7 follow this instructions to delete old restore points and how to create a new one:
    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Uncheck the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.

    When you uncheck a disk you will be presented with a screen.
    You should click on the Turn System Protection Off button.
    Click Apply and then OK.

    Reboot your computer.

    Now:
    Click on Start... Control Panel... System and Maintenance... System
    Click on System Protection in the left-hand task list.
    Put a checkmark in the checkboxes next to each hard drive listed under the Create restore points automatically on the selected disks: section.
    Click Apply and then OK.

    Your System restore will now be active again... starting with a new restore point.

    If you have done all of the above, Your Computer should be Clean of Malware.
    CONGRATULATIONS.



    Are things running okay? Do you have any more questions?

    System Still Slow?

    Is your computer running slower? You may have too many startup programs bogging it down. It's easy to address this problem by tweaking the startup programs on your computer.

    Follow these steps on the following tutorial to help speed up your computer.

    >> How to Change Startup Programs on Your Computer manually or using WinPatrol <<

    Choose between doing this manually or with the help of a program. Either way, you need to look up what you can disable and what you need to keep enabled. Keep in mind there are many programs written to make this task easier, using a program might save you some time.

    Simply download WinPatrol tool from: HERE to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

    The following can also help speed up your computer:

    Defragment files (Drive C) Defragmenting is a must.

    It's one of the large reasons for system slowdowns. I use > JkDefrag < to defragment. You can use it forever. I recommend installing it and defragmenting as soon as possible

    To improve performance I recommend to check this LINK.

    Windows7: Optimize Windows 7 for better performance Go to this page

    Having trouble with your computer?

    Even if you don't know a computer language (or want to), you can solve several common PC problems on your own.

    Read this Tutorial: (In this article= F1 is magic: Get help on your PC, The basics, Locating the problem, Software errors, Internet Connectivity, Hardware trouble, System failure)

    >> Fix common PC problems <<

    Is Your Wireless Network Safe?

    The purposes of wireless security is to keep unauthorized parties from using the wireless Internet access that you pay for, and to keep unauthorized parties from accessing the computers on your wireless network. For home and small business wireless network operators, "unauthorized parties" are usually not mastermind cybercriminals but casual freeloaders.

    Your wireless network's range is a few hundred yards, at most. That means the people most likely to "hack" into your WiFi network are your neighbors and transient passersby. Fortunately, it does not take much to deter such gate-crashers. A few easy, free tweaks to your WiFi router's settings are enough.


    See this tutorial: How can I make sure that nobody can secretly access my computers through a wireless connection. By: Bob Rankin.


    ---------------------------^--------------------------------



    Prevention:

    Take the following steps to help prevent infection on your computer:

    Use an AntiVirus Software

    It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

    Use up-to-date antivirus software
    Most antivirus software can detect and prevent infection by known malicious software. To help protect you from infection, you should always run antivirus software, such as Microsoft Security Essentials, that is updated with the latest signature files.
    For more information, see Windows 7: Consumer security software providers.

    To assist in the prevention of malicious software intrusion and infections:

    Please remember to keep antivirus software on board and always use it's real time protection feature. Run a complete system scan at least once a week...preferably in Safe mode.

    If your antivirus program is a licensed version that is about to expire, you can consider using one of these available free on the public domain:

    Microsoft Security Essentials
    AntiVir Personal Edition Classic
    Avast! 6 Free Home Edition

    Those of us in the online safety/security community have tried and tested these programs to determine their abilities. Having in mind, nothing is ever a guarantee regarding computer security, these programs nevertheless, combined with the rest of these recommendations are certain to have an impact in helping to keep your system running free and clear. I personally have been completely satisfied from having tested and used each one of those at one time or another.

    Windows Vista and Windows 7 have a software firewall built in and activated by default. And, just as with Windows XP, it's not quite the best defense, although it is a little better than it's predecessor.

    Below you can choose from several of the freeware Firewalls available on the public domain. Even though you may have a Firewall already installed, keep this list handy should you choose not to renew your subscription for whatever reason.

    You should always have at least (but not more than ) one of these types of third party firewalls running on board:
    Sunbelt Personal Firewall

    *** Zone Alarm Beware This download includes the Ask Toolbar...The ZoneAlarm Spy Blocker toolbar is powered by "Ask.com". The "Ask" search engine will cause "targeted" ads to be presented to you based upon the content of the web pages you visit, any personally identifiable information you have provided to "Ask.com", or keywords appearing in your search queries. Many security experts consider this type of behavior offensive...Windows 2k/XP/Vista

    Outpost Free

    Comodo...I highly recommend this firewall, but it may just be best suited for advanced users.


    Enable a firewall on your computer:

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

    Use a third-party firewall product or turn on the Microsoft Windows Internet Connection Firewall.
    Visit Microsoft's Windows Update Site Frequently

    It is important that you visit Microsoft Windows Update regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Get the latest computer updates
    Updates help protect your computer from viruses, worms, and other threats as they are discovered. It is important to install updates for all the software that is installed in your computer. These are usually available from vendor websites.

    You can use the Automatic Updates feature in Windows to automatically download future Microsoft security updates while your computer is on and connected to the Internet.
    ==============***============

    Recommended Programs:

    To help protect your computer in the future I would recommend the download and installation of some or all of the following free programs (if not already present), and the updating of them on a regular basis:
    .
    • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
      *Green to go
      *Yellow for caution
      *Red to stop
      WOT has an addon available for both Firefox and IE.
    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit > HERE <.
    • McAfee Site Advisor --free version.
      To give you an indication of which sites may contain bad links or suspect downloads. It loads an icon to the taskbar of your browser (versions for IE and Firefox), As you browse, a small button on your browser toolbar changes color based on SiteAdvisor's safety results indicating the trustworthiness of the site you are on. Green for safe and Red for suspicious. Click on the icon to access details that SiteAdvisor has about the site. It also gives the same colour indications in the results page when you do a Google search, making it easier to decide which sites are safe to visit. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad. Safety ratings from McAfee SiteAdvisor appear next to search results. Works with Google, Yahoo!, Live Search, AOL or ASK.
      This is a utility that can be downloaded and installed it from: > HERE <
    • SpywareBlaster
      SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer. If you don't know what ActiveX controls are, see > HERE <. You can download SpywareBlaster from HERE.
    • ERUNT (Emergency Recovery Utility NT):
      This utility allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
      You can get this utility from: > HERE < and instructions how to Practice "Safe Computer" with regular automated Registry Backups with ERUNT from: > HERE <
    • Use an alternative Internet Browser
      Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
      Firefox
      Opera
      If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
    • MVPs hosts file.
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on the hosts file, and what it can do for you, please consult the Tutorial on the Hosts file.



    Limit user privileges on the computer:
    Starting with Windows Vista and Windows 7, Microsoft introduced User Account Control (UAC), which, when enabled, allowed users to run with least user privileges. This scenario limits the possibility of attacks by malware and other threats that require administrative privileges to run.

    You can configure UAC in your computer to meet your preferences:

    Secure Your Software: Update Non-Microsoft Programs by using PSI Secunia Personal Software Inspector:

    Microsoft isn't the only company whose products can contain security vulnerabilities.

    Is your computer really secure?
    If you have antivirus software, malware scanners and a firewall, you might think you'e safe from hackers, crackers and identity thieves. But chances are, you're missing one critical piece of the security puzzle. Read on to learn how to secure your software and truly lock down your computer:

    What's the Missing Link in Computer Security?

    You may feel safe behind a firewall and anti-virus software. But you're not. Bad guys can still get to your personal information stored on your computer, and even take over your computer and run it as if it was their own. The gap in your armor? It's the application software you use every day. Let's look at just one recent example.

    Do you ever read Adobe PDF files, in your browser or with Adobe Reader after downloading? Tens of millions of people do; PDF is one of the most widely used file formats. In July 2009, hackers found a way to embed malware in PDF files using the equally popular Adobe Flash animation format. Even anti-virus software developers like Symantec were caught off-guard by this obscure vulnerability. New vulnerabilities are discovered in application software every hour, it seems.

    Software developers issue patches and updates that close these doors to hackers in a never-ending game of Whack-A-Mole. Vulnerability pops up here, hit it with a patch. Another pops up over there, hit it with another patch. Developers provide the patches, but it's up to you, the end user, to whack the moles.
    Staying on Top of Application Security

    It's vital to keep all your software up to date with the latest patches and upgrades. But the average computer holds about 80 application programs! How can you keep up with it all?

    _First, concentrate on the programs that are most often targeted by bad guys. They are the most commonly used programs: Microsoft Office, Adobe Reader, Internet Explorer, etc. The more people there are using a program, the more targets there are for a hacker's arrows. Naturally, the hacker goes after the biggest potential "market" for his malware.

    _Second, activate automatic update
    features when they are available. Then your software will check its home site for patches and upgrades every day, or week, or whatever. It can download and install updates without bothering you at all, or tell you when updates are available and give you the choice of when to install them.

    Some security experts tell you to turn off automatic updates because a connection to a server is an open line through which hackers can invade your computer. But turning off auto-update closes one door while leaving untold numbers of others wide open. Who are you kidding? You're not going to remember to check for updates manually on a regular basis. You'll let it slide until your software is so outdated it contains dozens of vulnerabilities. Leave auto-update on and let the software remember for you.

    _Third, you can check all the software on your computer for vulnerabilities using something like the >> Secunia Personal Software Inspector << (PSI). This free program comes from a trusted security site, and scans your software for known vulnerabilities. It will tell you which programs need updating and provide links to sites where you can download patches.

    I ran PSI while researching the issue of software security, and I was very surprised by the results. I have security software in place, and I thought I was keeping up with all my patches. I felt pretty confident about the security of my computer. But PSI flagged Adobe Reader, Flash, Skype, iTunes, QuickTime, Java and a few others as needing updates. At least SIX of the vulnerabilities were marked Critical, meaning that under certain circumstances, an Evil Hacker could exploit them to gain complete control over my computer. Yikes.


    Bottom line... the software you use every day is the biggest source of danger to your personal information. Keeping your software up to date is your best defense. You cannot afford to let vulnerabilities go unpatched.


    Use caution when opening attachments and accepting file transfers:
    Exercise caution with email and attachments received from unknown sources, or received unexpectedly from known sources. Use extreme caution when accepting file transfers from known or unknown sources.

    Use caution when clicking on links to web pages:
    Exercise caution with links to web pages that you receive from unknown sources, especially if the links are to a webpage that you are not familiar with, unsure of the destination of, or suspicious of. Malicious software may be installed in your computer simply by visiting a webpage with harmful content.

    Avoid downloading pirated software:
    Threats may also be bundled with software and files that are available for download on various torrent sites. Downloading "cracked" or "pirated" software from these sites carries not only the risk of being infected with malware, but is also illegal. For more information, see 'The risks of obtaining and using pirated software'.

    Protect yourself from social engineering attacks:
    While attackers may attempt to exploit vulnerabilities in hardware or software to compromise a computer, they also attempt to exploit vulnerabilities in human behavior to do the same. When an attacker attempts to take advantage of human behavior to persuade the affected user to perform an action of the attacker's choice, it is known as 'social engineering'. Essentially, social engineering is an attack against the human interface of the targeted computer. For more information, see 'What is social engineering?'.

    Use strong passwords:
    Attackers may try to gain access to your Windows account by guessing your password. It is therefore important that you use a strong password – one that cannot be easily guessed by an attacker. A strong password is one that has at least eight characters, and combines letters, numbers, and symbols.
    For more information, see Strong Passwords | Microsoft Security.
    The top 50 passwords you should never use

    To protect yourself against malware and reduce your chance of reinfection in the future, I strongly recommend you have a look at following links (giving some advice and tips), (Tip of the hat to htv8):If you are interested in learning more and joining the fight against malware please visit the Malware Removal Trainning Program thread.

    Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

    Stay clean and be safe

    That's it!!!

    Happy surfing!

    Cheers
    Net_Surfer



    ***If ComboFix tool helped you***, please kindly consider a donation to it's author, As you just experienced for yourself, ComboFix is a very effective tool. Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via:


    I'll leave this thread open for a couple days in case you come across any lingering problems that need fixing, then I'll close it up. If you need it reopened for any reason just shoot me a PM. It's been a pleasure working with you, now best of luck!

    I'd be grateful if you could reply to this post so that I know you have read it and if you've no other questions, the thread can be closed.
    =========
    Our help here is always free but it does cost money to keep the site running. If you feel we've helped you kindly, Click here: >> Please Donate to the Forum <<


    "Obstacles are what you see when yo take your eyes off your Goals"

    Net_Surfer is a Graduate of BleepingComputer Malware Removal Training ProgramYou too could train to help others!.

  10. #10
    Member
    Join Date
    Apr 2011
    Posts
    6
    Points
    0

    Default

    T H A N X ! Net_Surfer for all the help.

    there are a few things left hanging:

    Microsoft Widows Recovery Console was, I believe, never installed?
    Since starting this process whenever I reboot I get a message that Outlook Express needs to cleanup it's files tomake more room? I've never used Outlook and I have no Idea how it may have gotten started.

    Please let know if there's anything to be concerned about, would you.

    T H A N X ! Again,
    - johndgorman1