Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Unable to access most security web sites to update security

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unable to access most security web sites to update security

Unread postby jmc » March 27th, 2010, 2:54 pm

Over 1 week ago I noticed that security sites could not effect updates to the latest definitions, DB updates, etc. I have run numerous scans, identifying issues such as W32Adware!genr; W32Virtumonde.KEG; Suspicious_Gen.CQSA; W32/Smalltroj.WJEH; along with other strange cookies. Bottom line is that I am unable to clean whatever is causing the problem(s). It appears the tool(s) that might be able to remove are having their web sites effectively blocked and/or search or load is being redirected to what might be a malicious site. Computer runs somewhat slower, but main issue att is lack of control.

I joined the forum and attached are the logs that I understand you wish to review.

I await your directions. I will suspen other actions until I receive directions from your site.

Regards,

John/jmc


This is an update on Monday, March 29, 10. At this time it appears that I can only gain access to the machine in SAFE mode. Also, yesterday, the contents of MY Favorites has been deleted or removed! Please advise as to what actions to take ASAP.


John/jmc


Log from HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:55 PM, on 03/27/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] "C:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: is-EN4G5.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe
O4 - Startup: is-PFKGV.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool\is-PFKGV\startup.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 7479461578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://dlh1.axiscam.net/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{42948577-87F0-4554-90B2-B9F37E053CA0}: NameServer = 93.188.163.158,93.188.166.88
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.158,93.188.166.88
O17 - HKLM\System\CS1\Services\Tcpip\..\{42948577-87F0-4554-90B2-B9F37E053CA0}: NameServer = 93.188.163.158,93.188.166.88
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.158,93.188.166.88
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - (no file)
O23 - Service: McAfee Application Installer Cleanup (0235121215649925) (0235121215649925mcinstcleanup) - - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9de5a8d1ca07a) (gupdate1c9de5a8d1ca07a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (http://www.webroot.com) - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 16372 bytes



%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%


Log of Uninstall:

WILLPower
7-Zip 4.57
Acrobat.com
Acrobat.com
Add/Remove Pro (Freeware)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Age of Mythology
America Online (Choose which version to remove)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Aspell English Dictionary-0.50-2
a-squared Free 4.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avery Wizard 3.1
Avira AntiVir Personal - Free Antivirus
AXIS Media Control Embedded
Bing Maps 3D
BitTorrent 5.0.7
Bonjour
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Business Attorney
calibre
CardRd81
Catalyst Control Center - Branding
CCH Small Firm Services (xulRunner)
CCScore
Chessmaster 9000
Choice Guard
Classic PhoneTools
Comcast Toolbar
COMODO Registry Cleaner 1.0.17.23
Compatibility Pack for the 2007 Office system
Consumer Complete Care Services Agreement
CR2
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
DeductionPro 2005-06
DeductionPro 2006
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Picture Studio v3.0
DellSupport
DesignPro 5.4 Limited Edition
EarthLink setup files
EasyCapture 1.0.0.0
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Eusing Free Registry Cleaner
Family Lawyer 2000
Free Window Registry Repair
Garmin City Navigator Europe 2008
Get High Speed Internet!
Glary Registry Repair 2.8
Glary Utilities 2.15.0.738
GNU Aspell 0.50-3
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block Business 2009 (Remove Only)
H&R Block Illinois 2009
H&R Block Premium + Efile + State 2009
HDView for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 2.0.2
Home & Business Attorney v9
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HouseCall 6.6
InstallMgr
Intel Matrix Storage Manager
Internet Explorer Default Page
iPod for Windows 2005-03-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lagarith Lossless Codec (1.3.19)
Learn2 Player (Uninstall Only)
Legal Search
Malwarebytes' Anti-Malware
Meeting Service Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Deluxe 2005
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Enterprise Network Tools
Microsoft Visio Active Directory Diagramming
Microsoft Visio LDAP Diagramming
Microsoft Visio Network Equipment
Microsoft Visio Novell Directory Services Diagramming
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Toolbar
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MV RegClean 5.0 English
Napster
netbrdg
NetZeroInstallers
Notepad++
Nucleus Kernel Powerpoint Recovery Evaluation Version 4.05.01
OfotoXMI
OGA Notifier 2.0.0048.0
Palm Desktop for 7135
Panda ActiveScan
ParetoLogic Anti-Virus PLUS
Pdf995
Photo Click
PHPNukeEN Toolbar
Picture Package Music Transfer
PowerDVD 5.3
Qualxserve Service Agreement
Quicken 2007
Quickoffice
QuickTime
RealPlayer
Revo Uninstaller 1.85
Revo Uninstaller Pro 2.1.1
Roxio Burn Engine
Roxio DLA
Roxio UDF Reader
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SFR
SFR2
SHASTA
Shockwave
skin0001
SKINXSDK
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Sound Blaster Audigy 2 ZS
Spelling Dictionaries Support For Adobe Reader 9
SPSS 11.0 for Windows Student Version
Spybot - Search & Destroy
Spyware Terminator
staticcr
TaxCut 2004
TaxCut Business 2007 (Remove Only)
TaxCut Business 2008 (Remove Only)
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2005
TaxCut Premium 2006
TD AMERITRADE StrategyDesk 3.1
The Plain-Language Law Dictionary
TweakNow RegCleaner
Unlocker 1.8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
USB Storage Adapter FX (SM1)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebCyberCoach 3.2 Dell
What's Running 2.2
Windows 7 Upgrade Advisor Beta
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinZip
WIRELESS
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

end of unistall list.
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm
Advertisement
Register to Remove

Re: Unable to access most security web sites to update security

Unread postby MWR 3 day Mod » March 31st, 2010, 4:05 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 1st, 2010, 6:47 am

Hi John,

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 1st, 2010, 12:11 pm

Hello Blade81:

I was able to access the Internet only in Safe Mode as the computer eventually hangs if I try to bring it up normal mode. The dds.txt is included, and I did compress the Attach.txt using 7-Zip program. Please let me know what you wish to accomplish next. Sincerely appreciate the assistance as I am about ready to start throwing the frying pan at the machine.

Regards,

John/jmc


DDS.txt

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 10:44:50.68 on Thu 04/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1635 [GMT -5:00]

AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = about:blank
uDefault_Page_URL = hxxp://www.dell4me.com/myway
uSearch Bar = hxxp://bfc.myway.com/search/de_srchlft.html
mSearchAssistant =
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar1.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} -
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar1.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [DellSupport-] "c:\program files\dellsupport\DSAgnt.exe" /startup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [SpywareTerminator] "c:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SpySweeper] "c:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/house ... hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scan ... ProExe.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/ ... 7479461578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://dlh1.axiscam.net/activex/AMC.cab
TCP: NameServer = 93.188.163.158,93.188.166.88
TCP: {42948577-87F0-4554-90B2-B9F37E053CA0} = 93.188.163.158,93.188.166.88
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

============= SERVICES / DRIVERS ===============

R0 CFRMD;cfrmd;c:\windows\system32\drivers\CFRMD.sys [2009-12-6 132424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2009-11-6 29808]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\webrootsecurity\SpySweeper.exe [2009-11-6 4048240]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\webrootsecurity\WRConsumerService.exe [2010-3-26 1201640]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-1-18 11608]
S1 is-EN4G5drv;is-EN4G5drv;c:\windows\system32\drivers\24016446.sys [2010-3-24 148496]
S1 is-PFKGVdrv;is-PFKGVdrv;c:\windows\system32\drivers\17188300.sys [2010-3-24 148496]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-5-14 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-14 66632]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-3-11 142592]
S2 0235121215649925mcinstcleanup;McAfee Application Installer Cleanup (0235121215649925); [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2010-3-25 1858144]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-1-18 135336]
S2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-1-18 267432]
S2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-20 60936]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-5-16 55152]
S2 gupdate1c9de5a8d1ca07a;Google Update Service (gupdate1c9de5a8d1ca07a);c:\program files\google\update\GoogleUpdate.exe [2009-5-26 133104]
S2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.exe [2008-3-8 61526]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2009-12-22 27064]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-14 12872]
S3 utkyodqz;AVZ Kernel Driver; [x]
S4 bcgame;Nostromo HID Device Minidriver; [x]

=============== Created Last 30 ================

2010-03-26 06:05:03 1563008 ----a-w- c:\windows\WRSetup.dll
2010-03-26 06:05:01 0 d-----w- c:\program files\Webroot
2010-03-26 06:05:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-03-25 22:54:53 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-03-25 22:17:27 0 d-----w- c:\program files\Marcos Velasco Security
2010-03-25 06:43:28 0 d-----w- c:\program files\a-squared Free
2010-03-24 23:28:56 148496 ----a-w- c:\windows\system32\drivers\24016446.sys
2010-03-24 23:25:05 148496 ----a-w- c:\windows\system32\drivers\17188300.sys
2010-03-24 16:27:28 0 d-----w- C:\Backups
2010-03-24 01:27:16 311816 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-24 01:27:16 27872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-24 01:27:16 274720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-24 01:27:16 26484768 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-23 16:43:07 0 d-----w- c:\program files\common files\ParetoLogic
2010-03-22 21:37:35 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-22 17:24:56 0 d-----w- c:\program files\TrendMicro
2010-03-22 14:24:47 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-22 14:21:10 0 d-----w- c:\windows\ERUNT
2010-03-22 14:19:49 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-03-22 14:15:58 0 d-----w- C:\SDFix
2010-03-22 05:11:44 0 d-----w- c:\program files\WinClamAVShield
2010-03-21 18:15:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-19 05:23:06 131 ----a-w- c:\windows\CRC.INI

==================== Find3M ====================

2010-03-31 06:45:58 4788654 ----a-w- c:\windows\cscmondump.bin
2010-03-22 17:41:50 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-16 18:24:01 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-19 16:07:16 133414 ----a-w- c:\windows\cscmon.bin
2010-01-07 22:37:36 12552 ----a-w- c:\windows\system32\CSC.exe
2009-11-22 22:03:28 69 ----a-w- c:\program files\lang.ini
2007-06-08 22:24:50 441 ----a-w- c:\program files\regfav.ini
2007-06-08 22:24:50 0 ----a-w- c:\program files\history.txt
2007-06-08 22:24:48 86 ----a-w- c:\program files\autoclean.ini
2007-06-08 22:24:46 4302 ----a-w- c:\program files\exclude.lst
2007-06-08 20:49:20 13634 ----a-w- c:\program files\license.rtf
2007-06-08 20:34:04 531 ----a-w- c:\program files\mycookies.ini
2007-06-08 20:34:02 318 ----a-w- c:\program files\shortarrow.ico
2007-06-08 20:34:00 37376 ----a-w- c:\program files\Order.doc
2007-06-08 19:55:06 3664 ----a-w- c:\program files\RegHist.txt
2004-02-25 14:45:00 2226922 ----a-w- c:\program files\jv16pt_setup1.3.0.195.exe
2003-08-27 20:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
2008-06-11 18:38:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061120080612\index.dat

============= FINISH: 10:45:36.51 ===============


7z¼¯'
You do not have the required permissions to view the files attached to this post.
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 2nd, 2010, 4:39 pm

Hi again,

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

BitTorrent

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

You can uninstall these programs in the Control Panel -> Add/remove Programs. Please do so.

Also, you seem to have multiple antivirus programs installed and running. It's advised to have only one antivirus program installed in same system. Please decide which one you want to keep and uninstall others.



Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 3rd, 2010, 12:53 am

Blade81:

Thank you for the assistance. I think that I am past the worst of my problems. However, there were some glitches, and a few small remaining concerns. I followed your instructions as close as I could.
As I indicated, I could not get the machine to come up in regular mode, thus I had to begin in 'Safe Mode with Networking'. Once I downloaded ComboFix it showed that AntiVira and MS Security Essentials were still executing. I could not shut them down or remove in 'Safe Mode'. The tool continued, loading the MS Recovery Console. After this success, received a message " '*' is not a recognized internal or external command, operating program, or batch file. This did not seem to prevent the tool from continuing. Next received a message PEV.exe - Application error Instruction at "0x0039a3b8" referenced memory at "0x80119a3f1" the memory could not be written. Eventually this message disappeared. The tool continued on displaying Stages 1 - 50; then starting deleting files and folders. This all ran about 20 25 minutes. Next the computer rebooted, and come up in normal state. As this occurred all the normal security and other programs started up. ComboFix's log file was created and is below. All the security tools that had not been able to access their sites obtained their updates. MS Security Essential found Program:Win32/PowerRegScheduler which was removed. MS installed security updates for IE8, Office XP, Windows SP, Excel 03, and E-Mail Junk Filter. SpywareTerminator found a leftover key from Vcatch HKCR\Interface\{A9752C2F2-0791-11D7-B37...}, which was removed. The machine would not continue to run with all the security installed--actually would lock up. I removed Kapersky's Removal Tool, SpySweeper/Webroot, Spybot Search & Destroy, and Avira. I currently have MSSE disabled, and have SuperAntiSpyware and Spyware Terminator running.
My first question is in your recommendation what tool(s) would be best to provide security against most threats. Seond a program called MAchine Debug Manager keeps displaying a box that appears that want some sort of options selected, e.g. dumpjit. Third when I double click on 'My Computer' the machine shows the flashlight while searching to display the physically attached devices. Any suggestions for the latter two issues?


Logfile of ComboFix

ComboFix 10-04-01.02 - John 04/02/10 17:39:45.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1624 [GMT -5:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Microsoft Security Essentials *On-access scanning enabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Webroot AntiVirus with Spy Sweeper *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Application Data\Desktopicon
c:\documents and settings\John\Application Data\Desktopicon\config.ini
c:\documents and settings\John\My Documents\Bkup_Registry_090327.reg
c:\documents and settings\John\My Documents\Bkup_Registry_090519-from-Eusing.reg
c:\progra~1\Webroot\WEBROO~1\Backup\ntSVc.ocx
c:\windows\AppPatch\AcAdProc.dll
c:\windows\Downloaded Program Files\ODCTOOLS

.
((((((((((((((((((((((((( Files Created from 2010-03-02 to 2010-04-02 )))))))))))))))))))))))))))))))
.

2010-04-01 15:59 . 2010-04-01 15:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Notepad++
2010-03-26 06:05 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll
2010-03-26 06:05 . 2010-03-26 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-03-26 06:05 . 2010-03-26 06:05 -------- d-----w- c:\program files\Webroot
2010-03-26 06:05 . 2010-03-26 06:05 -------- d-----w- c:\documents and settings\John\Application Data\Webroot
2010-03-25 23:01 . 2010-03-25 23:01 144472 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 22:54 . 2010-03-25 22:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-25 22:52 . 2010-03-25 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2010-03-25 22:17 . 2010-03-25 22:17 -------- d-----w- c:\program files\Marcos Velasco Security
2010-03-25 17:53 . 2010-03-25 17:53 -------- d-----w- c:\documents and settings\John\DoctorWeb
2010-03-25 06:43 . 2010-03-26 04:17 -------- d-----w- c:\program files\a-squared Free
2010-03-24 23:28 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\24016446.sys
2010-03-24 23:25 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\17188300.sys
2010-03-24 23:23 . 2010-03-24 23:23 -------- d-----w- c:\documents and settings\John\Application Data\Avira
2010-03-24 16:27 . 2010-03-24 16:53 -------- d-----w- C:\Backups
2010-03-24 01:27 . 2010-04-02 22:51 26828832 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-24 01:27 . 2010-03-26 05:12 274720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-23 16:43 . 2010-03-26 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-23 04:32 . 2010-03-23 04:32 -------- d-----w- c:\documents and settings\John\Application DataComodoGroup
2010-03-23 04:32 . 2010-03-23 04:32 -------- d-----w- c:\documents and settings\John\Application Data\ComodoGroup
2010-03-22 21:38 . 2010-03-22 21:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-03-22 21:37 . 2010-03-23 16:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-22 17:24 . 2010-03-22 17:24 -------- d-----w- c:\program files\TrendMicro
2010-03-22 14:24 . 2010-03-22 14:24 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-22 14:21 . 2010-03-26 05:21 -------- d-----w- c:\windows\ERUNT
2010-03-22 14:19 . 2010-03-22 14:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-22 14:15 . 2010-03-26 05:46 -------- d-----w- C:\SDFix
2010-03-22 05:11 . 2010-03-26 05:47 -------- d-----w- c:\program files\WinClamAVShield
2010-03-21 18:15 . 2010-03-25 22:56 -------- d-----w- c:\program files\Alwil Software
2010-03-21 18:15 . 2010-03-25 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-18 12:45 . 2010-03-18 12:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-15 00:17 . 2010-03-15 00:17 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Threat Expert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-02 22:55 . 2010-03-03 17:26 439816 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\setup.exe
2010-04-02 22:47 . 2008-11-10 23:40 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-04-02 22:46 . 2009-12-06 07:55 4858398 ----a-w- c:\windows\cscmondump.bin
2010-04-02 22:30 . 2007-06-21 01:44 -------- d-----w- c:\documents and settings\John\Application Data\BitTorrent
2010-03-30 03:51 . 2010-03-24 01:27 311816 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-28 18:01 . 2005-01-19 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 05:47 . 2009-03-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-03-26 05:12 . 2010-03-24 01:27 27872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-26 05:01 . 2009-08-26 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-26 01:33 . 2010-03-26 01:32 20846064 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-23 15:28 . 2008-07-06 18:37 -------- d-----w- c:\program files\Unlocker
2010-03-23 05:07 . 2010-01-17 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-23 05:04 . 2007-01-13 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-22 21:01 . 2007-01-13 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-22 17:41 . 2008-07-18 22:20 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-22 17:24 . 2010-03-22 17:24 388096 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-22 16:27 . 2009-03-12 04:15 -------- d-----w- c:\program files\Spyware Terminator
2010-03-22 05:12 . 2009-03-12 04:15 -------- d-----w- c:\documents and settings\John\Application Data\Spyware Terminator
2010-03-19 05:01 . 2009-12-06 07:50 -------- d-----w- c:\program files\COMODO
2010-03-18 23:45 . 2010-03-18 23:45 8405312 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 149000 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-18 23:45 . 2010-03-18 23:45 10309448 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 283280 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 181768 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-18 23:44 . 2010-03-18 23:44 79368 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-18 23:44 . 2010-03-18 23:44 64000 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-18 23:44 . 2010-03-18 23:44 52288 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-18 23:44 . 2010-03-18 23:44 50688 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-18 23:44 . 2010-03-18 23:44 49152 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-18 23:44 . 2010-03-18 23:44 118784 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-15 01:04 . 2007-01-13 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-13 15:43 . 2010-01-25 02:47 -------- d-----w- c:\program files\H&R Block Business 2009
2010-03-13 15:43 . 2010-01-25 02:49 -------- d-----w- c:\program files\DeductionPro 2009
2010-03-01 14:05 . 2010-01-18 23:58 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-02-27 15:41 . 2010-02-27 15:40 19485640 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US64016501cupd.exe
2010-02-24 15:16 . 2009-10-15 20:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 22:22 . 2009-05-17 16:45 117760 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-02-18 18:56 . 2007-01-21 06:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-16 18:24 . 2009-09-21 04:29 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-02-15 20:45 . 2010-01-25 02:44 -------- d-----w- c:\program files\HRBlock2009
2010-02-15 01:26 . 2010-01-30 18:40 -------- d-----w- c:\documents and settings\John\Application Data\calibre
2010-02-15 01:23 . 2010-01-30 18:39 -------- d-----w- c:\program files\Calibre2
2010-02-12 23:10 . 2005-01-19 23:57 -------- d-----w- c:\program files\Common Files\Real
2010-02-11 18:40 . 2010-02-11 18:40 1961472 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\IL25012701cupd.exe
2010-02-11 18:40 . 2010-02-11 18:40 18203568 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US57016401cupd.exe
2010-02-06 05:59 . 2005-12-11 23:35 -------- d-----w- c:\program files\Google
2010-02-03 16:29 . 2010-02-03 16:28 -------- d-----w- c:\program files\iTunes
2010-02-03 16:28 . 2005-08-06 17:18 -------- d-----w- c:\program files\iPod
2010-02-03 16:28 . 2007-07-20 13:18 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 16:25 . 2010-02-03 16:24 -------- d-----w- c:\program files\QuickTime
2010-02-03 16:20 . 2010-02-03 16:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 16:17 . 2008-03-22 22:34 -------- d-----w- c:\program files\Safari
2010-02-03 16:14 . 2010-02-03 16:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-01-30 18:48 . 2010-01-30 18:48 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-25 03:01 . 2010-01-25 03:01 2985600 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockIL.exe
2010-01-25 02:57 . 2010-01-25 02:56 15529656 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30025701cupd.exe
2010-01-19 16:07 . 2009-12-22 00:46 133414 ----a-w- c:\windows\cscmon.bin
2010-01-11 17:54 . 2009-12-18 05:20 52224 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 22:37 . 2009-10-27 15:53 12552 ----a-w- c:\windows\system32\CSC.exe
2010-01-07 21:07 . 2010-01-17 01:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2010-01-17 01:05 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 22:03 . 2007-06-08 22:24 69 ----a-w- c:\program files\lang.ini
2007-06-08 22:24 . 2007-06-08 22:24 441 ----a-w- c:\program files\regfav.ini
2007-06-08 22:24 . 2007-06-08 22:24 0 ----a-w- c:\program files\history.txt
2007-06-08 22:24 . 2007-06-08 22:24 86 ----a-w- c:\program files\autoclean.ini
2007-06-08 22:24 . 2007-06-08 22:24 4302 ----a-w- c:\program files\exclude.lst
2007-06-08 20:49 . 2007-06-08 20:49 13634 ----a-w- c:\program files\license.rtf
2007-06-08 20:34 . 2007-06-08 20:34 531 ----a-w- c:\program files\mycookies.ini
2007-06-08 20:34 . 2007-06-08 20:34 318 ----a-w- c:\program files\shortarrow.ico
2007-06-08 20:34 . 2007-06-08 20:34 37376 ----a-w- c:\program files\Order.doc
2007-06-08 19:55 . 2007-06-08 19:55 3664 ----a-w- c:\program files\RegHist.txt
2004-02-25 14:45 . 2004-02-25 14:45 2226922 ----a-w- c:\program files\jv16pt_setup1.3.0.195.exe
2003-08-27 20:19 . 2005-01-23 22:14 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-03-14 05:41 1883672 ----a-w- c:\program files\PHPNukeEN\tbPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-11-06 20:14 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-02-18 2012912]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-22 2166784]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-27 344064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\John\Start Menu\Programs\Startup\
is-EN4G5.lnk - c:\documents and settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe [2010-3-24 65536]
is-PFKGV.lnk - c:\documents and settings\John\Desktop\Virus Removal Tool\is-PFKGV\startup.exe [2010-3-24 65536]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 02:08 450646 ----a-w- c:\windows\SYSTEM32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe\0SsiEfr.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHELPER
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"SM1BG"=c:\windows\SM1BG.EXE
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 CFRMD;cfrmd;c:\windows\SYSTEM32\DRIVERS\CFRMD.sys [12/06/09 2:50 AM 132424]
R0 ssfs0bbc;ssfs0bbc;c:\windows\SYSTEM32\DRIVERS\ssfs0bbc.sys [11/06/09 12:00 PM 29808]
R1 is-PFKGVdrv;is-PFKGVdrv;c:\windows\SYSTEM32\DRIVERS\17188300.sys [03/24/10 6:25 PM 148496]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [05/14/09 2:22 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [05/14/09 2:22 PM 66632]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\SYSTEM32\DRIVERS\sp_rsdrv2.sys [03/11/09 11:15 PM 142592]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [03/25/10 1:43 AM 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [01/18/10 6:58 PM 135336]
R2 PRISMSVC;PRISMSVC;c:\windows\SYSTEM32\PRISMSVC.exe [03/08/08 10:08 AM 61526]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [03/26/10 1:06 AM 1201640]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [05/14/09 2:22 PM 12872]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 is-EN4G5drv;is-EN4G5drv;c:\windows\SYSTEM32\DRIVERS\24016446.sys [03/24/10 6:28 PM 148496]
S2 0235121215649925mcinstcleanup;McAfee Application Installer Cleanup (0235121215649925); [x]
S2 gupdate1c9de5a8d1ca07a;Google Update Service (gupdate1c9de5a8d1ca07a);c:\program files\Google\Update\GoogleUpdate.exe [05/26/09 6:34 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/03/06 7:19 PM 13592]
S3 Revoflt;Revoflt;c:\windows\SYSTEM32\DRIVERS\revoflt.sys [12/22/09 9:48 AM 27064]
S3 utkyodqz;AVZ Kernel Driver; [x]
S4 bcgame;Nostromo HID Device Minidriver; [x]
.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2009-10-28 00:18]

2010-04-02 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-06 21:09]

2010-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-20 23:33]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 23:34]

2010-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 23:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812213888-3250504160-503116755-1007Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:27]

2010-03-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812213888-3250504160-503116755-1007UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:27]

2010-04-02 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
DPF: Microsoft XML Parser for Java
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://dlh1.axiscam.net/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D0523BB4-21E7-11DD-9AB7-415B56D89593} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
MSConfigStartUp-CTFMON - (no file)
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-02 17:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2812213888-3250504160-503116755-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(4892)
c:\windows\system32\WININET.dll
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\windows\system32\taskmgr.exe
.
**************************************************************************
.
Completion time: 2010-04-02 18:05:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-02 23:04

Pre-Run: 78,560,239,616 bytes free
Post-Run: 77,991,874,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AA06C138B46E1BDCAE37D871A3774ED9


=======================

HiJackThis Log from after the correction of problem and delete listing


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:56 PM, on 04/02/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\system32\PRISMSVC.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" (User '?')
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2812213888-3250504160-503116755-1007 Startup: is-EN4G5.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe (User '?')
O4 - Startup: is-EN4G5.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 7479461578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://dlh1.axiscam.net/activex/AMC.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: McAfee Application Installer Cleanup (0235121215649925) (0235121215649925mcinstcleanup) - - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9de5a8d1ca07a) (gupdate1c9de5a8d1ca07a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 14186 bytes



Uninstall Listing

WILLPower
7-Zip 4.57
Acrobat.com
Acrobat.com
Add/Remove Pro (Freeware)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Age of Mythology
America Online (Choose which version to remove)
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Ask Toolbar
Aspell English Dictionary-0.50-2
a-squared Free 4.5
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avery Wizard 3.1
AXIS Media Control Embedded
Bing Maps 3D
Bonjour
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Business Attorney
calibre
CardRd81
Catalyst Control Center - Branding
CCH Small Firm Services (xulRunner)
CCScore
Chessmaster 9000
Choice Guard
Classic PhoneTools
Comcast Toolbar
COMODO Registry Cleaner 1.0.17.23
Compatibility Pack for the 2007 Office system
Consumer Complete Care Services Agreement
CR2
Crawler Toolbar with Web Security Guard
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
DeductionPro 2005-06
DeductionPro 2006
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Picture Studio v3.0
DellSupport
DesignPro 5.4 Limited Edition
EarthLink setup files
EasyCapture 1.0.0.0
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Eusing Free Registry Cleaner
Family Lawyer 2000
Free Window Registry Repair
Garmin City Navigator Europe 2008
Get High Speed Internet!
Glary Registry Repair 2.8
Glary Utilities 2.15.0.738
GNU Aspell 0.50-3
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block Business 2009 (Remove Only)
H&R Block Illinois 2009
H&R Block Premium + Efile + State 2009
HDView for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 2.0.2
Home & Business Attorney v9
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HouseCall 6.6
InstallMgr
Intel Matrix Storage Manager
Internet Explorer Default Page
iPod for Windows 2005-03-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 14
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lagarith Lossless Codec (1.3.19)
Learn2 Player (Uninstall Only)
Legal Search
Malwarebytes' Anti-Malware
Meeting Service Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Deluxe 2005
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Enterprise Network Tools
Microsoft Visio Active Directory Diagramming
Microsoft Visio LDAP Diagramming
Microsoft Visio Network Equipment
Microsoft Visio Novell Directory Services Diagramming
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
MSN
MSN Toolbar
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MV RegClean 5.0 English
Napster
netbrdg
NetZeroInstallers
Notepad++
Nucleus Kernel Powerpoint Recovery Evaluation Version 4.05.01
OfotoXMI
OGA Notifier 2.0.0048.0
Palm Desktop for 7135
Panda ActiveScan
Pdf995
Photo Click
PHPNukeEN Toolbar
Picture Package Music Transfer
PowerDVD 5.3
Qualxserve Service Agreement
Quicken 2007
Quickoffice
QuickTime
RealPlayer
Revo Uninstaller 1.85
Revo Uninstaller Pro 2.1.5
Roxio Burn Engine
Roxio DLA
Roxio UDF Reader
Safari
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SFR
SFR2
SHASTA
Shockwave
skin0001
SKINXSDK
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Sound Blaster Audigy 2 ZS
Spelling Dictionaries Support For Adobe Reader 9
SPSS 11.0 for Windows Student Version
Spyware Terminator
staticcr
TaxCut 2004
TaxCut Business 2007 (Remove Only)
TaxCut Business 2008 (Remove Only)
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2005
TaxCut Premium 2006
TD AMERITRADE StrategyDesk 3.1
The Plain-Language Law Dictionary
TweakNow RegCleaner
Unlocker 1.8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
USB Storage Adapter FX (SM1)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
What's Running 2.2
Windows 7 Upgrade Advisor Beta
Windows Defender
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinZip
WIRELESS
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 3rd, 2010, 5:33 am

Hi,

My first question is in your recommendation what tool(s) would be best to provide security against most threats.

Microsoft security essentials is good and so is Superantispyware too. I'm not familiar with that Spyware Terminator.

Seond a program called MAchine Debug Manager keeps displaying a box that appears that want some sort of options selected, e.g. dumpjit.

Could you provide a screenshot of that box if it still appears after the steps below in this post taken?

Third when I double click on 'My Computer' the machine shows the flashlight while searching to display the physically attached devices.

Let's see the next set of instructions to find out if those help.


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
Suspect::[76]
c:\windows\system32\drivers\24016446.sys
c:\windows\system32\drivers\17188300.sys
Folder::
c:\documents and settings\John\Application Data\BitTorrent



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Check here to see if your Flash is up-to-date (do it separately with each of your browsers). If not, uninstall vulnerable versions by following instructions here. Fresh version can be obtained here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 19.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u19-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.


Uninstall Ask Toolbar if not installed on purpose.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 3rd, 2010, 12:37 pm

Blade81:

Well the day started out not too good as it is raining and in the low 50 degrees F.

I have had multiple problems trying to accomplish what you directed.
First, I download and dropped the script file into ComboFix. As the security was still running, the program did not appear to run correctly. I turned off both SuperAntiSpyware and SpywareTerminator and reran ComboFix. This time it appeared to run properly. It ran through all 50 stages and then deleted the BitTorret folder.
Second, I uninstalled Flash as the version was not current. Then upon trying to install correct version, system stated that MS Windows Installer was not correct version. Went to MicroSoft's site and installed versionn 6.0 as this was the only one that was compatible with current software version of Windows. Tried to reinstall Flash. Now when trying to access the web pages for their download of the software, IE goes into a Windows Tab recovery and then stops with an invalid page. Could not install Flash.
Third, tried several times to obtain the correct version of Java, using their SDM tool to manage the downloads. It appears to be same issue, could observe SDM looping multiple times reconnecting the server in an attempt to download. Gave up!
Fourth, skipped the ASK toolbar for now.
Fifth, downloaded and ran the ATF-Cleaner. This appeared to work okay.
The Machine Debug Manager's message has appeared I think at least twice after the execution of ComboFix.

Major problem is that I am writing this from within SAFE MODE as if I let the computer attempt to come up normally it eventually hangs! Must shutdown using the power button! This has occurred several times.

I have included both the ComboFix log and I just reran HiJAckThis and included its log for review.

Note that ComboFix encountered issues when executing and requested ability to upload info to its site. This was permittted.

Please advise as to next steps.

I am going to try bringing up the machine in normal mode and turn off Spyware Terminator and then SuperAntiSpyWare to see if they are interfearring with each other. Should either prove successful, I will add another post.

I will be checking the Forum for updates throughout the weekend.

Thanks for all the assistance. I appreciate all the help you folks provide.

Regards,

John/jmc


HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:12 AM, on 04/03/10
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\ctbr.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\ctbr.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar1.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: PHPNukeEN Toolbar - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\tbPHP1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [DLA] "C:\WINDOWS\System32\DLA\DLACTRLW.EXE"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] "C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [Google Update] "C:\Documents and Settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c (User '?')
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [SUPERAntiSpyware] "C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" (User '?')
O4 - HKUS\S-1-5-21-2812213888-3250504160-503116755-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-21-2812213888-3250504160-503116755-1007 Startup: is-EN4G5.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe (User '?')
O4 - Startup: is-EN4G5.lnk = C:\Documents and Settings\John\Desktop\Virus Removal Tool1\is-EN4G5\startup.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} (Scanner.SysScanner) - http://i.dell.com/images/global/js/scan ... ProExe.cab
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/ ... 7479461578
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://dlh1.axiscam.net/activex/AMC.cab
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\ctbr.dll
O23 - Service: McAfee Application Installer Cleanup (0235121215649925) (0235121215649925mcinstcleanup) - - (no file)
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Update Service (gupdate1c9de5a8d1ca07a) (gupdate1c9de5a8d1ca07a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PRISMSVC - Conexant Systems, Inc. - C:\WINDOWS\system32\PRISMSVC.EXE
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 12524 bytes


ComboFix log:

ComboFix 10-04-02.01 - John 04/03/10 9:54.2.2 - x86
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\John\Desktop\CFScript.txt
* Created a new restore point

file zipped: c:\windows\SYSTEM32\DRIVERS\24016446.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\John\Application Data\BitTorrent

.
((((((((((((((((((((((((( Files Created from 2010-03-03 to 2010-04-03 )))))))))))))))))))))))))))))))
.

2010-04-03 01:15 . 2010-04-03 01:15 5918776 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-02 23:01 . 2009-10-23 15:28 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-01 15:59 . 2010-04-01 15:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Notepad++
2010-03-26 06:05 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll
2010-03-26 06:05 . 2010-03-26 06:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Webroot
2010-03-26 06:05 . 2010-03-26 06:05 -------- d-----w- c:\program files\Webroot
2010-03-26 06:05 . 2010-03-26 06:05 -------- d-----w- c:\documents and settings\John\Application Data\Webroot
2010-03-26 01:32 . 2010-03-26 01:33 20846064 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
2010-03-25 23:01 . 2010-03-25 23:01 144472 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-25 22:54 . 2010-03-25 22:54 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-03-25 22:52 . 2010-03-25 22:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VS Revo Group
2010-03-25 22:17 . 2010-03-25 22:17 -------- d-----w- c:\program files\Marcos Velasco Security
2010-03-25 17:53 . 2010-03-25 17:53 -------- d-----w- c:\documents and settings\John\DoctorWeb
2010-03-25 06:43 . 2010-03-26 04:17 -------- d-----w- c:\program files\a-squared Free
2010-03-24 23:28 . 2008-07-08 18:54 148496 ----a-w- c:\windows\system32\drivers\24016446.sys
2010-03-24 16:27 . 2010-03-24 16:53 -------- d-----w- C:\Backups
2010-03-24 01:27 . 2010-04-03 15:02 37662752 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-24 01:27 . 2010-03-26 05:12 274720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-23 16:43 . 2010-03-26 05:01 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-03-23 04:32 . 2010-03-23 04:32 -------- d-----w- c:\documents and settings\John\Application DataComodoGroup
2010-03-23 04:32 . 2010-03-23 04:32 -------- d-----w- c:\documents and settings\John\Application Data\ComodoGroup
2010-03-22 21:38 . 2010-03-22 21:38 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth
2010-03-22 21:37 . 2010-03-23 16:49 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-03-22 17:24 . 2010-03-22 17:24 388096 ----a-r- c:\documents and settings\John\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-22 17:24 . 2010-03-22 17:24 -------- d-----w- c:\program files\TrendMicro
2010-03-22 14:24 . 2010-03-22 14:24 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-22 14:21 . 2010-03-26 05:21 -------- d-----w- c:\windows\ERUNT
2010-03-22 14:19 . 2010-03-22 14:19 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-03-22 14:15 . 2010-03-26 05:46 -------- d-----w- C:\SDFix
2010-03-22 05:11 . 2010-04-03 14:31 -------- d-----w- c:\program files\WinClamAVShield
2010-03-21 18:15 . 2010-03-25 22:56 -------- d-----w- c:\program files\Alwil Software
2010-03-21 18:15 . 2010-03-25 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-18 23:45 . 2010-03-18 23:45 8405312 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 149000 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
2010-03-18 23:45 . 2010-03-18 23:45 10309448 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 283280 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\carb\CarboniteSetupLiteRealPreinstaller.exe
2010-03-18 23:45 . 2010-03-18 23:45 181768 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\carb\LaunchHelper.exe
2010-03-18 23:44 . 2010-03-18 23:44 79368 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\vista.exe
2010-03-18 23:44 . 2010-03-18 23:44 64000 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
2010-03-18 23:44 . 2010-03-18 23:44 52288 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
2010-03-18 23:44 . 2010-03-18 23:44 50688 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
2010-03-18 23:44 . 2010-03-18 23:44 49152 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
2010-03-18 23:44 . 2010-03-18 23:44 118784 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
2010-03-18 12:45 . 2010-03-18 12:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2010-03-15 00:17 . 2010-03-15 00:17 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Threat Expert

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-03 14:29 . 2008-11-10 23:40 720 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-04-03 05:04 . 2010-03-24 01:27 404264 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-04-03 05:04 . 2009-12-06 07:55 37779102 ----a-w- c:\windows\cscmondump.bin
2010-04-03 03:46 . 2009-03-12 04:15 -------- d-----w- c:\program files\Spyware Terminator
2010-04-03 01:59 . 2007-01-13 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-03 01:55 . 2007-01-13 20:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-03 01:27 . 2010-01-17 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-02 23:32 . 2009-03-12 04:15 -------- d-----w- c:\documents and settings\John\Application Data\Spyware Terminator
2010-04-02 23:30 . 2009-05-17 16:45 117760 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-04-02 23:27 . 2009-03-12 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2010-04-02 23:18 . 2007-01-21 06:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-04-02 23:18 . 2007-10-20 22:09 -------- d-----w- c:\program files\Crawler
2010-04-02 22:55 . 2010-03-03 17:26 439816 ----a-w- c:\documents and settings\John\Application Data\Real\Update\setup3.10\setup.exe
2010-03-30 05:46 . 2010-01-17 01:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45 . 2010-01-17 01:05 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-28 18:01 . 2005-01-19 23:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-26 05:12 . 2010-03-24 01:27 27872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-26 05:01 . 2009-08-26 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-03-23 15:28 . 2008-07-06 18:37 -------- d-----w- c:\program files\Unlocker
2010-03-22 17:41 . 2008-07-18 22:20 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-03-19 05:01 . 2009-12-06 07:50 -------- d-----w- c:\program files\COMODO
2010-03-15 01:04 . 2007-01-13 21:10 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-03-13 15:43 . 2010-01-25 02:47 -------- d-----w- c:\program files\H&R Block Business 2009
2010-03-13 15:43 . 2010-01-25 02:49 -------- d-----w- c:\program files\DeductionPro 2009
2010-02-27 15:41 . 2010-02-27 15:40 19485640 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US64016501cupd.exe
2010-02-25 06:24 . 2004-08-04 11:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 15:16 . 2009-10-15 20:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-15 20:45 . 2010-01-25 02:44 -------- d-----w- c:\program files\HRBlock2009
2010-02-15 01:26 . 2010-01-30 18:40 -------- d-----w- c:\documents and settings\John\Application Data\calibre
2010-02-15 01:23 . 2010-01-30 18:39 -------- d-----w- c:\program files\Calibre2
2010-02-12 23:10 . 2005-01-19 23:57 -------- d-----w- c:\program files\Common Files\Real
2010-02-11 18:40 . 2010-02-11 18:40 1961472 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\IL25012701cupd.exe
2010-02-11 18:40 . 2010-02-11 18:40 18203568 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US57016401cupd.exe
2010-02-06 05:59 . 2005-12-11 23:35 -------- d-----w- c:\program files\Google
2010-02-03 16:29 . 2010-02-03 16:28 -------- d-----w- c:\program files\iTunes
2010-02-03 16:28 . 2005-08-06 17:18 -------- d-----w- c:\program files\iPod
2010-02-03 16:28 . 2007-07-20 13:18 -------- d-----w- c:\program files\Common Files\Apple
2010-02-03 16:25 . 2010-02-03 16:24 -------- d-----w- c:\program files\QuickTime
2010-02-03 16:20 . 2010-02-03 16:20 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-03 16:17 . 2008-03-22 22:34 -------- d-----w- c:\program files\Safari
2010-02-03 16:14 . 2010-02-03 16:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.21.10\SetupAdmin.exe
2010-01-30 18:48 . 2010-01-30 18:48 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-01-25 03:01 . 2010-01-25 03:01 2985600 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Downloads\HRBlockIL.exe
2010-01-25 02:57 . 2010-01-25 02:56 15529656 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2009\Update\US30025701cupd.exe
2010-01-19 16:07 . 2009-12-22 00:46 133414 ----a-w- c:\windows\cscmon.bin
2010-01-11 17:54 . 2009-12-18 05:20 52224 ----a-w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-07 22:37 . 2009-10-27 15:53 12552 ----a-w- c:\windows\system32\CSC.exe
2009-11-22 22:03 . 2007-06-08 22:24 69 ----a-w- c:\program files\lang.ini
2007-06-08 22:24 . 2007-06-08 22:24 441 ----a-w- c:\program files\regfav.ini
2007-06-08 22:24 . 2007-06-08 22:24 0 ----a-w- c:\program files\history.txt
2007-06-08 22:24 . 2007-06-08 22:24 86 ----a-w- c:\program files\autoclean.ini
2007-06-08 22:24 . 2007-06-08 22:24 4302 ----a-w- c:\program files\exclude.lst
2007-06-08 20:49 . 2007-06-08 20:49 13634 ----a-w- c:\program files\license.rtf
2007-06-08 20:34 . 2007-06-08 20:34 531 ----a-w- c:\program files\mycookies.ini
2007-06-08 20:34 . 2007-06-08 20:34 318 ----a-w- c:\program files\shortarrow.ico
2007-06-08 20:34 . 2007-06-08 20:34 37376 ----a-w- c:\program files\Order.doc
2007-06-08 19:55 . 2007-06-08 19:55 3664 ----a-w- c:\program files\RegHist.txt
2004-02-25 14:45 . 2004-02-25 14:45 2226922 ----a-w- c:\program files\jv16pt_setup1.3.0.195.exe
2003-08-27 20:19 . 2005-01-23 22:14 36963 ------w- c:\program files\Common Files\SM1updtr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-07-17 22:20 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-03-14 05:41 1883672 ----a-w- c:\program files\PHPNukeEN\tbPHP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar1.dll" [2008-07-17 279944]
"{DD02A4EB-4AFD-4D60-99D8-E67F964CA813}"= "c:\program files\PHPNukeEN\tbPHP1.dll" [2009-03-14 1883672]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-27 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE" [2010-04-02 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-03-22 2166784]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-11-07 122940]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-10-27 344064]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-25 61440]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2006-01-19 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-02-12 198160]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PRISMAPI.DLL]
2005-12-23 02:08 450646 ----a-w- c:\windows\SYSTEM32\PRISMAPI.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
"SM1BG"=c:\windows\SM1BG.EXE
"MimBoot"=c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Palm\\HOTSYNC.EXE"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 0235121215649925mcinstcleanup;McAfee Application Installer Cleanup (0235121215649925); [x]
R2 gupdate1c9de5a8d1ca07a;Google Update Service (gupdate1c9de5a8d1ca07a);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 133104]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27064]
R3 utkyodqz;AVZ Kernel Driver; [x]
R4 bcgame;Nostromo HID Device Minidriver; [x]
S0 CFRMD;CFRMD;c:\windows\System32\drivers\cfrmd.sys [2009-10-27 132424]
S1 is-EN4G5drv;is-EN4G5drv;c:\windows\system32\DRIVERS\24016446.sys [2008-07-08 148496]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-18 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-02-18 66632]
S1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [2009-03-12 142592]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2009-10-01 1858144]
S2 PRISMSVC;PRISMSVC;c:\windows\system32\PRISMSVC.EXE [2005-12-23 61526]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-18 12872]

.
Contents of the 'Scheduled Tasks' folder

2010-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-03-27 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2009-10-28 00:18]

2010-04-03 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-06 21:09]

2010-04-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-20 23:33]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 23:34]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-26 23:34]

2010-03-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812213888-3250504160-503116755-1007Core.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:27]

2010-04-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2812213888-3250504160-503116755-1007UA.job
- c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-27 16:27]

2010-04-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-12-09 23:02]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Crawler Search - tbr:iemenu
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\ctbr.dll
DPF: Microsoft XML Parser for Java
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://dlh1.axiscam.net/activex/AMC.cab
.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD} - (no file)
SafeBoot-WRConsumerService



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2812213888-3250504160-503116755-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(848)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3960)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-03 10:04:56
ComboFix-quarantined-files.txt 2010-04-03 15:04
ComboFix2.txt 2010-04-02 23:05

Pre-Run: 80,214,839,296 bytes free
Post-Run: 80,235,888,640 bytes free

- - End Of File - - 0238997153C8416A304D0331F9BD4AA1
Upload was successful
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 3rd, 2010, 3:30 pm

Hi,

The Machine Debug Manager's message has appeared I think at least twice after the execution of ComboFix.

Could you post a screenshot of that message?

Please post fresh dds.txt+attach.txt logs too (to do this, run DDS).
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 3rd, 2010, 5:16 pm

Hi Blade81:

Well for some strange luck things are getting better.

I via the process of elimination and stopping, discovered that if Spyware Terminator was not executing immediately after coming up the machine would not hang. Thus, Spyware Terminator has been removed from the machine. Also, the ASK ToolBar was removed.

The problems with Adobe FLASH was resolved when I accessed something on Comcast. This caused the question in install the most recent version of FLASH and that worked! Also, for some strange reason, I tried to get Java to install and great luck. It is now the correct version and that was verified from Sun's site.

The screen message from Machine Debug Manager occurred again. The screen shot is included. I did some research and there is an option in IE8 to turn off this Debugger. I found the article on MS site. I checked and the box was checked inside IE8. I reapplied and closed the explorer. Funny thing the registry key described is not present in XP.

Also, as you requested both log files from DDS. I am just including both within the body of the message versus an attachment.

Thanks for the assistance. Guess the only outstanding items are: the search(flashlight) when opening my computer or any opening bar, why the message still comes up, and why I seem to get those error loops when trying to download from certain sites. The latter condition is what started the initial problem. However, in that case it was accessing security sites.

Look forward to you next set of instructions. Thanks for all the assistance so far. I would be still suck if you were not guiding me.

Regards,


John/jmc


Logs:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

WILLPower
7-Zip 4.57
a-squared Free 4.5
Acrobat.com
Add/Remove Pro (Freeware)
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Reader 9.3.1
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Age of Mythology
America Online (Choose which version to remove)
AnyTV Free 2.14
AOL Connectivity Services
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Scrapbook
ArcSoft Print Creations - Slimline Card
Aspell English Dictionary-0.50-2
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Catalyst Registration
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Avery Wizard 3.1
AXIS Media Control Embedded
Bing Maps 3D
Bonjour
Broadcom Advanced Control Suite 2
Broadcom Gigabit Integrated Controller
Business Attorney
calibre
CardRd81
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
CCH Small Firm Services (xulRunner)
CCScore
Chessmaster 9000
Choice Guard
Classic PhoneTools
Comcast Toolbar
COMODO Registry Cleaner 1.0.17.23
Compatibility Pack for the 2007 Office system
Consumer Complete Care Services Agreement
CR2
Crawler Toolbar with Web Security Guard
Creative MediaSource
Critical Update for Windows Media Player 11 (KB959772)
Cypress USB Mass Storage Driver Installation
DeductionPro 2005-06
DeductionPro 2006
DeductionPro 2007
DeductionPro 2008
DeductionPro 2009
Dell Digital Jukebox Driver
Dell Driver Download Manager
Dell Driver Reset Tool
Dell Media Experience
Dell Media Experience Update
Dell Picture Studio v3.0
DellSupport
DesignPro 5.4 Limited Edition
EarthLink setup files
EasyCapture 1.0.0.0
eGames GameButler
ERUNT 1.1j
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Eusing Free Registry Cleaner
Family Lawyer 2000
Free Window Registry Repair
Garmin City Navigator Europe 2008
Get High Speed Internet!
Glary Registry Repair 2.8
Glary Utilities 2.15.0.738
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H&R Block Business 2009 (Remove Only)
H&R Block Illinois 2009
H&R Block Premium + Efile + State 2009
HDView for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HiJackThis
HijackThis 2.0.2
Home & Business Attorney v9
Hotfix 2050 for SQL Server 2000 ENU (KB948110)
Hotfix 2055 for SQL Server 2000 ENU (KB960082)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB945060-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HouseCall 6.6
InstallMgr
Intel Matrix Storage Manager
Internet Explorer Default Page
iPod for Windows 2005-03-23
IrfanView (remove only)
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro Studio GDI+ Patch
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition Patch
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java Auto Updater
Java(TM) 6 Update 19
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
Lagarith Lossless Codec (1.3.19)
Learn2 Player (Uninstall Only)
Legal Search
MahJongg Master 6
Malwarebytes' Anti-Malware
McAfee Shredder
Meeting Service Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Default Manager
Microsoft Encarta Encyclopedia Deluxe 2005
Microsoft Flight Simulator 2004 A Century of Flight
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook 2003 with Business Contact Manager Update
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Search Enhancement Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Desktop Engine (MICROSOFTSMLBIZ)
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Text-to-Speech Engine 4.0 (English)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visio Enterprise Network Tools
Microsoft Visio Active Directory Diagramming
Microsoft Visio LDAP Diagramming
Microsoft Visio Network Equipment
Microsoft Visio Novell Directory Services Diagramming
Microsoft Visio Professional 2002 [English]
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Windows XP Video Decoder Checkup Utility
MobileMe Control Panel
Modem Event Monitor
Modem Helper
Modem On Hold
Move Networks Media Player for Internet Explorer
MSN
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB925672)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Musicmatch for Windows Media Player
Musicmatch® Jukebox
MV RegClean 5.0 English
My Way Search Assistant
Napster
netbrdg
NetZeroInstallers
Notepad++
Nucleus Kernel Powerpoint Recovery Evaluation Version 4.05.01
Octoshape add-in for Adobe Flash Player
OfotoXMI
OGA Notifier 2.0.0048.0
Palm Desktop for 7135
Panda ActiveScan
Pdf995
Photo Click
PHPNukeEN Toolbar
Picture Package Music Transfer
PocketMirror 3.1.2 (Standard Edition)
PowerDVD 5.3
Qualxserve Service Agreement
Quicken 2007
Quickoffice
QuickTime
RealPlayer
Revo Uninstaller 1.85
Revo Uninstaller Pro 2.1.5
Roxio Burn Engine
Roxio DLA
Roxio UDF Reader
Safari
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
Segoe UI
SFR
SFR2
SHASTA
Shockwave
skin0001
Skins
SKINXSDK
Solitaire Master 5
Sonic MyDVD
Sonic RecordNow! Plus
Sonic Update Manager
Sony Picture Utility
Sony USB Driver
Sound Blaster Audigy 2 ZS
Spelling Dictionaries Support For Adobe Reader 9
SPSS 11.0 for Windows Student Version
staticcr
TaxCut 2004
TaxCut Business 2007 (Remove Only)
TaxCut Business 2008 (Remove Only)
TaxCut Illinois 2007
TaxCut Illinois 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2005
TaxCut Premium 2006
TD AMERITRADE StrategyDesk 3.1
The Plain-Language Law Dictionary
TweakNow RegCleaner
Unlocker 1.8.6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB 2.0 Wireless LAN Card Utility
USB Storage Adapter FX (SM1)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VPRINTOL
WebFldrs XP
What's Running 2.2
Windows 7 Upgrade Advisor Beta
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Resource Kit Tools - SubInAcl.exe
Windows XP Service Pack 3
WinZip
WIRELESS
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Music Jukebox
Yahoo! Toolbar

==== End Of File ===========================



DDS (Ver_10-03-17.01) - NTFSx86
Run by John at 15:30:08.46 on 04/03/10
Internet Explorer: 8.0.6001.18702

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\crawler\ctbr.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: &Crawler Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\crawler\ctbr.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: PHPNukeEN Toolbar: {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - c:\program files\phpnukeen\tbPHP1.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} -
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [Google Update] "c:\documents and settings\john\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERANTISPYWARE.EXE"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
mRun: [DLA] "c:\windows\system32\dla\DLACTRLW.EXE"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [ArcSoft Connection Service] "c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\john\startm~1\programs\startup\is-en4g5.lnk - c:\documents and settings\john\desktop\virus removal tool1\is-en4g5\startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\kodake~1.lnk - c:\program files\kodak\kodak easyshare software\bin\EasyShare.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe
IE: Crawler Search - tbr:iemenu
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
IE: {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - {552781AF-37E4-4FEE-920A-CED9E648EADD} - c:\program files\common files\microsoft shared\encarta search bar\ENCSBAR.DLL
DPF: Microsoft XML Parser for Java
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} - hxxp://support.dell.com/systemprofiler/SysPro.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/house ... hcImpl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/ ... mv9VCM.CAB
DPF: {362C56AA-6E4F-40C7-A0B5-85501DBDAD77} - hxxp://i.dell.com/images/global/js/scan ... ProExe.cab
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/ ... 7479461578
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://dlh1.axiscam.net/activex/AMC.cab
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\crawler\ctbr.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PRISMAPI.DLL - PRISMAPI.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2010-04-03 15:18:15 0 d-----w- c:\documents and settings\john\.SunDownloadManager
2010-04-03 14:52:51 0 d-----w- C:\ComboFix
2010-04-02 23:01:45 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-04-02 22:34:30 0 d-sha-r- C:\cmdcons
2010-04-02 22:33:34 98816 ----a-w- c:\windows\sed.exe
2010-04-02 22:33:34 77312 ----a-w- c:\windows\MBR.exe
2010-04-02 22:33:34 261632 ----a-w- c:\windows\PEV.exe
2010-04-02 22:33:34 161792 ----a-w- c:\windows\SWREG.exe
2010-03-26 06:05:03 1563008 ----a-w- c:\windows\WRSetup.dll
2010-03-26 06:05:01 0 d-----w- c:\program files\Webroot
2010-03-26 06:05:01 0 d-----w- c:\docume~1\john\applic~1\Webroot
2010-03-26 06:05:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2010-03-25 22:17:27 0 d-----w- c:\program files\Marcos Velasco Security
2010-03-25 17:53:47 0 d-----w- c:\documents and settings\john\DoctorWeb
2010-03-25 06:43:28 0 d-----w- c:\program files\a-squared Free
2010-03-24 23:28:56 148496 ----a-w- c:\windows\system32\drivers\24016446.sys
2010-03-24 16:27:28 0 d-----w- C:\Backups
2010-03-24 01:27:16 540776 --sha-w- c:\windows\system32\drivers\fidbox.idx
2010-03-24 01:27:16 45944864 --sha-w- c:\windows\system32\drivers\fidbox.dat
2010-03-24 01:27:16 27872 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2010-03-24 01:27:16 274720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2010-03-23 16:43:07 0 d-----w- c:\program files\common files\ParetoLogic
2010-03-23 04:32:44 0 d-----w- c:\documents and settings\john\Application DataComodoGroup
2010-03-23 04:32:44 0 d-----w- c:\docume~1\john\applic~1\ComodoGroup
2010-03-22 21:37:35 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-22 17:24:56 0 d-----w- c:\program files\TrendMicro
2010-03-22 14:24:47 578560 ----a-w- c:\windows\system32\dllcache\user32.dll
2010-03-22 14:21:10 0 d-----w- c:\windows\ERUNT
2010-03-22 14:15:58 0 d-----w- C:\SDFix
2010-03-21 18:15:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-03-19 05:23:06 131 ----a-w- c:\windows\CRC.INI

==================== Find3M ====================

2010-04-03 20:22:50 38442738 ----a-w- c:\windows\cscmondump.bin
2010-04-03 19:59:35 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-30 05:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 05:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 17:41:50 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-25 16:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 15:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-01-19 16:07:16 133414 ----a-w- c:\windows\cscmon.bin
2010-01-07 22:37:36 12552 ----a-w- c:\windows\system32\CSC.exe
2009-11-22 22:03:28 69 ----a-w- c:\program files\lang.ini
2007-06-08 22:24:50 441 ----a-w- c:\program files\regfav.ini
2007-06-08 22:24:50 0 ----a-w- c:\program files\history.txt
2007-06-08 22:24:48 86 ----a-w- c:\program files\autoclean.ini
2007-06-08 22:24:46 4302 ----a-w- c:\program files\exclude.lst
2007-06-08 20:49:20 13634 ----a-w- c:\program files\license.rtf
2007-06-08 20:34:04 531 ----a-w- c:\program files\mycookies.ini
2007-06-08 20:34:02 318 ----a-w- c:\program files\shortarrow.ico
2007-06-08 20:34:00 37376 ----a-w- c:\program files\Order.doc
2007-06-08 19:55:06 3664 ----a-w- c:\program files\RegHist.txt
2004-02-25 14:45:00 2226922 ----a-w- c:\program files\jv16pt_setup1.3.0.195.exe
2003-08-27 20:19:18 36963 ------w- c:\program files\common files\SM1updtr.dll
2008-06-11 18:38:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008061120080612\index.dat

============= FINISH: 15:31:08.31 ===============
You do not have the required permissions to view the files attached to this post.
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 4th, 2010, 7:08 am

Hi,

Uninstall all these vulnerable Javas listed:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_03
Java 2 Runtime Environment, SE v1.4.2_06
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Java(TM) SE Runtime Environment 6 Update 1


Run a disk check for your hard drive(s). Then defrag both. For defragging I'd use 3rd party solution. Good commercial ones are PerfectDisk and Diskeeper. Of free options I recommend MyDefrag.

In which situations Machine Debug Manager window pops up?

Are those "certain sites" you are referring there legit ones?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 4th, 2010, 11:21 pm

Hello Blade81:

I was not able to accomplish as much today, as we were celebrating Easter at our daughter's house. Great day, and wonderful food.

First, I have removed all the prior version of the Java environments per your direction. No problems with that.

Second, ran disk check on my D drive and used MyDeFrag with no issues. Tried to run disk check on the 'C' drive and could not! I tried restarting the computer, also did a complete power off and waited 10 seconds, and the message I get from XP is the Windows has opened the disk therefore XP cannot get exclusive access the the drive. I a almost positive that I have run 'Check' on this drive before. It has been some time but had no problem. Is the reason that I now have MS Recovery Console installed? Do I have to run it in 'Safe' mode? Just a note, I generally ran disk cleaner and followed that with system defrag about weekly. Never had problems.

Third, those 'certain' sites are definitely okay, as there were or are the sites that IE8 is being redirected to for updates. Examples include the Adobe site when trying to get the Flash upgraded, and Sun in download of Java 6 19. When this original whatever struck, I could not go to sites for definitions updates from places like Spybot Search & Destroy, the MS download redirection side, etc. IE8 was blocked from going there and I received an error in IE8 trying to access those sites.

Fourth, the display from MDM comes up after each reboot. It had been coming up more frequently that once per session, but I have not experienced that on the last few reboots.

Fifth, still receiving the "flashlight(this is what I call the yellow-red-grey tool that swings back and forth while data is being gathered)" when selecting the My Computer option from the Start menu. It takes 30 seconds before the disk drives are displayed. Also, when working with any files--opening or saving--it takes some time before the command can be executed. Assuming that the file structures are not being saved from start-up.

Last question is can you tell me what exactly caused the original problem on my machine. Did or does it have a name?

Awaiting your next set of instructions. Again thanks for all the assistance! I hope that you had an enjoyable weekend.

Regards,


John/jmc
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 5th, 2010, 6:19 am

Hi John,

Please try to run disk check in safe mode. Having recovery console installed shouldn't affect disk check in any way. I think the flashlight may be connected to this issue.

Let's see that MDM thing. Click start->run->type services.msc and press enter. Do you see Machine Debug Manager service listed? If you do, double click it and in the opened new window set start up type to manual. Apply changes and close the window.
Also, start Internet explorer, click tools->internet options->advanced tab and check that following boxes under browsing category are checked:
-Disable script debugging (Internet Explorer)
-Disable script debugging (Other)


Last question is can you tell me what exactly caused the original problem on my machine. Did or does it have a name?

There was a DNS changer infection there. Of possible causers you may get some hints here.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland

Re: Unable to access most security web sites to update security

Unread postby jmc » April 6th, 2010, 1:21 am

Hi:

The issue with the MDM appears to have gone away. It was found in the services.msc and set to Automatic and was Started. I was changed to Manual and set to stop. Also looked into IE, the box for Internet was checked but not others. This was checked and I have not received any more random displays of MDM since these settings were changed.

In the case of the check, the results are much less good. I tried running MyDrag over night against the C drive. I expected to see a screen with messages of a successful operation like I did on drive D. I did not. It appears that the program terminated abnormally. Continuing on I set the tool command to check the condition of the disk on the next execution of Windows. Restarting the computer, when into the screen where the disk check should run and check, and all I got was the message that "Cannot open the Volume for checking Windows has finished ....". I then tried to set and come up in Safe Mode. Nothing. The system did not even stop at the disk check screen. Then I tried to set the file option to check inside Safe mode and come back up in Safe mode. Again nothing. However, each time the computer came back up in normal mode it passed through the disk check screen but always displayed the same message. Finally, I tried to run "chkdsk" after Start / Run / cmd / okay. In that mode it was able to execute but in read only mode. I tried to use the switches to force offline e.g. "/f /r /x" however again would only do these actions after restart. Even with the "/x" the computer never actually ran the checking portion. However, there is some data that I obtained from the manual executions. On the very first time. the messages cameback stating that it was recovering orphan files WIRED~1.BAK<36030> into directory file 40002. Also recovered wuredir.cab.bak <36030> into directory 40002. Then it entered stage 3 of 3. Next message was when it was verifying the Usn Journal. Stated completed. Next Correcting error in the master file table's <MFT> BITMAP attribute and in the Volume BITMAP. Run check disk with the"/f" option. I ran it a sceond time and receive different messages. This time is stated after the Usn Journal that there was free space marked as allocated.
You might ask why is it that I typed all this data, and it is because ther does not appear to be any easy way to copy the captured screen image from EasyCapture into this forum or into Word, or Notepad and tehn into this forum. Very frustrating. Also, when typing these message, the white entry area keeps bouncing up and down, such that you cannot see what you are typing of what you have typed. This seems to happen after the first 25 line of typing or copied text. Sometime, it stops bouncing but in theis entry it did not.

Please let me know what to try next to get rid of this pain.

Regards,

John/jmc :bounce:
jmc
Active Member
 
Posts: 9
Joined: March 25th, 2010, 7:41 pm

Re: Unable to access most security web sites to update security

Unread postby Blade81 » April 6th, 2010, 5:37 am

Hi John,

Good to hear MDM issue got sorted out.

Since this second issue doesn't seem to be malware related one I recommend you post at forum that deals with general issues too. Such forum would be for example WhatTheTech.

However, before that we have to do something with ComboFix.

Code: Select all
DeQuarantine::
c:\qoobox\quarantine\c\windows\AppPatch\AcAdProc.dll.vir
Quit::



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post DeQuarantine.txt contents.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 70 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware