Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Virus Redirects all attempts to fix problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Virus Redirects all attempts to fix problem

Unread postby ScSunsFan » May 31st, 2010, 9:21 pm

My wifes computer was hit by a virus courtesy of facebook link. I have removed 3 viruses that were running; webserver.exe, bill108, _lib.dll. Unfortunately, I am still having problems with it redirecting attempts to update microsoft security essentials. The following is her Hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:03:36 PM, on 5/31/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
O1 - Hosts: 85.13.206.114 haksjdi262fsf.com
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - Global Startup: SuperHybridEngine.lnk = ?
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/html - {cf1d114b-3543-4a8d-b3e2-6eacb2df5298} - C:\WINDOWS\default32.dll
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

--
End of file - 6756 bytes
ScSunsFan
Active Member
 
Posts: 3
Joined: May 31st, 2010, 9:05 pm
Top
Advertisement
Register to Remove

Re: Virus Redirects all attempts to fix problem

Unread postby deltalima » June 2nd, 2010, 5:27 am

Hi ScSunsFan,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Virus Redirects all attempts to fix problem

Unread postby ScSunsFan » June 2nd, 2010, 5:37 pm

Thank you so much for your help! Here are the details requested.

Extra

OTL Extras logfile created on: 6/2/2010 3:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 613.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 132.83 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 255.71 Mb Total Space | 254.50 Mb Free Space | 99.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRACY
Current User Name: Tracy Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_USERS\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9322:TCP" = 9322:TCP:*:Enabled:EKDiscovery
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8085:TCP" = 8085:TCP:*:Enabled:MyOKOPort
"80:TCP" = 80:TCP:*:Enabled:webserver
"53:TCP" = 53:TCP:*:Enabled:webserver

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)
"C:\Documents and Settings\Tracy Sanders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Tracy Sanders\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player -- (Octoshape ApS)
"C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe" = C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe:*:Enabled:Kodak.AiO.HomeCenter -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe" = C:\Program Files\Kodak\AiO\Center\Kodak.Statistics.exe:*:Enabled:Kodak.AiO.Statistics -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe" = C:\Program Files\Kodak\AiO\Center\NetworkPrinterDiscovery.exe:*:Enabled:Kodak.AiO.SetupUtility -- (Eastman Kodak Company)
"C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe" = C:\Program Files\Kodak\AiO\Firmware\KodakAiOUpdater.exe:*:Enabled:Kodak.AiO.FwUpdater -- (Eastman Kodak Company)
"C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe" = C:\Documents and Settings\All Users\Application Data\Kodak\Installer\Setup.exe:*:Enabled:Kodak.AiO.Installer -- (KODAK)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0645A454-AD44-4F0D-99CF-6B762735AD1F}" = aioprnt
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{10934A28-0CC6-4B98-A14F-76B3546003AF}" = ksDIP
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{47BACF74-5A07-48BD-BADB-A769550F0F5A}" = FontResizer
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{56BA241F-580C-43D2-8403-947241AAE633}" = center
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail
"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A81100000003}" = Adobe Reader 8.1.1
"{B9BDA46B-2E17-4F43-9D7A-9B1E09A0A4D8}" = Data Sync
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5BDB2A-12F0-4343-8351-21AAEB293990}" = PreReq
"{DE6B7599-D3EF-4436-8836-BAA0B0D7768D}" = aiofw
"{E0F274B7-592B-4669-8FB8-8D9825A09858}" = KODAK AiO Home Center
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FE24086F-3B0C-4C47-A874-97A7B8E2FBBE}" = aioscnnr
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Eee Docking_is1" = Eee Docking 1.3.1.0
"EeePC_1005HA" = EeePC_1005HA Screen Saver
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Essentials" = Microsoft Security Essentials
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/31/2010 8:13:23 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/31/2010 8:13:29 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/31/2010 8:13:42 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/31/2010 8:41:46 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/31/2010 8:41:48 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/31/2010 8:41:53 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/31/2010 9:03:50 PM | Computer Name = TRACY | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402f, P2 endsearch, P3 search, P4 2.1.6519.0,
P5 mpsigdwn.dll, P6 2.1.6519.0, P7 microsoft antimalware (bcf43643-a118-4432-aede-d861fcbcfcde),
P8 NIL, P9 NIL, P10 NIL.

Error - 5/31/2010 9:03:52 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 5/31/2010 9:08:56 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 5/31/2010 8:41:53 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error

Error - 5/31/2010 9:03:50 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%859 Update Stage: %%852

Source
Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803 User: NT AUTHORITY\SYSTEM

Current
Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x8024402f Error description:
An unexpected problem occurred while checking for updates. For information on installing
or troubleshooting updates, see Help and Support.

Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found

Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found

Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found

Error - 5/31/2010 9:08:55 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested
header was not found

Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error

Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error

Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%800 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error

Error - 6/2/2010 2:54:13 PM | Computer Name = TRACY | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 0.0.0.0 Update Source: %%851 Update Stage: %%852

Source
Path: http://go.microsoft.com/fwlink/?LinkID= ... 61FCBCFCDE

Signature
Type: %%801 Update Type: %%803 User: NT AUTHORITY\NETWORK SERVICE Current Engine Version:
Previous Engine Version: 0.0.0.0 Error code: 0x80004005 Error description: Unspecified
error


< End of report >




OTL



OTL logfile created on: 6/2/2010 3:01:05 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,015.00 Mb Total Physical Memory | 613.00 Mb Available Physical Memory | 60.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.12 Gb Total Space | 132.83 Gb Free Space | 92.17% Space Free | Partition Type: NTFS
Drive D: | 255.71 Mb Total Space | 254.50 Mb Free Space | 99.52% Space Free | Partition Type: FAT
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TRACY
Current User Name: Tracy Sanders
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
PRC - c:\Program Files\Microsoft Security Essentials\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\igfxext.exe (Intel Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (captcha) -- C:\WINDOWS\system32\captcha.dll ()
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)
SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (swoko) -- C:\WINDOWS\system32\clbcoko.dll (VoyagerSoft, LLC)


========== Driver Services (SafeList) ==========

DRV - (MpFilter) -- C:\WINDOWS\system32\drivers\MpFilter.sys (Microsoft Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (SRS_PremiumSound_Service) -- C:\WINDOWS\system32\drivers\SRS_PremiumSound_i386.sys ()
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (ql600oko) -- C:\WINDOWS\system32\drivers\mrxoko.sys (F5 Networks)
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 C6 6C FC 11 01 CB 01 [binary data]
IE - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2010/05/31 20:25:17 | 000,000,742 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [Conime] C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4157027243-2821620785-582079427-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Eee PC Seashell_1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/28 01:03:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/31 19:07:47 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/05/31 18:11:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Tracy Sanders\IECompatCache
[2010/05/16 20:08:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010/05/16 20:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2010/04/22 00:02:05 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271908922.exe
[2010/04/21 23:36:44 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010/04/21 23:35:33 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907331.exe
[2010/04/21 23:33:14 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907191.exe
[2010/04/21 23:31:08 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907066.exe
[2010/04/21 23:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tracy Sanders\My Documents\Virus Tools
[2010/04/21 22:53:59 | 000,259,584 | ---- | C] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271904837.exe
[2010/04/01 12:28:41 | 000,231,424 | ---- | C] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270139319.exe
[2010/04/01 08:31:41 | 000,231,424 | ---- | C] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270125097.exe
[2010/03/29 21:20:40 | 000,227,328 | ---- | C] (Agere Systems) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269912038.exe
[2010/03/29 07:55:34 | 000,228,864 | ---- | C] (Syntek America Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269863732.exe
[2010/03/28 18:22:06 | 000,228,864 | ---- | C] (Microsoft Corp.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269814923.exe
[2010/03/27 12:37:12 | 000,227,328 | ---- | C] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269707828.exe
[2010/03/26 20:12:37 | 000,227,328 | ---- | C] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269648751.exe
[2010/03/25 12:47:53 | 000,229,888 | ---- | C] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269535667.exe
[2010/03/25 08:42:04 | 000,229,888 | ---- | C] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269520921.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/06/02 14:52:53 | 000,000,438 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job
[2010/06/02 14:52:10 | 000,000,408 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/06/02 14:51:18 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/02 14:51:18 | 000,442,024 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/02 14:51:18 | 000,071,810 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/02 14:47:11 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/02 14:47:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/02 14:47:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 21:25:15 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Tracy Sanders\NTUSER.DAT
[2010/05/31 21:25:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Tracy Sanders\ntuser.ini
[2010/05/31 21:25:08 | 006,431,250 | -H-- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\IconCache.db
[2010/05/31 20:27:00 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4157027243-2821620785-582079427-1006UA.job
[2010/05/31 20:25:17 | 000,000,742 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/31 19:07:47 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Desktop\HijackThis.lnk
[2010/05/16 20:08:51 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/05/16 20:08:11 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Desktop\Google Chrome.lnk
[2010/04/22 00:07:23 | 000,000,001 | ---- | M] () -- C:\WINDOWS\lgo
[2010/04/22 00:07:06 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271909225.exe
[2010/04/22 00:02:05 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271908922.exe
[2010/04/21 23:40:34 | 000,036,864 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907633.exe
[2010/04/21 23:35:33 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907331.exe
[2010/04/21 23:33:14 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907191.exe
[2010/04/21 23:31:08 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907066.exe
[2010/04/21 22:59:38 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101101529910248.xxe
[2010/04/21 22:59:01 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\captcha.dll
[2010/04/21 22:59:00 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0535049569854.xxe
[2010/04/21 22:53:59 | 000,259,584 | ---- | M] (InterVideo Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271904837.exe
[2010/04/01 12:28:41 | 000,231,424 | ---- | M] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270139319.exe
[2010/04/01 11:07:55 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101120101465198.xxe
[2010/04/01 11:02:55 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270134174.exe
[2010/04/01 08:31:41 | 000,231,424 | ---- | M] (VIA) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270125097.exe
[2010/03/29 21:20:40 | 000,227,328 | ---- | M] (Agere Systems) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269912038.exe
[2010/03/29 08:00:37 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269864034.exe
[2010/03/29 07:55:34 | 000,228,864 | ---- | M] (Syntek America Inc.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269863732.exe
[2010/03/28 18:22:06 | 000,228,864 | ---- | M] (Microsoft Corp.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269814923.exe
[2010/03/28 09:30:40 | 000,225,792 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269783034.exe
[2010/03/27 12:37:12 | 000,227,328 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269707828.exe
[2010/03/26 20:12:37 | 000,227,328 | ---- | M] (Exent Technologies Ltd.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269648751.exe
[2010/03/25 12:47:53 | 000,229,888 | ---- | M] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269535667.exe
[2010/03/25 08:42:04 | 000,229,888 | ---- | M] (Pivotal Corporation.) -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269520921.exe
[2010/03/24 13:21:26 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146114101.xxe
[2010/03/24 13:21:26 | 000,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
[2010/03/24 13:21:26 | 000,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/03/24 13:21:25 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146111103.xxe
[2010/03/24 13:21:23 | 000,000,002 | ---- | M] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\01011201014650115.xxe
[2010/03/21 22:27:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4157027243-2821620785-582079427-1006Core.job
[2010/03/11 23:27:02 | 000,000,375 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/31 19:07:47 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Desktop\HijackThis.lnk
[2010/05/31 18:11:04 | 000,000,438 | -H-- | C] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C1482AEE-FC7E-4A82-BD0A-2B591FC95935}.job
[2010/05/16 20:14:00 | 000,000,408 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/05/16 20:08:51 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk
[2010/04/22 00:07:06 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271909225.exe
[2010/04/21 23:40:34 | 000,036,864 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1271907633.exe
[2010/04/21 22:59:38 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101101529910248.xxe
[2010/04/21 22:59:01 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\captcha.dll
[2010/04/21 22:59:00 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0535049569854.xxe
[2010/04/01 11:07:55 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\0101120101465198.xxe
[2010/04/01 11:02:55 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1270134174.exe
[2010/03/29 08:00:37 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269864034.exe
[2010/03/28 09:30:40 | 000,225,792 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\rdr_1269783034.exe
[2010/03/24 13:21:26 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146114101.xxe
[2010/03/24 13:21:26 | 000,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2010/03/24 13:21:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\lgo
[2010/03/24 13:21:26 | 000,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2010/03/24 13:21:25 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\010112010146111103.xxe
[2010/03/24 13:21:23 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Tracy Sanders\Local Settings\Application Data\01011201014650115.xxe
[2009/05/05 14:13:43 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/05/05 13:16:46 | 000,232,872 | R--- | C] () -- C:\WINDOWS\System32\drivers\SRS_PremiumSound_i386.sys
[2009/05/05 12:03:49 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2009/05/05 12:03:49 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2009/05/05 11:52:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2009/04/28 00:51:49 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/04/28 00:51:36 | 000,020,590 | ---- | C] () -- C:\WINDOWS\default32.dll
< End of report >




GMER


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-02 16:19:07
Windows 5.1.2600 Service Pack 3
Running: 8zevfb07.exe; Driver: C:\DOCUME~1\TRACYS~1\LOCALS~1\Temp\fxtdipog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Tcpip \Device\Udp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \Driver\Tcpip \Device\RawIp mrxoko.sys (Windows product Orbit/F5 Networks)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
ScSunsFan
Active Member
 
Posts: 3
Joined: May 31st, 2010, 9:05 pm
Top

Re: Virus Redirects all attempts to fix problem

Unread postby deltalima » June 3rd, 2010, 5:41 am

Hi ScSunsFan,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O1 - Hosts: 85.13.206.114 haksjdi262fsf.com
O1 - Hosts: 85.13.206.114 uuu20091124.info
O1 - Hosts: 85.13.206.114 u07012010u#com
O1 - Hosts: 85.13.206.115 u07012010u.com

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Upload a File to Virustotal

Please go to Virustotal

Copy/paste this file and path into the white box at the top:
C:\WINDOWS\default32.dll

Press Submit - this will submit the file for testing.
Please wait for all the scanners to finish then copy and paste the results in your next response.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Please post the results from Virustotal and the log from Malwarebytes in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top

Re: Virus Redirects all attempts to fix problem

Unread postby Elrond » June 6th, 2010, 11:39 am

Due to lack of activity this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 156 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index