1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

'Program name.exe Bad Image' Error

Discussion in 'Virus & Other Malware Removal' started by Rozzy, Dec 2, 2009.

Thread Status:
Not open for further replies.
Advertisement
  1. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hello - I would appreciate your help. Every time I open a program I keep getting an error message 'program name.exe Bad Image' - once I click on it the program opens and works fine. Here is an acutal error message:

    "WINWORD.exe Bad Image This application or DLL c:\windows\system32\sejutedi.dll is not a valid Windows image. Please check this against your installation diskette" :confused:

    Every time I restart my computer I must click all the pop ups as well.

    I've run the following scans - Windows: Defender, Live OneCare Safety, Malicious Software Removal Tool, Essentials Tool, and downloaded SP2 and SP3. Also ran SuperAntiSpyware and Malwarebytes and downloaded HijackThis.

    After reading some solutions from your website I rand Secunia OSI and PSI - updated all applications on my computer. Also noticed that some used 'ComboFix' that solved this problem for someone else.

    Is this some type of trojan virus?

    My system is Windows XP, SP3, Home edition, Dell 2400, IE6

    Please, please help - I do not what else to do! Warmest regards, Rozzy

    Here's my HijackThis Report:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 2:45:48 PM, on 12/2/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 best-click-scanner.info
    O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.235.133 onlinenotifyq.net
    O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - (no file)
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [LexWebUpdate] C:\Program Files\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:ENGLISH
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Nikon Monitor.lnk = ?
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - http://www5.snapfish.com/SnapfishOutlookImport.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - https://www2.gotomeeting.com/default/applets/g2mdlax.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: c:\windows\system32\sejutedi.dll,C:\WINDOWS\system32\gafafomu.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
    O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    --
    End of file - 10283 bytes
     
  2. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    Hiya

    Are you still having this problem? If so, is it related to this:

    http://forums.techguy.org/general-security/882384-error-loading-but-app-been.html

    If so, can you do the following:

    Download GMER from Here. Note the file's name and save it to your root folder, such as C:\.
    • Disconnect from the Internet and close all running programs.
    • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
    • Click on this link to see a list of programs that should be disabled.
    • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
    • Allow the driver to load if asked.
    • You may be prompted to scan immediately if it detects rootkit activity.
    • If you are prompted to scan your system click "No", save the log and post back the results.
    • If not prompted, click the "Rootkit/Malware" tab.
    • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
    • Select all drives that are connected to your system to be scanned.
    • Click the Scan button to begin. (Please be patient as it can take some time to complete)
    • When the scan is finished, click Save to save the scan results to your Desktop.
    • Save the file as Results.log and copy/paste the contents in your next reply.
    • Exit the program and re-enable all active protection when done.

    Please include the Results.log and a fresh HijackThis log in your next reply

    Regards

    eddie
     
  3. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
  4. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    The file c:\windows\system32\sejutedi.dll is considered not to be good, so the first program I posted is checking for RootKits.

    I tend to reply with a basic reply to start with, as most threads I pick are a week old, and some (80%) don't reply at all to mine.

    If you run that program first, that will tell if anything is hidden. Also, as its been a week, a fresh HijackThis log is needed, as things may have changed :)

    eddie
     
  5. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    Microsoft called me today this is what they did and the popups stopped (see below checklist). Is it possible that additional viruses could be hidden? If so, should I follow the steps you recommended?

    Action: run process explorer
    Result: no malicious process

    Action: run autoruns
    Result: deleted
    -- c:\windows\system32\sejutedi.dll c:\windows\system32\sejutedi.dll

    Action: checked system32
    Result: deleted sejutedi.dll

    Action: checked windows
    Result: no malilcious files

    Action: checked application data
    Result: no malicious files

    Action: checked drivers
    Result: no malilcious files

    Action: restarted the computer
    Result: no more popups

    ACTION : trying to use the computer
    RESULT : getting bad image error when opening applications
    CAUSE : spyware
    RESOLUTION : manual removal
     
  6. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    Here's my new Hijackthis log. Also, I've been told that I should choose between my Verizon Security Suite and Microsoft Essentials Security Package - should not have two running.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 3:57:05 PM, on 12/10/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Verizon\Verizon Internet Security Suite\rps.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
    C:\Program Files\Verizon\McciTrayApp.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
    C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
    C:\Program Files\Secunia\PSI\psi.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaMonitor.exe
    C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 best-click-scanner.info
    O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.235.133 onlinenotifyq.net
    O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - (no file)
    O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - (no file)
    O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
    O4 - HKLM\..\Run: [LexWebUpdate] C:\Program Files\Lexmark\Install\InstallWeb\InstallWeb.exe /S /L:ENGLISH
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [OurPictures] "C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe" /AutoStart
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Nikon Monitor.lnk = ?
    O4 - Startup: Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} - http://www5.snapfish.com/SnapfishOutlookImport.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} -
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - https://www2.gotomeeting.com/default/applets/g2mdlax.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
    O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe
    O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
    O23 - Service: Verizon Internet Security Suite SafeConnectAgent (RadialpointSafeConnectAgent) - Sana Security - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
    --
    End of file - 9783 bytes
     
  7. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    That was the file, so lets just scan with OTL to see if its all clear:

    • Download OTL to your desktop.
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

    eddie
     
  8. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    Here's tPart 1 of the OTL.Txt Log

    OTL logfile created on: 12/11/2009 3:34:39 PM - Run 1
    OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 38.26% Memory free
    1.30 Gb Paging File | 0.53 Gb Available in Paging File | 41.14% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 45.75 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
    Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ROSALINEMYERS
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Processes (SafeList) ==========

    PRC - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    PRC - C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\RPS.exe (Verizon)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\Kav\Bin\ScanningProcess.exe (Kaspersky Lab.)
    PRC - C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe (Radialpoint Inc.)
    PRC - C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
    PRC - C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
    PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaMonitor.exe (Sana Security)
    PRC - C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\bin\SanaAgent.exe (Sana Security)
    PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
    PRC - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    PRC - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
    PRC - C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
    PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)


    ========== Modules (SafeList) ==========

    MOD - C:\Documents and Settings\Owner\desktop\OTL.exe (OldTimer Tools)
    MOD - C:\Program Files\Common Files\Motive\McciContextHook_DSR.dll (Motive Communications, Inc.)


    ========== Win32 Services (SafeList) ==========

    SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
    SRV - (McciCMService) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
    SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
    SRV - (Radialpoint Security Services) -- C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe (Verizon)
    SRV - (RP_FWS) -- C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe (Verizon)
    SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
    SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
    SRV - (RadialpointSafeConnectAgent) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Bin\SanaAgent.exe (Sana Security)
    SRV - (PD91Engine) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe (Raxco Software, Inc.)
    SRV - (PD91Agent) -- C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe (Raxco Software, Inc.)
    SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
    SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
    DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
    DRV - (PSI) -- C:\WINDOWS\system32\drivers\psi_mf.sys (Secunia)
    DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
    DRV - (RPSKT) Security Services Driver (x86) -- C:\WINDOWS\system32\drivers\rp_skt32.sys (Radialpoint Inc.)
    DRV - (RadialpointSafeConnectDriver) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc. )
    DRV - (RadialpointSafeConnectFilter) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc. )
    DRV - (RadialpointSafeConnectShim) -- C:\Program Files\Verizon\Verizon Internet Security Suite\SafeConnect\Driver\platform_XP\SafeConnectShim.sys (Sana Security, Inc. )
    DRV - (DefragFS) -- C:\WINDOWS\system32\drivers\DefragFS.sys (Raxco Software, Inc.)
    DRV - (RPPKT) Radialpoint Filter (x86) -- C:\WINDOWS\system32\drivers\rp_pkt32.sys (Radialpoint, Inc.)
    DRV - (mf) -- C:\WINDOWS\system32\drivers\mf.sys (Microsoft Corporation)
    DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    DRV - (SABProcEnum) -- C:\WINDOWS\system32\sabprocenum.sys (SuperAdBlocker.com)
    DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
    DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
    DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
    DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
    DRV - ({6080A529-897E-4629-A488-ABA0C29B635E}) Intel(R) Graphics Platform (SoftBIOS) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
    DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91}) Intel(R) Graphics Chipset (KCH) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)
    DRV - (ialm) -- C:\WINDOWS\system32\drivers\ialmnt5.sys (Intel Corporation)
    DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
    DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
    DRV - (mdmxsdk) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
    DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)
    DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
    DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
    DRV - (brparimg) -- C:\WINDOWS\system32\drivers\BrParImg.sys (Brother Industries Ltd.)
    DRV - (BrSerWDM) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys (Brother Industries Ltd.)
    DRV - (BrParWdm) -- C:\WINDOWS\system32\drivers\BrParwdm.sys (Brother Industries Ltd.)
    DRV - (brfilt) -- C:\WINDOWS\system32\drivers\BrFilt.sys (Brother Industries Ltd.)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========



    [2008/09/15 18:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\56sxoj5f.default\extensions
    [2009/12/01 20:30:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2004/05/07 15:31:40 | 00,348,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\components\MSVCR71.DLL
    [2008/06/18 01:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2007/03/09 18:16:44 | 00,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

    O1 HOSTS File: (1080 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: 82.98.235.133 browser-security.microsoft.com
    O1 - Hosts: 82.98.235.133 best-click-scanner.info
    O1 - Hosts: 82.98.235.133 antivirus-xp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.infosecuritycenter.com
    O1 - Hosts: 82.98.235.133 microsoft.softwaresecurityhelp.com
    O1 - Hosts: 82.98.235.133 onlinenotifyq.net
    O1 - Hosts: 82.98.235.133 antivirusxp-pro-2009.com
    O1 - Hosts: 82.98.235.133 microsoft.browser-security-center.com
    O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {1ef24bd0-4216-476a-8b7c-ad2411eefb9a} - No CLSID value found.
    O2 - BHO: (PopKill Class) - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll (Verizon)
    O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll (Google Inc.)
    O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKLM\..\Toolbar: (no name) - {4E7BD74F-2B8D-469E-8CB0-AB60BB9AAE22} - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
    O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
    O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
    O4 - HKLM..\Run: [LexWebUpdate] File not found
    O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
    O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
    O4 - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Motive Communications, Inc.)
    O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
    O4 - HKCU..\Run: [OurPictures] C:\Program Files\RitzPix E-Z Print & Share\OurPictures.exe (Simple Star, Inc.)
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe (Nikon Corporation)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Nikon Monitor.lnk = C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
    O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk = C:\Program Files\Secunia\PSI\psi.exe (Secunia)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
    O15 - HKCU\..Trusted Domains: microsoft.com ([oas.support] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([support] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([www] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab (Reg Error: Key error.)
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell.com/systemprofiler/SysPro.CAB (SysProWmi Class)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://support.microsoft.com/OAS/ActiveX/MSDcode.cab (Reg Error: Key error.)
    O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www5.snapfish.com/SnapfishOutlookImport.cab (Reg Error: Key error.)
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} Reg Error: Value error. (Reg Error: Key error.)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab (Windows Live Safety Center Base Module)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1238125129531 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} https://www2.gotomeeting.com/default/applets/g2mdlax.cab (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} Reg Error: Value error. (ArmHelper Control)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2008/03/07 19:23:31 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2001/08/27 11:47:06 | 00,000,028 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
    O34 - HKLM BootExecute: (PDBoot.exe) - C:\WINDOWS\System32\PDBoot.exe (Raxco Software, Inc.)
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - comfile [open] -- "%1" %*
    O35 - exefile [open] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2009/12/11 15:32:51 | 00,538,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/12/10 13:04:55 | 00,012,568 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2009/12/10 13:01:17 | 00,000,000 | -HSD | C] -- C:\Config.Msi
    [2009/12/10 12:57:21 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
    [2009/12/10 12:57:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
    [2009/12/08 14:30:15 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
    [2009/12/08 09:43:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
    [2009/12/02 19:11:09 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL Log.exe
    [2009/12/02 18:45:42 | 00,341,504 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC Temp File Cleaner.exe
    [2009/12/01 22:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2009/12/01 22:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Adobe
    [2009/12/01 22:50:26 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
    [2009/12/01 22:50:19 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
    [2009/12/01 21:15:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\nos
    [2009/12/01 21:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
    [2009/12/01 20:35:17 | 00,000,000 | ---D | C] -- C:\Program Files\Secunia
    [2009/12/01 20:16:49 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/12/01 20:16:48 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/12/01 20:16:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/12/01 20:16:48 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/12/01 20:05:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
    [2009/12/01 20:04:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Apple
    [2009/12/01 20:04:34 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
    [2009/12/01 20:04:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
    [2009/12/01 20:02:12 | 32,441,648 | ---- | C] (Apple Inc.) -- C:\Documents and Settings\Owner\Desktop\QuickTimeInstaller.exe
    [2009/12/01 16:54:10 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2009/12/01 16:53:58 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2009/12/01 16:53:56 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2009/12/01 01:29:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Reg Tool
    [2009/11/30 20:34:41 | 00,000,000 | ---D | C] -- C:\Program Files\Dell
    [2009/11/30 20:34:40 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\Dell
    [2009/11/30 12:47:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SuperAdBlocker.com
    [2009/11/30 00:10:15 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
    [2009/11/29 19:36:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
    [2009/11/29 14:55:06 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
    [2009/11/28 19:01:34 | 00,000,000 | ---D | C] -- C:\WINDOWS\Intuit
    [2009/11/27 14:54:06 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
    [2009/11/27 04:02:07 | 00,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
    [2009/11/27 03:19:45 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
    [2009/11/27 03:19:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\en
    [2009/11/27 03:19:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
    [2009/11/27 02:54:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\network diagnostic
    [2009/11/27 02:13:43 | 16,835,104 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-client-enu.exe
    [2009/11/27 02:11:00 | 60,338,208 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-fullfile-enu.exe
    [2009/05/06 16:34:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
    [2009/04/03 03:45:36 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
    [2008/03/08 16:48:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
    [2008/03/07 19:30:01 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
    [2008/03/07 19:30:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
     
  9. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    Here's Part 2 of the OTL.Txt Log

    ========== Files - Modified Within 30 Days ==========

    [2009/12/11 15:32:51 | 00,538,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
    [2009/12/11 15:31:57 | 01,486,112 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
    [2009/12/11 15:31:38 | 99,181,856 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.dat
    [2009/12/10 14:17:24 | 00,002,513 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Word 2003.lnk
    [2009/12/10 13:25:16 | 00,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/12/10 13:20:02 | 00,000,312 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
    [2009/12/10 13:19:49 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2009/12/10 13:19:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2009/12/10 13:18:49 | 00,141,032 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox2.idx
    [2009/12/10 13:18:48 | 01,306,496 | -HS- | M] () -- C:\WINDOWS\System32\drivers\fidbox.idx
    [2009/12/10 13:18:23 | 06,029,312 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT
    [2009/12/10 13:18:23 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
    [2009/12/10 13:04:55 | 00,012,568 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\WINDOWS\System32\drivers\PROCEXP113.SYS
    [2009/12/10 12:36:00 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2009/12/10 12:35:59 | 00,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2009/12/10 12:35:59 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2009/12/10 03:07:11 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2009/12/08 14:31:43 | 00,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/12/08 09:43:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/12/06 20:19:02 | 00,000,436 | ---- | M] () -- C:\WINDOWS\tasks\EasyShare Registration Task.job
    [2009/12/05 05:55:00 | 00,000,300 | ---- | M] () -- C:\WINDOWS\tasks\Printer Software Update.job
    [2009/12/04 19:35:56 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Access - passwords 8-09.doc
    [2009/12/02 19:11:18 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL Log.exe
    [2009/12/02 18:45:48 | 00,341,504 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\TFC Temp File Cleaner.exe
    [2009/12/02 05:56:31 | 00,000,280 | ---- | M] () -- C:\WINDOWS\System32\PDBootState
    [2009/12/01 22:56:45 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
    [2009/12/01 22:55:13 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2009/12/01 20:35:50 | 00,000,720 | ---- | M] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
    [2009/12/01 20:16:05 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
    [2009/12/01 20:16:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
    [2009/12/01 20:16:05 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
    [2009/12/01 20:16:05 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
    [2009/12/01 20:16:04 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
    [2009/12/01 20:02:36 | 32,441,648 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Owner\Desktop\QuickTimeInstaller.exe
    [2009/12/01 20:01:45 | 33,281,024 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\AdbeRdrUpd817_all_incr.msp
    [2009/12/01 17:59:06 | 00,049,152 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Wording for Skills Resume.doc
    [2009/12/01 16:54:23 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/11/30 19:58:46 | 00,000,154 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwareBot.lnk
    [2009/11/30 19:38:01 | 00,002,495 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Microsoft Office Excel 2003.lnk
    [2009/11/30 00:10:19 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
    [2009/11/29 19:36:18 | 00,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
    [2009/11/29 19:35:35 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2009/11/29 14:56:11 | 00,000,780 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/28 19:09:13 | 00,075,920 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    [2009/11/28 19:06:17 | 00,292,480 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2009/11/28 18:55:48 | 00,000,091 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2009/11/27 15:17:35 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
    [2009/11/27 02:51:53 | 00,250,048 | RHS- | M] () -- C:\ntldr
    [2009/11/27 02:13:51 | 16,835,104 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-client-enu.exe
    [2009/11/27 02:11:16 | 60,338,208 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\OfficeXpSp3-kb832671-fullfile-enu.exe
    [2009/11/26 03:22:12 | 00,000,304 | RHS- | M] () -- C:\boot.ini
    [2009/11/25 14:25:10 | 00,030,208 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Loretta Lillian Pollard - surgery & cancer.doc
    [2009/11/17 21:36:26 | 00,009,759 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Convert MM Table_A4-quer.pdf
    [2009/11/12 20:25:36 | 00,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2009/11/12 03:07:53 | 00,000,628 | ---- | M] () -- C:\WINDOWS\win.ini
    [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2099/01/01 12:00:00 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\vasupopa
    [2009/12/10 13:25:15 | 00,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
    [2009/12/08 14:31:42 | 00,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
    [2009/12/01 22:56:45 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat.com.lnk
    [2009/12/01 22:55:12 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2009/12/01 20:35:50 | 00,000,720 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Secunia PSI.lnk
    [2009/12/01 20:04:52 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2009/12/01 20:01:24 | 33,281,024 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\AdbeRdrUpd817_all_incr.msp
    [2009/12/01 16:54:23 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2009/11/30 19:58:46 | 00,000,154 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to AdwareBot.lnk
    [2009/11/30 00:10:19 | 00,001,734 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\HijackThis.lnk
    [2009/11/29 19:36:18 | 00,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
    [2009/11/29 14:56:11 | 00,000,780 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2009/11/18 14:27:01 | 00,030,208 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Loretta Lillian Pollard - surgery & cancer.doc
    [2009/11/17 21:36:26 | 00,009,759 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Convert MM Table_A4-quer.pdf
    [2009/09/19 17:53:19 | 00,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
    [2009/09/19 17:53:18 | 00,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
    [2009/09/19 16:59:26 | 00,000,647 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
    [2009/09/19 16:59:22 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2009/09/19 16:59:22 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2009/09/19 16:59:07 | 00,651,264 | ---- | C] () -- C:\WINDOWS\System32\brfxdial.dll
    [2009/09/19 16:56:51 | 00,000,026 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
    [2009/06/23 11:29:38 | 00,007,168 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2009/05/06 11:11:05 | 00,000,091 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
    [2009/03/30 08:39:37 | 03,336,230 | -HS- | C] () -- C:\WINDOWS\System32\isitiraj.ini
    [2009/03/29 20:38:51 | 03,314,383 | -HS- | C] () -- C:\WINDOWS\System32\igurohib.ini
    [2009/03/29 08:39:14 | 03,314,383 | -HS- | C] () -- C:\WINDOWS\System32\amevamey.ini
    [2009/03/28 20:38:09 | 03,314,382 | -HS- | C] () -- C:\WINDOWS\System32\atetadaf.ini
    [2009/03/28 08:37:47 | 03,314,364 | -HS- | C] () -- C:\WINDOWS\System32\egumajeb.ini
    [2009/03/27 20:37:34 | 03,314,392 | -HS- | C] () -- C:\WINDOWS\System32\osetihun.ini
    [2009/03/27 08:37:19 | 03,313,656 | -HS- | C] () -- C:\WINDOWS\System32\omunajid.ini
    [2009/03/26 20:37:25 | 03,313,458 | -HS- | C] () -- C:\WINDOWS\System32\emunijuh.ini
    [2009/03/26 08:37:43 | 00,000,121 | -HS- | C] () -- C:\WINDOWS\System32\ivabevar.ini
    [2009/03/25 15:19:00 | 03,313,421 | -HS- | C] () -- C:\WINDOWS\System32\efuweton.ini
    [2009/03/25 03:18:34 | 03,311,444 | -HS- | C] () -- C:\WINDOWS\System32\akukebor.ini
    [2009/03/24 15:19:18 | 03,318,186 | -HS- | C] () -- C:\WINDOWS\System32\elepunak.ini
    [2009/03/24 03:19:11 | 01,401,332 | -HS- | C] () -- C:\WINDOWS\System32\agesewan.ini
    [2009/03/23 15:18:00 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\ugodohum.ini
    [2009/03/23 03:17:40 | 01,410,297 | -HS- | C] () -- C:\WINDOWS\System32\enekitil.ini
    [2009/03/22 15:17:37 | 01,791,160 | -HS- | C] () -- C:\WINDOWS\System32\afuyejim.ini
    [2009/03/22 03:17:19 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\olunutat.ini
    [2009/03/21 03:17:00 | 01,791,169 | -HS- | C] () -- C:\WINDOWS\System32\evivifum.ini
    [2009/03/20 15:17:17 | 01,791,156 | -HS- | C] () -- C:\WINDOWS\System32\eyebuzaw.ini
    [2008/10/14 15:09:12 | 00,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen_x86.sys
    [2008/04/27 15:50:44 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
    [2008/04/27 15:44:40 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Ambience
    [2008/04/27 15:44:40 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\AccountTypes
    [2008/04/27 15:44:40 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLds.DAT
    [2008/04/27 15:13:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Analog Mono
    [2008/04/27 15:13:59 | 00,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Action Clauses
    [2008/04/27 15:13:59 | 00,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
    [2008/03/08 17:00:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\LexFV.ini
    [2008/03/08 16:59:22 | 00,000,556 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
    [2008/03/08 11:10:20 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/10/04 13:48:24 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\OPShDwn.dll
    [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
    [1996/08/06 00:00:00 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\PCDLIB32.DLL

    ========== Files - Unicode (All) ==========
    [2009/06/09 10:51:54 | 00,000,040 | ---- | M] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩
    [2009/06/09 10:51:54 | 00,000,040 | ---- | C] ()(C:\WINDOWS\System32\????????????????????4???????????????????????) -- C:\WINDOWS\System32\㩃停潲牧浡䘠汩獥噜牥穩湯噜牥穩湯䤠瑮牥敮⁴敓畣楲祴匠極整卜晡䍥湯敮瑣䍜湯楦屧噘敩⹷潣普杩

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E49FC3A5
    @Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E13861A5
    @Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    @Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:036B992F
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AD4FECAB
    < End of report >
     
  10. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    HI Eddie,

    Here's the Extra.Txt OTL Log...
    OTL Extras logfile created on: 12/11/2009 3:34:39 PM - Run 1
    OTL by OldTimer - Version 3.1.16.0 Folder = C:\Documents and Settings\Owner\Desktop
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.5512)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1022.00 Mb Total Physical Memory | 391.00 Mb Available Physical Memory | 38.26% Memory free
    1.30 Gb Paging File | 0.53 Gb Available in Paging File | 41.14% Paging File free
    Paging file location(s): C:\pagefile.sys 384 768 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 74.50 Gb Total Space | 45.75 Gb Free Space | 61.42% Space Free | Partition Type: NTFS
    Drive D: | 500.60 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: ROSALINEMYERS
    Current User Name: Owner
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days
    Output = Minimal

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- (Eastman Kodak Company)
    "C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
    "C:\Program Files\Raxco\PerfectDisk\PDAgent.exe" = C:\Program Files\Raxco\PerfectDisk\PDAgent.exe:*:Enabled:pDAgent -- File not found
    "C:\Program Files\Raxco\PerfectDisk\PDEngine.exe" = C:\Program Files\Raxco\PerfectDisk\PDEngine.exe:*:Enabled:pDEngine -- File not found
    "C:\Program Files\Windows Defender\MsMpEng.exe" = C:\Program Files\Windows Defender\MsMpEng.exe:*:Enabled:MsMpEng -- File not found
    "C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:MSASCui -- File not found


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
    "{011A2240-08DF-45BB-AA4E-1A78637CCF80}" = RPS CRT
    "{03EDED24-8375-407D-A721-4643D9768BE1}" = kgchlwn
    "{0C3FCE48-6984-11D5-90F8-00E029591716}" = Brother MFL Pro Suite
    "{11F3F858-4131-4FFA-A560-3FE282933B6E}" = kgchday
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
    "{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}" = Adobe Media Player
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{258749E2-3A46-42B1-9A01-BF977AA06FAC}" = RPS CRT
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{2B6EC03E-6FA0-4D7C-9CCE-1B03819AB613}" = PerfectDisk 2008
    "{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
    "{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3C7B1086-F873-4826-91A5-195CB5364C5B}" = RPS PerfectDiskStub
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{42938595-0D83-404D-9F73-F8177FDD531A}" = ESScore
    "{44850125-B5A7-420F-BF19-FFF249F95896}" = RPS Firewall
    "{4537EA4B-F603-4181-89FB-2953FC695AB1}" = netbrdg
    "{48B3FB4D-CE22-488C-8E9F-24EBB77EAC0F}" = Microsoft Security Essentials
    "{4CB90CB9-DD58-4CCC-A053-08FA70A42941}" = Verizon Internet Security Suite
    "{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "{5316DFC9-CE99-4458-9AB3-E8726EDE0210}" = skin0001
    "{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
    "{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
    "{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
    "{5DE3D989-A820-4247-8963-9287C28B3613}" = RPS Ksdk
    "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
    "{61D85BCA-6150-4A90-938B-D426BF166777}" = RPS ParentalControl
    "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
    "{65D85050-5610-4A91-A3B1-D5C744291AD4}" = PCDADDIN
    "{693C08A7-9E76-43FF-B11E-9A58175474C4}" = kgckids
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6B96E3EC-FADB-4C6C-86E1-022269B39939}" = My Property Pro
    "{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{8943CE61-53BD-475E-90E1-A580869E98A2}" = staticcr
    "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
    "{8A8664E1-84C8-4936-891C-BC1F07797549}" = kgcvday
    "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91130409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Basic Edition 2003
    "{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
    "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
    "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
    "{9BD54685-1496-46A5-AB62-357CD140ED8B}" = kgcinvt
    "{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
    "{A1588373-1D86-4D44-86C9-78ABD190F9CC}" = kgcmove
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A486CFF9-A3E6-4312-A1B9-ABD28F9FC255}" = RPS PopupBlocker
    "{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
    "{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
    "{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
    "{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
    "{C03B8026-694C-4326-88A8-1387097B50E8}" = RPS RpsCore
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C99DCDA4-7407-4F72-A77E-C81C551D0C4E}" = PCDHELP
    "{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
    "{CAE8A0F1-B498-4C23-95FA-55047E730C8F}" = ArcSoft Print Creations
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD55BC4A-C299-4632-91A9-88705157EAC2}" = RitzPix E-Z Print & Share
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
    "{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
    "{D45E8C45-B601-4A80-AFD8-E16338744DE1}" = ArcSoft Panorama Maker 4
    "{D55DA406-3031-42AB-B7C4-2183C00803F3}" = RPS SafeConnect
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
    "{E18B549C-5D15-45DA-8D8F-8FD2BD946344}" = kgcbaby
    "{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
    "{E79987F0-0E34-42CC-B8FF-6C860AEEB26A}" = tooltips
    "{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
    "{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
    "{F573B950-CC14-4E55-8F29-F054485E11AA}" = RPS Diagnostic Utility
    "{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
    "{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
    "{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
    "{FFE078E6-0288-4405-B26D-05D38F20295E}" = RPS Burn
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player Plugin
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Coupon Printer for Windows4.0" = Coupon Printer for Windows
    "FontVision" = FontVision
    "Glary Utilities_is1" = Glary Utilities 2.11.0.638
    "HijackThis" = HijackThis 2.0.2
    "InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}" = Broadcom 440x 10/100 Integrated Controller
    "InstallShield_{58E6A969-8215-4ABC-BD73-FCB25EA6F544}" = FormViewer
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "MSPUB4" = Microsoft Publisher 97
    "RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.24
    "Secunia PSI" = Secunia PSI
    "Verizon Help and Support" = Verizon Help and Support Tool
    "Verizon Online DSL_is1" = Verizon Online DSL
    "vol_toolbar" = Verizon Broadband Toolbar
    "WIC" = Windows Imaging Component
    "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
    "Windows XP Service Pack" = Windows XP Service Pack 3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.0.0.320
    "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 12/1/2009 9:12:13 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/1/2009 9:47:34 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/2/2009 3:55:32 AM | Computer Name = ROSALINEMYERS | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 12/2/2009 9:50:40 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/4/2009 9:55:29 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/8/2009 4:55:40 PM | Computer Name = ROSALINEMYERS | Source = MPSampleSubmission | ID = 5000
    Description =

    Error - 12/8/2009 5:35:23 PM | Computer Name = ROSALINEMYERS | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/8/2009 5:35:23 PM | Computer Name = ROSALINEMYERS | Source = Application Hang | ID = 1002
    Description = Hanging application OUTLOOK.EXE, version 11.0.8312.0, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    Error - 12/8/2009 10:02:02 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 12/10/2009 10:09:29 PM | Computer Name = ROSALINEMYERS | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    [ System Events ]
    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:01:59 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:02:01 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:02:01 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:20:25 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7023
    Description = The Application Management service terminated with the following error:
    %%126

    Error - 12/10/2009 2:20:50 PM | Computer Name = ROSALINEMYERS | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    StarOpen


    < End of report >
     
  11. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    Okay, looks like there's still some infected files in there, so can you do this:

    Download ComboFix from one of these locations:

    Link 2
    Link 3


    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


    [​IMG]


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

    eddie
     
  12. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    ComboFix is currently not available to be downloaded - as soon as it is available, I will follow your instructions. Here's the message on their site:

    ComboFix is not available for download until an issue with the program has been resolved. Please be patient while the developer fixes the program and makes it available once again. As more information becomes available, we will update this page.
    DO NOT attempt to download ComboFix from sites other than BleepingComputer.com and Forospyware.com!
    Other sites hosting ComboFix are not authorized mirrors and are hosting outdated copies of ComboFix that contain a bug that may render some machines unbootable. Using unauthorized mirrors of ComboFix puts your computer at risk of not booting again. Please wait for the official version to be fixed and released again.
    We will also announce when ComboFix is available on our Twitter and Facebook pages.
     
  13. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    Yep, its been removed for the moment :(

    off to bed, but I can look at this first thing tomorrow night, as we will have to do things manually ;)
     
  14. eddie5659

    eddie5659 Moderator Malware Specialist

    Joined:
    Mar 19, 2001
    Messages:
    32,640
    Download the HostsXpert 4.2 - Hosts File Manager.
    • Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
    • Run HostsXpert 4.2 - Hosts File Manager from its new home
    • Click on "File Handling".
    • Click on "Restore MS Hosts File".
    • Click OK on the Confirmation box.
    • Click on "Make Read Only?"
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

    ---------


    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

    eddie
     
  15. Rozzy

    Rozzy Thread Starter

    Joined:
    Nov 30, 2009
    Messages:
    40
    Hi Eddie,

    This is a litter scary - I am a beginner and just have an out of the box Dell computer, if it has 'Custom Hosts' - I would not have a clue how to 'replace any of those entries.'

    I am fine with downloading, saving files to c-drive and running them; not -- not good with troubleshooting.

    Is there a way to know about 'Custom Hosts' before I start this step?

    Rozzy
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/882326

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice