Author Topic: Need help removing virus/malware/spyware... (Read 17025 times)

YJCruz · « **on:** May 27, 2011, 01:44:16 PM »

Hello there,

I updated to internet explorer 8, immediately after downloading it I got a warning from what appeared to be Microsoft Security that my anti-virus/security was expired. When I was on line I could not do anything because of the security warnings. I ended up purchasing the program downloading it and now I can not open any applications. The billing on my credit card is from supersecuremail.com NOT microsoft!

I get the following error message: "Window can not access the specified device, path, or file. You may not have the proper permissions to access the item." I can only access the internet and open word/excel files thru my recent documents. Any help would be appreciated, thanks.

SuperDave · « **Reply #1 on:** May 27, 2011, 04:51:15 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
************************************************************

Quote

Microsoft Security that my anti-virus/security was expired.

That is a rogue.
Let's try this to get rid of it. Boot in Safe Mode with NetWorking. Download, install and run a scan with MBAM. Re-boot in Normal Mode and run another scan and post the log here.
Safe Mode

Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
Please save the log to a location you will remember.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

YJCruz · « **Reply #2 on:** May 28, 2011, 05:17:05 PM »

Hi Dave,

Unfortunately I did not get very far. I booted in safe mode but was not able to run the scan, when I double click on the program mbam nothing happens... also I can not access the internet in safe mode.

SuperDave · « **Reply #3 on:** May 28, 2011, 06:12:48 PM »

Quote

when I double click on the program mbam nothing happens

Did you try right-clicking on MBAM and selecting Run?

Please try running this scan. In Safe mode, if you have to.

Download OTL to your desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* When the window appears, underneath Output at the top change it to Minimal Output.
* Check the boxes beside LOP Check and Purity Check.
* Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy and pate the contents of these files, one at a time, into your next reply.

Note: You may need two or more posts to fit them all in.

YJCruz · « **Reply #4 on:** May 28, 2011, 07:14:44 PM »

Here is the OTL:

OTL logfile created on: 5/28/2011 9:02:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Yessenia\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.20 Mb Total Physical Memory | 774.02 Mb Available Physical Memory | 76.32% Memory free
2.39 Gb Paging File | 2.29 Gb Available in Paging File | 95.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.98 Gb Free Space | 36.92% Space Free | Partition Type: NTFS

Computer Name: YESSENIACRUZ | User Name: Yessenia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Yessenia\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Yessenia\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (ATTRcAppSvc) -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe (SmithMicro Inc.)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\Dell\Digital TV\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\Dell\Digital TV\Kernel\TV\TVESched.exe ()
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (PCTINDIS5) -- C:\WINDOWS\system32\PCTINDIS5.sys (Smith Micro Inc.)
DRV - (swmsflt) -- C:\WINDOWS\System32\drivers\swmsflt.sys ()
DRV - (SWNC8UA3) Sierra Wireless MUX NDIS Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swnc8ua3.sys (Sierra Wireless Inc.)
DRV - (SWUMXA3) Sierra Wireless USB MUX Driver (UMTSA3) -- C:\WINDOWS\system32\drivers\swumxa3.sys (Sierra Wireless Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (hcw95bda) -- C:\WINDOWS\system32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (OA012Vid) -- C:\WINDOWS\system32\drivers\OA012Vid.sys (Creative Technology Ltd.)
DRV - (OA012Ufd) -- C:\WINDOWS\system32\drivers\OA012Ufd.sys (Creative Technology Ltd.)
DRV - (EMSC) -- C:\WINDOWS\system32\DRIVERS\EMSC.SYS (Windows (R) Codename Longhorn DDK provider)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corp.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (IntcHdmiAddService) Intel(R) -- C:\WINDOWS\system32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (OA012Afx) -- C:\WINDOWS\system32\drivers\OA012Afx.sys (Creative Technology Ltd.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs Inc.)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?mtmhp=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [BTMeter] C:\Program Files\Battery Meter\BTMeter.exe (Dell)
O4 - HKLM..\Run: [CapsLKNotify] C:\Program Files\CapsLKNotify\CapsLKNotify.exe (Compal Electronics, Inc)
O4 - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: [LockStatusTray] C:\WINDOWS\LockStatusTray.exe (Logitech, Inc.)
O4 - HKLM..\Run: [PersistenceThread] C:\WINDOWS\system32\PersistenceThread.exe (Intel Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [TVEService] C:\Program Files\Dell\Digital TV\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WSED] C:\Program Files\WSED\WSED.exe (Dell)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - File not found
O15 - HKCU\..Trusted Domains: hilton.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hilton.com ([]* in Trusted sites)
O16 - DPF: {23843D23-7065-442B-B30D-084B5F20EC89} https://hlbfs.hilton.com/cis/hlbfs/Revenue/HlbfsFoodRevenue.CAB (HlbfsFoodRevenue.ctlHlbfsFoodRev)
O16 - DPF: {51BC61E6-45F2-11D5-93DD-0004AC152B66} https://hlbfs.hilton.com/cis/hlbfs/Labor/HlbfsLaborByCovers.CAB (HLBFSLaborByCovers.ctlHlbfsCoverLabor)
O16 - DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} https://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB (ReportViewerCtl.ctlReportViewer)
O16 - DPF: {5D5971B4-64EC-11D5-93DD-0004AC152B66} https://hlbfs.hilton.com/cis/hlbfs/Labor/HlbfsProductivityLabor.CAB (HlbfsProdLabor.ctlHlbfsProdLabor)
O16 - DPF: {65F0B146-F8FF-41D6-8349-DFC03B285EC9} https://hlbfs.hilton.com/cis/hlbfs/Reports/HlbfsReporting.CAB (HlbfsReporting.ctlReporting)
O16 - DPF: {7ED81BA9-8803-4468-A4D6-5DBE726F6C3D} https://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsOtherRevExp.CAB (HlbfsOtherRevExp.ctlHlbfsOre)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F2C3220A-9A1A-4BEB-9F40-7EB957476698} https://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsDailyExpense.CAB (HlbfsDailyExpense.ctlHlbfsDailyExpense)
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} https://wc.wachovia.com/common/cab/ikcntrls.cab (Ikonic Menu Control)
O16 - DPF: {F54E842D-B04B-4A2C-953A-FC5D69909B84} https://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsQuickORE.CAB (HlbfsQuickORE.ctlHlbfsQuickORE)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igdlogin: DllName - igdlogin.dll - C:\WINDOWS\System32\igdlogin.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Yessenia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Yessenia\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/03 16:47:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe" -a "%1" %* ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe" -a "%1" %* ()

========== Files/Folders - Created Within 30 Days ==========

[2011/05/28 20:19:31 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Yessenia\Desktop\OTL.exe
[2011/05/27 19:33:04 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yessenia\Desktop\mbam-setup.exe
[2011/05/27 19:11:06 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/27 15:26:56 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Yessenia\Desktop\ccsetup307.exe
[2011/05/24 19:23:35 | 000,765,728 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Yessenia\Desktop\Mats_Run.WinSecurity.exe
[2011/05/22 21:53:49 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Yessenia\IECompatCache
[2011/05/18 13:58:27 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Yessenia\PrivacIE
[2011/05/18 13:53:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Yessenia\IETldCache
[2011/05/18 13:49:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2011/05/18 13:47:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\WBEM
[2011/05/18 13:45:03 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/18 13:45:02 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2011/05/13 22:17:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2011/05/13 22:17:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2011/05/13 22:17:40 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2011/05/13 22:17:38 | 001,985,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2011/05/13 22:17:36 | 011,076,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/28 21:04:00 | 000,314,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/28 21:04:00 | 000,040,836 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/28 21:00:24 | 000,016,418 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\6d7d5motd41x2e61e1p8qm540bi2e431c3862cb3v537
[2011/05/28 21:00:23 | 000,016,418 | -HS- | M] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\6d7d5motd41x2e61e1p8qm540bi2e431c3862cb3v537
[2011/05/28 21:00:05 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/28 20:59:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/28 20:32:00 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/28 20:19:32 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Yessenia\Desktop\OTL.exe
[2011/05/28 19:04:18 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1BCC0500-BC47-4452-B510-AD81E0860B46}.job
[2011/05/28 19:02:49 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/05/28 19:02:06 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/27 19:33:04 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Yessenia\Desktop\mbam-setup.exe
[2011/05/27 19:16:19 | 000,001,857 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/05/27 15:27:03 | 003,096,424 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Yessenia\Desktop\ccsetup307.exe
[2011/05/24 19:23:41 | 000,765,728 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Yessenia\Desktop\Mats_Run.WinSecurity.exe
[2011/05/24 19:04:00 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\Yessenia\Desktop\X.lnk
[2011/05/21 21:35:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/18 18:27:54 | 000,016,658 | -HS- | M] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\fw30up2v68677sqcsg8f47q51lob3s26n206ah0r8e
[2011/05/18 18:27:54 | 000,016,658 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fw30up2v68677sqcsg8f47q51lob3s26n206ah0r8e
[2011/05/18 18:25:17 | 001,671,168 | -HS- | M] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe
[2011/05/18 13:53:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Yessenia\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/05/18 13:48:19 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/13 21:54:18 | 000,105,028 | ---- | M] () -- C:\Documents and Settings\Yessenia\Desktop\dmr_standard.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/27 19:16:19 | 000,001,857 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MSN Installer.lnk
[2011/05/22 21:53:45 | 000,000,428 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1BCC0500-BC47-4452-B510-AD81E0860B46}.job
[2011/05/18 18:27:53 | 000,016,418 | -HS- | C] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\6d7d5motd41x2e61e1p8qm540bi2e431c3862cb3v537
[2011/05/18 18:27:53 | 000,016,418 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\6d7d5motd41x2e61e1p8qm540bi2e431c3862cb3v537
[2011/05/18 18:25:17 | 001,671,168 | -HS- | C] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe
[2011/05/18 17:23:34 | 000,016,658 | -HS- | C] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\fw30up2v68677sqcsg8f47q51lob3s26n206ah0r8e
[2011/05/18 17:23:34 | 000,016,658 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fw30up2v68677sqcsg8f47q51lob3s26n206ah0r8e
[2011/05/13 21:54:18 | 000,105,028 | ---- | C] () -- C:\Documents and Settings\Yessenia\Desktop\dmr_standard.pdf
[2011/04/08 04:30:26 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/30 09:28:40 | 000,040,408 | ---- | C] () -- C:\WINDOWS\System32\drivers\swmsflt.sys
[2010/11/29 02:17:47 | 000,056,664 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/05 12:35:04 | 000,577,536 | ---- | C] () -- C:\WINDOWS\System32\EMSC.DLL
[2010/11/05 12:00:19 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2010/11/05 12:00:19 | 000,025,088 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2010/11/05 12:00:18 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2010/11/05 10:58:19 | 000,004,623 | ---- | C] () -- C:\WINDOWS\System32\lpgun.ini
[2010/11/05 10:57:54 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\igdlogin.dll
[2010/11/05 10:53:50 | 000,000,176 | ---- | C] () -- C:\WINDOWS\System32\drivers\RTHDAEQ0.dat
[2010/11/05 10:52:19 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/05 10:51:54 | 000,000,917 | ---- | C] () -- C:\WINDOWS\System32\CLWatson.ini
[2010/11/05 10:49:03 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2010/11/03 16:51:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/03 16:43:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/03 11:35:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/03 11:33:51 | 000,281,336 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/27 11:34:50 | 000,143,384 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2004/08/27 11:25:14 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,314,508 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,040,836 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/03/30 09:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2011/03/24 06:01:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2011/03/30 09:24:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/02/16 20:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2011/02/16 20:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista32
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vista64
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win732
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Win764
[2010/11/05 12:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\XP32
[2010/11/06 12:51:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/11/07 03:24:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yessenia\Application Data\AT&T
[2011/03/24 06:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yessenia\Application Data\IBMERS
[2010/11/07 03:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Yessenia\Application Data\Sierra Wireless
[2011/05/28 19:04:18 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1BCC0500-BC47-4452-B510-AD81E0860B46}.job

========== Purity Check ==========

< End of report >

YJCruz · « **Reply #5 on:** May 28, 2011, 07:16:29 PM »

Here is the Extras:

OTL Extras logfile created on: 5/28/2011 9:02:08 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Yessenia\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.20 Mb Total Physical Memory | 774.02 Mb Available Physical Memory | 76.32% Memory free
2.39 Gb Paging File | 2.29 Gb Available in Paging File | 95.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 85.98 Gb Free Space | 36.92% Space Free | Partition Type: NTFS

Computer Name: YESSENIACRUZ | User Name: Yessenia | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- C:\Documents and Settings\Yessenia\Local Settings\Application Data\deb.exe ()

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\s
hell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"" =
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\
FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\Digital TV\TVEnhance.exe" = C:\Program Files\Dell\Digital TV\TVEnhance.exe:*:Enabled:CyberLink TVEnhance -- (CyberLink Corp.)
"C:\Program Files\Dell\Digital TV\TVEService.exe" = C:\Program Files\Dell\Digital TV\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell\Digital TV\TVEnhance.exe" = C:\Program Files\Dell\Digital TV\TVEnhance.exe:*:Enabled:CyberLink TVEnhance -- (CyberLink Corp.)
"C:\Program Files\Dell\Digital TV\TVEService.exe" = C:\Program Files\Dell\Digital TV\TVEService.exe:*:Enabled:CyberLink TVEnhance Resident Program -- (CyberLink Corp.)
"C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe" = C:\Program Files\AT&T\Communication Manager\SwiApiMux.exe:*:Enabled:SwiApiMux -- (Sierra Wireless, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{053E51D3-885D-425C-9586-EA5183C4C688}" = Function Keys
"{0D41BD4E-66DB-43E3-95A1-1E5BCEEF2EEC}" = Hauppauge TV Tuner Driver
"{144A1586-E16C-448D-910D-E12ACD65DD98}" = Keyboard Lock Status
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6DC47739-3BB0-4494-A43D-193BF54070AE}" = Cisco Systems VPN Client 4.6.00.0049
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{83957DED-4EB3-48DF-9624-211FB39EE210}" = AT&T Communication Manager
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"{9ACB414D-9347-40B6-A453-5EFB2DB59DFA}" = Sophos Anti-Virus
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = Realtek Card Reader
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = Dell Digital TV
"{E6CB6126-D120-4FB5-9D1B-E2E19003E66C}" = WSED
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11 Application" = Dell Wireless WLAN Card Utility
"Creative OA012" = Integrated Webcam Driver (1.01.01.0116)
"Elantech" = ETDWare PS/2-x86 7.0.4.9_WHQL
"essbaseClient7_0_0Suite" = Essbase Client
"Hauppauge TV Tuner Diagnostics" = Hauppauge TV Tuner Diagnostics (1.2.7076)
"ie8" = Windows Internet Explorer 8
"InstallShield_{543A4F31-9590-416A-A621-42CEB4C6A694}" = Battery Meter
"InstallShield_{90578106-70AF-4198-B9DE-1924FA83B03A}" = CapsLKNotify
"LPCO" = Intel(R) Graphics Media Accelerator 500
"MSNINST" = MSN
"PROPLUS" = Microsoft Office Professional Plus 2007
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.5.0.457

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2011 1:41:12 PM | Computer Name = YESSENIACRUZ | Source = Bonjour Service | ID = 100
Description = 532: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 2/16/2011 9:17:09 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 2/16/2011 9:17:24 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 | ID = 2000
Description = Accepted Safe Mode action : Microsoft Office Excel.

Error - 2/22/2011 10:19:16 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application excel.exe, version 12.0.4518.1014, stamp 45428263,
faulting module kernel32.dll, version 5.1.2600.3541, stamp 49c4f751, debug? 0,
fault address 0x00012a6b.

Error - 2/22/2011 10:19:36 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Excel.

[ OSession Events ]
Error - 2/16/2011 9:16:54 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 2
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/22/2011 10:18:37 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 24
seconds with 0 seconds of active time. This session ended with a crash.

Error - 3/29/2011 9:56:41 PM | Computer Name = YESSENIACRUZ | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 499
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 5/28/2011 6:53:55 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SAVOnAccessControl SAVOnAccessFilter

Error - 5/28/2011 6:54:55 PM | Computer Name = YESSENIACRUZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/28/2011 6:57:20 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/28/2011 6:59:34 PM | Computer Name = YESSENIACRUZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 5/28/2011 7:00:59 PM | Computer Name = YESSENIACRUZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2011 7:04:02 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7023
Description = The Google Software Updater service terminated with the following
error: %%2147942402

Error - 5/28/2011 7:07:14 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

Error - 5/28/2011 9:00:21 PM | Computer Name = YESSENIACRUZ | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/28/2011 9:01:33 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Fips intelppm SAVOnAccessControl SAVOnAccessFilter

Error - 5/28/2011 9:04:57 PM | Computer Name = YESSENIACRUZ | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1460

< End of report >

SuperDave · « **Reply #6 on:** May 29, 2011, 12:06:04 PM »

Are there any changes? Do you now have access to the internet? Can you run MBAM?

* Open OTL
* Copy and Paste the following text in the codebox into the Custom Scans/Fixes window.

Code: [Select]

:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O15 - HKCU\..Trusted Domains: hilton.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: hilton.com  ([]* in Trusted sites)

:Files
C:\WINDOWS\ALCMTR.EXE

:COMMANDS
[resethosts]
[purity]
[emptytemp]
[start explorer]

* Click Run Fix
* OTLI2 may ask to reboot the machine. Please do so if asked.
* Click OK
* A report will open. Copy and Paste that report in your next reply.
*****************************************************
SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.

YJCruz · « **Reply #7 on:** May 30, 2011, 05:00:14 PM »

Hi Dave,

Ok that took a while... below are both the OTL & superantispyware scans. I am able to open applications now and no longer get the error message.

OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
C:\WINDOWS\ALCMTR.EXE moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hilton.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hilton.com\ not found.
========== FILES ==========
File\Folder C:\WINDOWS\ALCMTR.EXE not found.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 829307 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 51226375 bytes

User: Yessenia
->Temp folder emptied: 256620473 bytes
->Temporary Internet Files folder emptied: 347289455 bytes
->Java cache emptied: 8260357 bytes
->Flash cache emptied: 14277 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2142714 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16241564 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2024772381 bytes

Total Files Cleaned = 2,582.00 mb

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\: LSP stack updated.

OTL by OldTimer - Version 3.2.23.0 log created on 05302011_140654

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.Word\~WRS{22D3C9AE-4393-4A47-8A1F-010CF4CA500F}.tmp not found!
File\Folder C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.Word\~WRS{629AD737-EF48-486B-AF8E-D7AD50CE662F}.tmp not found!
File\Folder C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.Word\~WRS{86628CBC-8082-4226-8D19-08F0F2F086A3}.tmp not found!
File\Folder C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.Word\~WRS{C3B5E590-2374-4D79-BF1A-F183ACAE03D9}.tmp not found!
File\Folder C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.Word\~WRS{F6669404-719E-4F2D-ABC5-D267F3907773}.tmp not found!

Registry entries deleted on Reboot...

superantispyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2011 at 06:35 PM

Application Version : 4.51.1000

Core Rules Database Version : 6955
Trace Rules Database Version: 4767

Scan type : Complete Scan
Total Scan Time : 04:11:19

Memory items scanned : 264
Memory threats detected : 0
Registry items scanned : 5272
Registry threats detected : 5
File items scanned : 129782
File threats detected : 158

System.BrokenFileAssociation
   HKCR\.exe
   HKCR\exefile\shell\open\command

Adware.Tracking Cookie
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@reztrack[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][4].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@apmebf[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@lucidmedia[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@pro-market[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][3].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adviva[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adbrite[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@boatbangersxxx[4].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@overture[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@pointroll[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@boatbangersxxx[3].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@clicksense[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@serving-sys[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@cgi-bin[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@specificclick[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@dmtracker[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@myroitracking[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@atdmt[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@fastclick[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@yieldmanager[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@casalemedia[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@2o7[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@advertising[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adxpose[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1022037990[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1022845023[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@superstats[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@tribalfusion[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adinterax[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@interclick[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@tradedoubler[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@clicksor[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1028883159[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@invitemedia[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@media6degrees[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@insightexpressai[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@ero-advertising[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@statcounter[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@realmedia[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adultfriendfinder[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adxpansion[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@doubleclick[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@liveperson[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@boatbangersxxx[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@traveladvertising[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@ru4[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@xiti[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@hitbox[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@findlaw[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@85847196[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@atwola[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@zedo[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@specificmedia[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1071961983[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1066536993[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@roiservice[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@revsci[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@collective-media[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@questionmarket[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1049206532[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@vaccinsexpress[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@lfstmedia[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@burstnet[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@trafficmp[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@mediaplex[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@boatbangersxxx[5].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@naturaltracking[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@clicksense[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1070529794[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@web-stat[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@clickfuse[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@admeld[1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1070954798[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@boatbangersxxx[6].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@eliteresorts[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@adtech[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@62672927[2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@1072728669[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@kontera[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@burstbeacon[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@41893994[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@liveperson[3].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@legolas-media[2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][2].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@anakedguy[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][1].txt
   C:\Documents and Settings\Yessenia\Cookies\yessenia@mediabrandsww[1].txt
   C:\Documents and Settings\Yessenia\Cookies\[email protected][3].txt

Disabled.SecurityCenterOption
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#ANTIVIRUSDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#FIREWALLDISABLENOTIFY
   HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER#UPDATESDISABLENOTIFY

SuperDave · « **Reply #8 on:** May 30, 2011, 05:35:00 PM »

Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.

1) DDS.txt
2) Attach.txt

* Save both logs to your desktop.
* Please copy and paste the entire contents of both logs in your next reply.

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.
******************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

YJCruz · « **Reply #9 on:** May 30, 2011, 06:03:43 PM »

Ok here are the logs:

DDS:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Yessenia at 19:43:30 on 2011-05-30
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.275 [GMT -4:00]
.
AV: Sophos Anti-Virus *Enabled/Updated* {3F13C776-3CBE-4DE9-8BF6-09E5183CA2BD}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Dell\Digital TV\Kernel\TV\TVECapSvc.exe
C:\Program Files\Dell\Digital TV\Kernel\TV\TVESched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Dell\Digital TV\TVEService.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CapsLKNotify\CapsLKNotify.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\WSED\WSED.exe
C:\Program Files\Battery Meter\BTMeter.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\PersistenceThread.exe
C:\WINDOWS\LockStatusTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Sophos\AutoUpdate\almon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Documents and Settings\Yessenia\Local Settings\Temporary Internet Files\Content.IE5\4CZ1ZM9V\dds[1].pif
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/?mtmhp=1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [TVEService] "c:\program files\dell\digital tv\TVEService.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CapsLKNotify] c:\program files\capslknotify\CapsLKNotify.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WSED] c:\program files\wsed\WSED.exe
mRun: [BTMeter] c:\program files\battery meter\BTMeter.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [PersistenceThread] c:\windows\system32\PersistenceThread.exe
mRun: [LockStatusTray] c:\windows\LockStatusTray.exe
mRun: [ETDWare] c:\program files\elantech\ETDCtrl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Sophos AutoUpdate Monitor] c:\program files\sophos\autoupdate\almon.exe
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{6dc47739-3bb0-4494-a43d-193bf54070ae}\Icon3E5562ED7.ico
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: hilton.com
DPF: {23843D23-7065-442B-B30D-084B5F20EC89} - hxxps://hlbfs.hilton.com/cis/hlbfs/Revenue/HlbfsFoodRevenue.CAB
DPF: {51BC61E6-45F2-11D5-93DD-0004AC152B66} - hxxps://hlbfs.hilton.com/cis/hlbfs/Labor/HlbfsLaborByCovers.CAB
DPF: {5C8ACBF0-FE91-11D4-93DD-0004AC152B66} - hxxps://eis.hilton.com/cis/ReportViewer/ReportViewer.CAB
DPF: {5D5971B4-64EC-11D5-93DD-0004AC152B66} - hxxps://hlbfs.hilton.com/cis/hlbfs/Labor/HlbfsProductivityLabor.CAB
DPF: {65F0B146-F8FF-41D6-8349-DFC03B285EC9} - hxxps://hlbfs.hilton.com/cis/hlbfs/Reports/HlbfsReporting.CAB
DPF: {7ED81BA9-8803-4468-A4D6-5DBE726F6C3D} - hxxps://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsOtherRevExp.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F2C3220A-9A1A-4BEB-9F40-7EB957476698} - hxxps://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsDailyExpense.CAB
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://wc.wachovia.com/common/cab/ikcntrls.cab
DPF: {F54E842D-B04B-4A2C-953A-FC5D69909B84} - hxxps://hlbfs.hilton.com/cis/hlbfs/Expense/HlbfsQuickORE.CAB
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igdlogin - igdlogin.dll
AppInit_DLLs: c:\progra~1\sophos\sophos~1\SOPHOS~1.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 EMSC;COMPAL Embedded System Control;c:\windows\system32\drivers\EMSC.sys [2010-11-5 14248]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2010-11-5 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2010-11-5 24064]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2010-10-8 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2010-6-4 97520]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2010-9-21 230640]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2010-10-8 1541360]
R2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\dell\digital tv\kernel\tv\TVECapSvc.exe [2010-11-5 382304]
R2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\dell\digital tv\kernel\tv\TVESched.exe [2010-11-5 189792]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\drivers\ETD.sys [2010-11-5 93952]
R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\drivers\hcw95bda.sys [2010-11-5 572416]
R3 igd;igd;c:\windows\system32\drivers\igxpmp32.sys [2010-11-5 5088896]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-11-5 110080]
R3 OA012Ufd;Creative Camera OA012 Upper Filter Driver;c:\windows\system32\drivers\OA012Ufd.sys [2010-11-5 133472]
R3 OA012Vid;Creative Camera OA012 Function Driver;c:\windows\system32\drivers\OA012Vid.sys [2010-11-5 271328]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2010-11-5 157696]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-10 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-5 1684736]
S3 ATTRcAppSvc;AT&T RcAppSvc;c:\program files\at&t\communication manager\RcAppSvc.exe [2010-7-27 121416]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-11-10 136176]
S3 OA012Afx;Provides a software interface to control audio effects of OA012 camera.;c:\windows\system32\drivers\OA012Afx.sys [2010-11-5 148056]
S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\drivers\rts516xir.sys --> c:\windows\system32\drivers\Rts516xIR.sys [?]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);c:\windows\system32\drivers\swnc8ua3.sys [2009-3-31 197504]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);c:\windows\system32\drivers\swumxa3.sys [2009-5-4 148992]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2003-8-28 189792]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2010-11-5 14976]
.
=============== Created Last 30 ================
.
2011-05-30 18:06:55   --------   d-----w-   C:\_OTL
2011-05-30 17:52:28   --------   d-----w-   c:\documents and settings\yessenia\application data\SUPERAntiSpyware.com
2011-05-30 17:52:28   --------   d-----w-   c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-30 17:52:17   --------   d-----w-   c:\program files\SUPERAntiSpyware
2011-05-23 01:53:49   --------   d-sh--w-   c:\documents and settings\yessenia\IECompatCache
2011-05-18 22:25:17   1671168   --sha-w-   c:\documents and settings\yessenia\local settings\application data\deb.exe
2011-05-18 17:58:27   --------   d-sh--w-   c:\documents and settings\yessenia\PrivacIE
2011-05-18 17:53:06   --------   d-sh--w-   c:\documents and settings\yessenia\IETldCache
2011-05-18 17:49:31   --------   d-----w-   c:\windows\ie8updates
2011-05-18 17:45:03   --------   dc-h--w-   c:\windows\ie8
2011-05-14 02:17:43   599040   -c----w-   c:\windows\system32\dllcache\msfeeds.dll
2011-05-14 02:17:43   55296   -c----w-   c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-14 02:17:42   12800   -c----w-   c:\windows\system32\dllcache\xpshims.dll
2011-05-14 02:17:40   743424   -c----w-   c:\windows\system32\dllcache\iedvtool.dll
2011-05-14 02:17:39   247808   -c----w-   c:\windows\system32\dllcache\ieproxy.dll
2011-05-14 02:17:38   1985536   -c----w-   c:\windows\system32\dllcache\iertutil.dll
2011-05-14 02:17:36   11076096   -c----w-   c:\windows\system32\dllcache\ieframe.dll
.
==================== Find3M ====================
.
2011-04-06 20:20:16   91424   ----a-w-   c:\windows\system32\dnssd.dll
2011-04-06 20:20:16   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2011-04-06 20:20:16   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2011-04-06 20:20:16   107808   ----a-w-   c:\windows\system32\dns-sd.exe
.
============= FINISH: 19:44:43.46 ===============

attach:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/3/2010 4:51:44 PM
System Uptime: 5/30/2011 6:47:32 PM (1 hours ago)
.
Motherboard: Dell Inc. | | 0P374N
Processor: Intel(R) Atom(TM) CPU Z530 @ 1.60GHz | U3E1 | 1596/mhz
Processor: Intel(R) Atom(TM) CPU Z530 @ 1.60GHz | U3E1 | 1596/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 88.247 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP64: 3/6/2011 7:31:01 PM - System Checkpoint
RP65: 3/9/2011 3:53:49 PM - System Checkpoint
RP66: 3/23/2011 5:58:42 PM - System Checkpoint
RP67: 3/24/2011 5:49:04 AM - Removed Apple Application Support
RP68: 3/24/2011 5:54:00 AM - Removed Safari
RP69: 3/24/2011 6:07:59 AM - Removed Apple Mobile Device Support
RP70: 3/29/2011 11:20:07 PM - System Checkpoint
RP71: 3/30/2011 9:21:04 AM - Removed AT&T Communication Manager.
RP72: 3/30/2011 9:23:43 AM - Installed AT&T Communication Manager.
RP73: 3/30/2011 9:28:51 AM - Install LG USB NDIS Driver
RP74: 4/1/2011 10:59:53 AM - System Checkpoint
RP75: 4/8/2011 4:57:14 AM - System Checkpoint
RP76: 4/9/2011 4:16:02 PM - System Checkpoint
RP77: 4/11/2011 5:24:34 AM - System Checkpoint
RP78: 4/12/2011 12:26:14 PM - System Checkpoint
RP79: 4/20/2011 5:27:49 AM - System Checkpoint
RP80: 4/21/2011 4:05:04 PM - System Checkpoint
RP81: 4/27/2011 8:30:49 PM - Removed Apple Application Support
RP82: 4/27/2011 8:56:25 PM - Removed Safari
RP83: 4/27/2011 8:58:49 PM - Removed MobileMe Control Panel
RP84: 5/5/2011 4:38:06 AM - System Checkpoint
RP85: 5/13/2011 10:19:10 PM - Software Distribution Service 3.0
RP86: 5/18/2011 1:46:26 PM - Installed Windows Internet Explorer 8.
RP87: 5/18/2011 1:48:35 PM - Software Distribution Service 3.0
RP88: 5/19/2011 5:39:04 PM - System Checkpoint
RP89: 5/23/2011 10:36:49 PM - System Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
Battery Meter
Bonjour
CapsLKNotify
Cisco Systems VPN Client 4.6.00.0049
Dell Digital TV
Dell Wireless WLAN Card Utility
EMSC
Essbase Client
ETDWare PS/2-x86 7.0.4.9_WHQL
Function Keys
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Hauppauge TV Tuner Diagnostics (1.2.7076)
Hauppauge TV Tuner Driver
High Definition Audio Driver Package - KB888111
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB981793)
Integrated Webcam Driver (1.01.01.0116)
Intel(R) Graphics Media Accelerator 500
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Keyboard Lock Status
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSN
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
QuickTime
Realtek Card Reader
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Safari
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981350)
Security Update for Windows XP (KB982381)
Sophos Anti-Virus
Sophos AutoUpdate
SUPERAntiSpyware
Update for Windows XP (KB898461)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
WSED
.
==== Event Viewer Messages From Past Week ========
.
5/30/2011 2:19:09 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SASDIFSV SASKUTIL SAVOnAccessControl SAVOnAccessFilter
5/28/2011 6:54:55 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/27/2011 7:28:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/27/2011 7:16:10 PM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
5/27/2011 7:12:47 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm SAVOnAccessControl SAVOnAccessFilter
5/27/2011 1:52:59 PM, error: Service Control Manager [7023] - The Google Software Updater service terminated with the following error: %%2147942402
5/23/2011 4:59:39 PM, error: Dhcp [1002] - The IP address lease 10.0.0.130 for the Network Card with network address C417FEB31FD8 has been denied by the DHCP server 184.49.114.129 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================

checkup:

Results of screen317's Security Check version 0.99.12
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Sophos Anti-Virus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
SUPERAntiSpyware
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player
Adobe Reader 9.4.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Sophos Sophos Anti-Virus SAVAdminService.exe
``````````End of Log````````````

SuperDave · « **Reply #10 on:** May 31, 2011, 05:27:08 PM »

Your Windows doesn't have the latest Service Pack 3. Wait until we're finished with the cleanup, then go get the upgrades.

Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
****************************************************
Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.
**************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix

YJCruz · « **Reply #11 on:** June 07, 2011, 02:59:57 PM »

Hi Dave,

I downloaded ComboFix and then manually downloaded windows recovery console. I followed the instructions to drag it over the ComboFix icon which initiated the install. I let it run, it appeared to do a scan then rebooted the computer and nothing else happened. I tried it 4-5 more times and the same thing happened, scan, blue screen came up for an instant, rebooted, and then nothing. What next?

SuperDave · « **Reply #12 on:** June 07, 2011, 05:45:53 PM »

Quote

I downloaded ComboFix and then manually downloaded windows recovery console. I followed the instructions to drag it over the ComboFix icon which initiated the install. I let it run, it appeared to do a scan then rebooted the computer and nothing else happened. I tried it 4-5 more times and the same thing happened, scan, blue screen came up for an instant, rebooted, and then nothing. What next?

ComboFix would have automatically installed the Recovery Console for you. You can look for the log in C:\Combofix folder and look for combo-fix.txt. If you can find it, please run another scan with ComboFix and post the log.

YJCruz · « **Reply #13 on:** June 15, 2011, 07:38:31 PM »

Hello Dave,

Sorry it's taken a while but I've been busy. I tried running the scan again and got the following pop up window:

C:\DOCUME~1\Yessenia\LOCALS~1\Temp\WER15ba.dir00\Mini061011-01.dmp
C:\DOCUME~1\Yessenia\LOCALS~1\Temp\WER15ba.dir00\sysdata.xml

SuperDave · « **Reply #14 on:** June 16, 2011, 04:48:01 PM »

Delete your copy of ComboFix; download a fresh copy, except before you download it, rename it to blackpudding.bat

Navigate to Start --> Run, and enter the following command exactly as shown:

"%userprofile%\desktop\blackpudding.bat" /killall

See if ComboFix will run now

Computer Hope Forum

News:

Author Topic: Need help removing virus/malware/spyware... (Read 17025 times)

YJCruz

Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...

YJCruz

Re: Need help removing virus/malware/spyware...

SuperDave

Re: Need help removing virus/malware/spyware...