1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Ie7 keeps opening pages by itself

Discussion in 'Malware and Virus Removal Archive' started by mazaprin, 2010/06/02.

  1. 2010/06/02
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    [Resolved] Ie7 keeps opening pages by itself

    I am following instructions from Ari Slob to post my problem here and upload the DDS log. For antecedents of this problems please refer to my post (on IE section):
    http://www.windowsbbs.com/internet-explorer/93039-ie7-keeps-opening-pages-itself.html
    I have posted this topic on other Forums but to date have received only 1 or 2 replies both simply asking me to run antivirus and antispyware, HijackThis, etc (which I already did to no avail).

    From what I have seen , it seems that 99% of the time problem occurs when using AOL to browse internet and when AOL takes me to some webpage (not all) and the problem starts when I close that webpage and something triggers IE to open itself INSIDE the AOL browser and start opening pages (tabs) to refresh the very same page that I closed until my pc ceases to respond.
    Here is the DDS log:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by HERIBERTO MAZA at 20:00:42.53 on Wed 06/02/2010
    Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2557 [GMT -4:00]

    AV: Norton Security Suite *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
    D:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\AccountLogon\AccountLogon.exe
    D:\Program Files\AOL 9.5\waol.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    D:\Program Files\Weather Watcher Live\ww.exe
    D:\Program Files\WinDates\WinDates.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\WallMaster\wallmast.exe
    D:\Program Files\AOL 9.5\shellmon.exe
    C:\Program Files\Common Files\AOL\1262479731\ee\aolsoftware.exe
    C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Documents and Settings\HERIBERTO MAZA\Desktop\dds.EXE

    ============== Pseudo HJT Report ===============

    uLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.supportforyourpc.com/
    mLocal Page = c:\windows\pchealth\helpctr\system\panels\blank.htm
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - d:\program files\internet download manager\IDMIECC.dll
    BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - d:\program files\techsmith\snagit 7\SnagItBHO.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~1\spybot~1\SDHelper.dll
    BHO: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - Yahoo! IE Services Button
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - d:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - d:\program files\norton security suite\engine\4.2.0.12\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: {b56a7d7d-6927-48c8-a975-17df180c71ac} - PCTools Browser Monitor
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
    TB: 1-Click Answers: {7754c418-f62e-44aa-b169-e719e718bcfd} - c:\progra~1\1-clic~1\ietoolbar\AnswersToolbarU.dll
    TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - d:\program files\techsmith\snagit 7\SnagItIEAddin.dll
    TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
    TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - d:\program files\norton security suite\engine\4.2.0.12\coIEPlg.dll
    TB: {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - No File
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    TB: {AC897D33-1DB7-4151-B425-2DA88D5A6BED} - No File
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: {238D3403-0761-4B4D-851C-050A3A0AC40A} - No File
    TB: {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [Clipboard Buddy] d:\progra~1\clipbo~1\CLIPBO~1.EXE
    uRun: [IDMan] d:\program files\internet download manager\IDMan.exe /onboot
    uRun: [AOL Fast Start] "d:\program files\aol 9.5\AOL.EXE" -b
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [AccountLogon] d:\program files\accountlogon\AccountLogon.exe
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [StartupFaster] "d:\program files\startup faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
    dRunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
    dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
    StartupFolder: c:\docume~1\heribe~1\startm~1\programs\startup\startu~1\onenot~1.lnk - d:\program files\microsoft office\office12\ONENOTEM.EXE
    StartupFolder: c:\docume~1\heribe~1\startm~1\programs\startup\startu~1\proces~1.lnk - d:\program files\processtamer\ProcessTamerTray.exe
    StartupFolder: c:\documents and settings\heriberto maza\start menu\programs\startup\startupfaster\StartupFaster.ini
    StartupFolder: c:\docume~1\heribe~1\startm~1\programs\startup\startu~1\wallma~1.lnk - d:\program files\wallmaster\wallmast.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\hpimag~1.lnk - d:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\startupfaster\StartupFaster.ini
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startu~1\windates.lnk - d:\program files\windates\WinDates.exe
    uPolicies-explorer: NoRecentDocsNetHood = 1 (0x1)
    IE: AccountLogon - c:\windows\al-popup-heriberto maza.html
    IE: Download all links with IDM - d:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - d:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - d:\program files\internet download manager\IEExt.htm
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~1\micros~1\office12\ONBttnIE.dll
    IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021}
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office12\REFIEBAR.DLL
    IE: {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - {EC83A912-7EF4-410D-9CC7-3BDAA709CA71}
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\windows\system32\idmmbc.dll
    DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
    DPF: {116D4961-37BF-4A0A-919E-673A1B2D89A0} - hxxp://www.csdvrs.com/CSDVRS.ocx
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab}
    DPF: {49232000-16E4-426C-A231-62846947304B} - hxxp://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} - hxxp://chat.yahoo.com/cab/yuplapp.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {9732FB42-C321-11D1-836F-00A0C993F125} - hxxp://www.pcpitstop.com/mhLbl.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxdev.dll
    Notify: sunotify - sunotify.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\heribe~1\applic~1\mozilla\firefox\profiles\cbys48ej.default\
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\heriberto maza\application data\idm\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\paypal\paypal plug-in\components\PayPalPlugin.dll
    FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\heriberto maza\application data\move networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\microsoft\office live\npOLW.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
    FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\NPcol308.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: d:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    d:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
    d:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
    d:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
    d:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
    d:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

    ============= SERVICES / DRIVERS ===============

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0402000.00c\symds.sys [2010-6-1 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0402000.00c\symefa.sys [2010-6-1 173104]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [2010-3-23 902432]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20100429.001\BHDrvx86.sys [2010-4-29 537136]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0402000.00c\cchpx86.sys [2010-6-1 501888]
    R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [2009-8-27 9600]
    R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0402000.00c\ironx86.sys [2010-6-1 116784]
    R2 N360;Norton Security Suite;d:\program files\norton security suite\engine\4.2.0.12\ccsvchst.exe [2010-6-1 126392]
    R2 TomTomHOMEService;TomTomHOMEService;d:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-5-7 1051976]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [2010-4-4 41504]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-27 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20100528.003\IDSXpx86.sys [2010-5-28 331640]
    R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100602.002\NAVENG.SYS [2010-6-2 85552]
    R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20100602.002\NAVEX15.SYS [2010-6-2 1347504]
    R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [2002-11-27 6400]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
    S0 Shadow;Shadow;c:\windows\system32\drivers\shadow.sys [2005-1-25 114656]
    S0 stwlfbus;stwlfbus;c:\windows\system32\drivers\stwlfbus.sys --> c:\windows\system32\drivers\stwlfbus.sys [?]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 aawservice;Lavasoft Ad-Aware Service; [x]
    S2 gupdate1c9dd7a8df5dcfe;Google Update Service (gupdate1c9dd7a8df5dcfe);c:\program files\google\update\GoogleUpdate.exe [2009-5-25 133104]
    S3 Ke386IO;Ke386IO; [x]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-6-17 12648]
    S3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
    S3 st3wolf;st3wolf;c:\windows\system32\drivers\st3wolf.sys --> c:\windows\system32\drivers\st3wolf.sys [?]
    S3 TfNetMon;TfNetMon; [x]
    S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\system32\drivers\xe103sp50.sys --> c:\windows\system32\drivers\XE103Sp50.sys [?]
    S4 ThreatFire;ThreatFire; [x]

    =============== Created Last 30 ================

    2010-06-02 01:32:29 0 d-----w- c:\documents and settings\heriberto maza\MyConnection PC
    2010-06-02 01:32:23 45 ----a-w- c:\documents and settings\heriberto maza\MyConnection PC Lite Edition-Path
    2010-05-28 23:50:00 0 d-----w- c:\program files\Yahoo!
    2010-05-28 02:36:08 0 d-----w- c:\docume~1\heribe~1\applic~1\Malwarebytes
    2010-05-28 02:35:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-28 02:35:49 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-28 02:35:49 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-05-26 20:23:11 0 d-----w- c:\program files\common files\xing shared
    2010-05-26 16:18:10 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-05-26 16:18:10 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-05-26 16:18:10 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-05-26 16:18:10 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-05-26 16:18:10 0 d-----w- c:\program files\Symantec
    2010-05-26 16:18:10 0 d-----w- c:\program files\common files\Symantec Shared
    2010-05-26 16:17:50 0 d-----w- c:\windows\system32\drivers\N360
    2010-05-26 16:17:30 0 d-----w- c:\program files\NortonInstaller
    2010-05-26 16:17:30 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller
    2010-05-26 16:16:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
    2010-05-26 15:03:04 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-05-26 15:03:04 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-26 14:22:10 30024 ----a-w- c:\windows\system32\uxtuneup.dll

    ==================== Find3M ====================

    2010-06-02 01:29:31 30601 -c--a-w- c:\documents and settings\heriberto maza\x.exe
    2010-05-28 03:33:25 95792 ----a-w- c:\windows\system32\RW_FileType.dat
    2010-05-28 03:33:25 4648 ----a-w- c:\windows\system32\RW_{343E66BC-392F-11DB-AD91-806D6172696F}.dat
    2010-05-28 03:33:25 4088 ----a-w- c:\windows\system32\RW_{343E66BE-392F-11DB-AD91-806D6172696F}.dat
    2010-05-28 03:33:25 33268 ----a-w- c:\windows\system32\RW_AppData.dat
    2010-05-07 16:06:54 30536 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-07 16:21:23 466944 ----a-w- c:\windows\system32\BSTIEPrintCtl1.dll
    2000-12-12 15:17:40 100432 -c----w- c:\program files\Win2000PPAHotfix.exe
    2009-05-04 20:55:54 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009050420090505\index.dat

    ============= FINISH: 20:01:12.37 ===============
     
  2. 2010/06/02
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Now I am posting the contents of the Attach.txt as instructed:


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8/31/2006 9:41:12 PM
    System Uptime: 6/2/2010 3:16:35 PM (5 hours ago)

    Motherboard: Intel Corporation | | D945GPM
    Processor: Intel(R) Pentium(R) D CPU 3.20GHz | J3E1 | 3200/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 120 GiB total, 73.726 GiB free.
    D: is FIXED (NTFS) - 178 GiB total, 171.493 GiB free.
    E: is CDROM ()
    F: is Removable
    G: is Removable
    H: is Removable
    I: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP467: 5/26/2010 5:40:01 PM - Registry First Aid backup
    RP468: 5/27/2010 9:55:03 AM - Installed 1CLICK DVD COPY
    RP469: 5/29/2010 11:11:07 AM - System Checkpoint
    RP470: 6/1/2010 5:36:21 PM - Installed 1CLICK DVD COPY
    RP471: 6/1/2010 5:37:25 PM - Installed 1CLICK DVD COPY

    ==== Installed Programs ======================


    1-Click Answers
    1000Tour
    1200
    1200_Help
    1200Trb
    1Click DVD Copy 5.8.8.7
    ABF Value Converter
    AccountLogon
    Acronis*True*Image*Home
    Active Disk
    Acubix PicoZip 4.02
    Adobe AIR
    Adobe Customization Wizard 8
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Help Center 2.1
    Adobe Photoshop Elements 5.0
    Adobe Reader 9.3.1
    AiO_Scan
    AiOSoftware
    Amazon Cover Downloader
    AnswerWorks 4.0 Runtime - English
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ArcSoft Camera Suite 1.3
    Audio Advantage Micro Driver
    AudioAdvantageMicro
    Autoplay Repair 2.2.2
    Belarc Advisor 7.2
    BHODemon 2.0.0.23
    Bonjour
    BufferChm
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera WIA Driver
    Canon Camera WIA Driver 6.2.5
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon G.726 WMP-Decoder
    Canon MovieEdit Task for ZoomBrowser EX
    Canon PhotoRecord
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CDCheck
    CleanCache 3.5
    Clipboard Buddy (build1.0.4)
    Codec Pack - All In 1 6.0.3.0
    ConvertXtoDVD 3.2.1.55b
    Copy
    Coupon Printer for Windows
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    CutePDF Writer 2.7
    CyberLink PhotoNow
    CyberLink PowerDirector
    CyberLink PowerProducer
    DeepBurner v1.8.0.224
    Desktop Doctor
    Destinations
    DFX 8 for Windows Media Player
    Director
    Disk Space Recovery Wizard
    Diskeeper 2010
    DocProc
    DocumentViewer
    Download Updater (AOL LLC)
    DVD Identifier
    DVD Region Killer
    DVD Unlocker
    DVD43 v4.6.0
    DVDFab 6.0.1.0 (May 15, 2009)
    eGames GameButler
    Fax
    Font Xplorer 1.2.2
    FontPage 3.0.0
    FontTwister 1.3
    Foxit PDF IFilter
    Foxit Reader
    Free CD to MP3 Converter
    FreshDiagnose
    FreshUI
    GdiplusUpgrade
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Greeting Card Factory 2 Deluxe
    HangARoo v2.052
    Hangman Gold 3.0
    HashTab Shell Extension 1.11 for x32
    HD Tach version 3
    HD Tune 2.51
    Hotfix for Microsoft .NET Framework 3.0 (KB932471)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format SDK (KB902344)
    Hoyle Classic Games II
    HP Diagnostic Assistant
    HP Image Zone 4.2
    HP PSC & OfficeJet 4.2
    HP Software Update
    HP Unload DLL Patch
    HPODiscovery
    HPSystemDiagnostics
    IDT Audio
    iISystem Wiper 2.4.1
    InkSaver
    InstantShare
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Network Connections
    Intel(R) Processor ID Utility
    Internet Download Manager
    iPod for Windows 2005-09-06
    IsoBuster 2.6
    ISODisk 1.1
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    JGoodies JDiskReport 1.2.5
    Jig Jag! Gold 1.3
    Karen's Show Stopper
    KC Softwares VideoInspector
    Labtec® WebCam Driver
    Live Billiards 2
    Living 3D Dolphins Full Screen Saver
    Logitech Audio Echo Cancellation Component
    Logitech QuickCam
    Logitech Video Enumerator
    Logitech® Camera Driver
    Malwarebytes' Anti-Malware
    MaxPasswords (remove only)
    MediaShow 3.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Baseline Security Analyzer 2.1
    Microsoft Choice Guard
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Live Add-in 1.4
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft VC9 runtime libraries
    Microsoft Visual C Runtime
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.6)
    MSN
    MSN Music Assistant
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB954459)
    MVision
    MyConnection PC Lite Edition
    Nextalk6.net Client
    Norton Security Suite
    ooVoo
    overland
    PayPal Plug-In
    PCI SoftV92 Modem
    Pennock's Photo Renamer v1.0
    Photo Story 3 for Windows
    PhotoGallery
    Power2Go 4.0
    PowerDVD
    PowerStarter
    PrintScreen
    Process Tamer 2.08.02
    ProductContext
    QFolder
    QuarkXPress 5.01
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    Realtek Card Reader
    RealUpgrade 1.0
    Recover My Files
    Registry Compressor
    Registry First Aid
    RemoteCapture Task 1.0.2
    Rhapsody Player Engine
    Scan
    SeaTools for Windows
    Secunia PSI
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 9 (KB917734)
    Segoe UI
    ShadowSurfer 2.5
    SkinsHP1
    SmartSound Quicktracks Plugin
    SnagIt 7
    SnapAPI
    SpeedFan (remove only)
    Spelling Dictionaries Support For Adobe Reader 9
    Spybot - Search & Destroy
    Spybot - Search & Destroy 1.5.2.20
    SpywareBlaster 4.2
    Startup Faster!
    SUPERAntiSpyware Free Edition
    Taskbar Shuffle version 2.2
    TeamViewer 5
    TomTom HOME 2.7.3.1894
    TomTom HOME Visual Studio Merge Modules
    TrayApp
    TuneUp Utilities
    TuneUp Utilities Language Pack (en-US)
    Tweak UI
    TypingMaster Pro
    Ultimate Game Pak
    Uniblue DriverScanner 2009
    Uninstall AOL Emergency Connect Utility 1.0
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for 2007 Microsoft Office System (KB981715)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 (KB974561)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    VDownloader 1.12
    VIDEOzilla v2.8
    Viewpoint Media Player
    ViewSonic Monitor Drivers
    VSO CopyToDVD 4
    VSO Inspector 1.3.1.82b
    WallMaster Pro
    Weather Watcher Live
    WebFldrs XP
    WebReg
    WinDates
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Messenger
    Windows Live Upload Tool
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format SDK Hotfix - KB891122
    Windows Media Player 11
    Windows Presentation Foundation
    WordWeb
    X-Fonter 6.1
    XML Paper Specification Shared Components Pack 1.0
    XP Codec Pack
    Xvid 1.1.2 final uninstall
    xVideoServiceThief
    Yahoo! Browser Services
    Yahoo! Internet Mail
    Yahoo! Messenger
    Your Uninstaller! 2010

    ==== Event Viewer Messages From Past Week ========

    6/2/2010 3:19:00 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    6/2/2010 3:19:00 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    6/2/2010 3:17:19 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'SrtETmp' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
    6/1/2010 10:35:34 AM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
    5/28/2010 8:02:55 PM, error: Service Control Manager [7028] - The Cfg Registry key denied access to SYSTEM account programs so the Service Control Manager took ownership of the Registry key.
    5/27/2010 7:32:42 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/27/2010 7:32:41 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    5/27/2010 12:42:29 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    5/26/2010 9:47:34 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Trend Micro Proxy Service service to connect.
    5/26/2010 9:47:34 AM, error: Service Control Manager [7000] - The Trend Micro Proxy Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    5/26/2010 8:36:20 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: TfFsMon TfSysMon
    5/26/2010 8:35:57 PM, error: Service Control Manager [7001] - The Windows Media Player Network Sharing Service service depends on the Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    5/26/2010 8:35:57 PM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the SSDP Discovery Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    5/26/2010 8:32:30 PM, error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:29 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:26 PM, error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    5/26/2010 8:32:25 PM, error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:25 PM, error: Service Control Manager [7034] - The TuneUp Utilities Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:25 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:24 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:23 PM, error: Service Control Manager [7034] - The Pml Driver HPZ12 service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:23 PM, error: Service Control Manager [7034] - The LVCOMSer service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:23 PM, error: Service Control Manager [7034] - The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:23 PM, error: Service Control Manager [7034] - The Diskeeper service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:22 PM, error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:22 PM, error: Service Control Manager [7034] - The Audio Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:22 PM, error: Service Control Manager [7034] - The Adobe Active File Monitor V5 service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:22 PM, error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).
    5/26/2010 8:32:22 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    5/26/2010 10:29:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB978338).
    5/26/2010 10:29:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0xd0000142: Security Update for Windows XP (KB977816).

    ==== End Of File ===========================
     

  3. to hide this advert.

  4. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Malwarebytes before running the scans.***


    STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform Quick Scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    Do NOT use the computer while GMER is running!
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    IMPORTANT! If for some reason GMER refuses to run, try again.
    If it still fails, try to UN-check "Devices" in right pane.
    If still no joy, try to run it from Safe Mode.

    RESTART COMPUTER

    STEP 3. Download HijackThis:
    http://free.antivirus.com/hijackthis/
    by clicking on Installer under Version 2.0.4
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. 2010/06/02
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Here is the Malwarebytes Log from the Quick Scan performed (it found a Troyan but I am not sure it is directly involved in this problem and if so, it may reinstall again but I am up to date on all windows security updates and I use the latest version of Norton Security Suite and also have SpywareBlaster pasively protecting, so I don't know how this troyan slipped into my pc). The next days I will be posting the logs from GMER and HijackThis separately. Thanks for all the help.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4165

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.11

    6/2/2010 11:29:34 PM
    mbam-log-2010-06-02 (23-29-34).txt

    Scan type: Quick scan
    Objects scanned: 137107
    Time elapsed: 7 minute(s), 24 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\minibugtransporter.minibugtransporterx (Adware.Minibug) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Documents and Settings\HERIBERTO MAZA\x.exe (Trojan.KillAV) -> Quarantined and deleted successfully.
     
  6. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK....go on...
     
  7. 2010/06/02
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    I just realized that I got this Trojan this morning when trying to download a graphic volume bar for my pc called (or from) Ehtray.zip (RAR) that I saw in Pc World. inmediatelly after downloading it the Norton Security showed a message saying it had stopped a trojan (don't remember well the name but I believe it was this Trojan.KillAV that tries to kill AntiVirus programs) so Norton I am not sure if I instructed it to remove it or if I just put the downloaded application on the trash bin. I just checked the trash bin and the Ehtray.zip is still there so maybe that's why the Malwarebytes scan found it BUT I don't think this is responsible for the IE problem because I am having this issue since the beginning of May. I just restored the Ehtray.zip from the trash bin and scanned it with Niorton and Malwarebytes and they did not find any virus or anything so I MAY BE MISTAKEN blaming this downloaded application for the Troyan that by mere chance was caught almost at the same time that I downloaded this application (maybe from that website), but I will not install this apllication (as instructed) until later when the PC is completely cleaned.
     
    Last edited: 2010/06/02
  8. 2010/06/02
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    OK...go on...
     
  9. 2010/06/03
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Sorry, I was not successful with GMER. First try, the computer would abruptly reboot after 10-15 minutes into the scan. I then followed the option to uncheck "Devices" but again the PC would abruptly reboot. I then went into Safe Mode and run the scan (with "Devices checked ") and again the PC rebooted when it was scanning the Registry (after finished scanning the SDDT and IAT).

    Let me know if I can proceed with HijackThis or if you have another option to make GMER work.
     
  10. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  11. 2010/06/03
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    I copied the entire ComboFix log and when I pasted it here I got this error message from this Forum. I don't know what images it is talking about I have not included any images, maybe the ComboFix Log have some abreviations similar to the mentioned ones. I don't know what to do or how I can paste the Log here in a way that can be accepted.

    "You have included 10 images in your message. You are limited to using 8 images so please go back and correct the problem and then continue again.
    Images include use of smilies, the BB code [​IMG]
     
  12. 2010/06/03
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    ComboFix 10-06-03.01 - HERIBERTO MAZA 06/03/2010 22:14:01.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3318.2740 [GMT -4:00]
    Running from: c:\documents and settings\HERIBERTO MAZA\Desktop\ComboFix.exe
    AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
    FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\HERIBERTO MAZA\Application Data\.#
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@105C@383470.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@105C@383480.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@105C@383490.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@105C@3834A0.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@17DC@383470.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@17DC@383480.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@17DC@383490.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@17DC@3834A0.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@908@383470.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@908@383480.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@908@383490.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\.#\MBX@908@3834A0.###
    c:\documents and settings\HERIBERTO MAZA\Application Data\inst.exe
    c:\windows\Downloaded Program Files\ODCTOOLS
    c:\windows\system32\BSTIEPrintCtl1.dll
    c:\windows\system32\service
    c:\windows\system32\service\01062009_TIS17_SfFniAU.log
    c:\windows\system32\service\02012010_TIS17_SfFniAU.log
    c:\windows\system32\service\02032009_TIS17_SfFniAU.log
    c:\windows\system32\service\02092009_TIS17_SfFniAU.log
    c:\windows\system32\service\02112008_TIS17_SfFniAU.log
    c:\windows\system32\service\02122008_TIS17_SfFniAU.log
    c:\windows\system32\service\03092009_TIS17_SfFniAU.log
    c:\windows\system32\service\04012010_TIS17_SfFniAU.log
    c:\windows\system32\service\04032010_TIS17_SfFniAU.log
    c:\windows\system32\service\04072009_TIS17_SfFniAU.log
    c:\windows\system32\service\05082009_TIS17_SfFniAU.log
    c:\windows\system32\service\06122008_TIS17_SfFniAU.log
    c:\windows\system32\service\07082009_TIS17_SfFniAU.log
    c:\windows\system32\service\07092009_TIS17_SfFniAU.log
    c:\windows\system32\service\08022009_TIS17_SfFniAU.log
    c:\windows\system32\service\08032010_TIS17_SfFniAU.log
    c:\windows\system32\service\08112008_TIS17_SfFniAU.log
    c:\windows\system32\service\09042010_TIS17_SfFniAU.log
    c:\windows\system32\service\09062009_TIS17_SfFniAU.log
    c:\windows\system32\service\09102009_TIS17_SfFniAU.log
    c:\windows\system32\service\10052009_TIS17_SfFniAU.log
    c:\windows\system32\service\10062009_TIS17_SfFniAU.log
    c:\windows\system32\service\10092009_TIS17_SfFniAU.log
    c:\windows\system32\service\12112009_TIS17_SfFniAU.log
    c:\windows\system32\service\13082009_TIS17_SfFniAU.log
    c:\windows\system32\service\15032010_TIS17_SfFniAU.log
    c:\windows\system32\service\15102009_TIS17_SfFniAU.log
    c:\windows\system32\service\16112009_TIS17_SfFniAU.log
    c:\windows\system32\service\17052009_TIS17_SfFniAU.log
    c:\windows\system32\service\17082009_TIS17_SfFniAU.log
    c:\windows\system32\service\17102009_TIS17_SfFniAU.log
    c:\windows\system32\service\18022010_TIS17_SfFniAU.log
    c:\windows\system32\service\18082009_TIS17_SfFniAU.log
    c:\windows\system32\service\19042009_TIS17_SfFniAU.log
    c:\windows\system32\service\19072009_TIS17_SfFniAU.log
    c:\windows\system32\service\20022010_TIS17_SfFniAU.log
    c:\windows\system32\service\21102008_TIS17_SfFniAU.log
    c:\windows\system32\service\21122008_TIS17_SfFniAU.log
    c:\windows\system32\service\22032010_TIS17_SfFniAU.log
    c:\windows\system32\service\23022010_TIS17_SfFniAU.log
    c:\windows\system32\service\23042009_TIS17_SfFniAU.log
    c:\windows\system32\service\23052009_TIS17_SfFniAU.log
    c:\windows\system32\service\23102009_TIS17_SfFniAU.log
    c:\windows\system32\service\23112009_TIS17_SfFniAU.log
    c:\windows\system32\service\25032009_TIS17_SfFniAU.log
    c:\windows\system32\service\26032009_TIS17_SfFniAU.log
    c:\windows\system32\service\26102008_TIS17_SfFniAU.log
    c:\windows\system32\service\27022010_TIS17_SfFniAU.log
    c:\windows\system32\service\27042009_TIS17_SfFniAU.log
    c:\windows\system32\service\27102009_TIS17_SfFniAU.log
    c:\windows\system32\service\28102008_TIS17_SfFniAU.log
    c:\windows\system32\service\28112009_TIS17_SfFniAU.log
    c:\windows\system32\service\29032009_TIS17_SfFniAU.log
    c:\windows\system32\service\29032010_TIS17_SfFniAU.log
    c:\windows\system32\service\29112008_TIS17_SfFniAU.log
    c:\windows\system32\service\30052009_TIS17_SfFniAU.log
    c:\windows\system32\service\30102009_TIS17_SfFniAU.log
    c:\windows\system32\service\31052009_TIS17_SfFniAU.log
    c:\windows\system32\service\31102009_TIS17_SfFniAU.log

    .
    ((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
    .

    2010-06-02 01:32 . 2010-06-02 01:32 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\MyConnection PC
    2010-05-28 23:53 . 2010-05-28 23:53 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\Yahoo!
    2010-05-28 23:51 . 2010-05-28 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
    2010-05-28 23:51 . 2010-04-20 20:45 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
    2010-05-28 23:50 . 2010-05-28 23:51 -------- d-----w- c:\program files\Yahoo!
    2010-05-28 02:36 . 2010-05-28 02:36 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\Malwarebytes
    2010-05-28 02:35 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-28 02:35 . 2010-05-28 02:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-28 02:35 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-26 20:24 . 2010-05-26 20:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
    2010-05-26 20:24 . 2010-05-26 20:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
    2010-05-26 20:24 . 2010-05-26 20:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
    2010-05-26 20:24 . 2010-05-26 20:24 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
    2010-05-26 20:24 . 2010-05-26 20:24 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
    2010-05-26 20:24 . 2010-05-26 20:24 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
    2010-05-26 20:24 . 2010-05-26 20:24 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
    2010-05-26 20:24 . 2010-05-26 20:24 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    2010-05-26 20:24 . 2010-05-26 20:24 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    2010-05-26 20:23 . 2010-05-26 20:23 -------- d-----w- c:\program files\Common Files\xing shared
    2010-05-26 20:18 . 2010-05-26 20:18 734728 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Real\RealPlayer\setup\AU_setup14.exe
    2010-05-26 16:18 . 2010-05-26 19:13 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2010-05-26 16:18 . 2010-05-26 16:18 -------- d-----w- c:\program files\Symantec
    2010-05-26 16:18 . 2010-05-26 16:18 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
    2010-05-26 16:18 . 2010-05-26 16:18 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2010-05-26 16:17 . 2010-06-01 22:32 -------- d-----w- c:\windows\system32\drivers\N360
    2010-05-26 16:17 . 2010-05-26 16:17 -------- d-----w- c:\program files\Windows Sidebar
    2010-05-26 16:17 . 2010-05-26 16:17 -------- d-----w- c:\program files\NortonInstaller
    2010-05-26 16:17 . 2010-05-26 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2010-05-26 16:16 . 2010-05-26 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
    2010-05-26 15:34 . 2010-05-26 16:01 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Local Settings\Application Data\Trend Micro
    2010-05-26 15:03 . 2010-05-26 15:03 61440 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21e871ec-n\decora-sse.dll
    2010-05-26 15:03 . 2010-05-26 15:03 503808 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1f9644c7-n\msvcp71.dll
    2010-05-26 15:03 . 2010-05-26 15:03 499712 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1f9644c7-n\jmc.dll
    2010-05-26 15:03 . 2010-05-26 15:03 348160 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1f9644c7-n\msvcr71.dll
    2010-05-26 15:03 . 2010-05-26 15:03 12800 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-21e871ec-n\decora-d3d.dll
    2010-05-26 15:03 . 2010-05-26 15:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-26 14:22 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-05-26 10:46 . 2010-05-26 10:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-06-04 02:07 . 2010-04-09 16:52 96560 ----a-w- c:\windows\system32\RW_FileType.dat
    2010-06-04 02:07 . 2010-02-21 16:52 40254 ----a-w- c:\windows\system32\RW_AppData.dat
    2010-06-04 02:07 . 2010-02-21 16:52 4144 ----a-w- c:\windows\system32\RW_{343E66BE-392F-11DB-AD91-806D6172696F}.dat
    2010-06-04 02:07 . 2009-11-23 02:55 636 ----a-w- c:\windows\system32\RW_FileFlag.dat
    2010-06-04 01:58 . 2008-11-08 19:14 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
    2010-06-04 01:26 . 2006-09-02 02:39 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\DMCache
    2010-06-02 01:41 . 2007-02-02 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\1Click DVD Copy
    2010-06-01 23:21 . 2007-06-26 22:55 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\1ClickDVDCopy
    2010-06-01 21:37 . 2007-08-09 21:52 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\Vso
    2010-05-28 03:33 . 2010-04-09 16:52 4648 ----a-w- c:\windows\system32\RW_{343E66BC-392F-11DB-AD91-806D6172696F}.dat
    2010-05-26 21:02 . 2008-08-02 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\WholeSecurity
    2010-05-26 20:24 . 2008-06-30 00:44 -------- d-----w- c:\program files\Common Files\Real
    2010-05-26 20:23 . 2008-09-08 20:28 -------- d-----w- c:\program files\Real
    2010-05-26 16:18 . 2010-05-26 16:18 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
    2010-05-26 16:18 . 2010-05-26 16:18 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
    2010-05-26 15:12 . 2009-05-12 15:57 -------- d-----w- c:\program files\MapQuest Toolbar
    2010-05-26 15:11 . 2009-08-02 14:06 -------- d-----w- c:\program files\Cdcovers
    2010-05-26 15:09 . 2009-03-08 20:17 -------- d-----w- c:\program files\AskBarDis
    2010-05-26 15:05 . 2008-06-19 18:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-05-26 15:03 . 2006-09-01 23:10 -------- d-----w- c:\program files\Common Files\Java
    2010-05-26 14:03 . 2009-04-19 12:13 214448 -c--a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    2010-05-26 14:01 . 2009-05-31 12:51 3200904 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\IDM\idmupdt.exe
    2010-05-26 14:01 . 2006-09-02 03:05 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\IDM
    2010-05-26 10:58 . 2006-09-01 23:11 -------- d-----w- c:\program files\Google
    2010-05-07 16:06 . 2009-10-30 20:40 30536 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-04-11 16:45 . 2006-09-03 02:16 -------- d-----w- c:\documents and settings\HERIBERTO MAZA\Application Data\Apple Computer
    2010-04-11 11:27 . 2006-09-04 05:10 -------- d-----w- c:\documents and settings\ADRIANA MAZA\Application Data\CallingID
    2010-04-10 23:19 . 2010-04-10 23:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
    2010-04-10 23:16 . 2010-04-10 23:16 -------- d-----w- c:\program files\iPod
    2010-04-10 23:16 . 2007-08-06 19:39 -------- d-----w- c:\program files\Common Files\Apple
    2010-04-10 22:58 . 2007-02-09 23:31 -------- d-----w- c:\program files\QuickTime
    2010-04-10 22:48 . 2010-04-10 22:47 -------- d-----w- c:\program files\Bonjour
    2010-04-10 22:42 . 2010-04-10 22:42 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
    2010-04-10 15:13 . 2010-03-04 12:57 439816 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-08 14:58 . 2010-03-06 14:35 439816 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-07 15:20 . 2010-04-07 15:19 20846064 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\rp\RealPlayerSPGold.exe
    2010-04-07 15:19 . 2010-04-07 15:19 8405312 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-04-07 15:19 . 2010-04-07 15:19 149000 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\chr_helper\LaunchHelper.exe
    2010-04-07 15:19 . 2010-04-07 15:19 10309448 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\chr\ChromeInstaller.exe
    2010-04-05 02:21 . 2007-03-23 02:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-03-30 23:47 . 2010-02-21 16:41 5594112 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
    2010-03-30 10:50 . 2010-03-30 10:50 79368 -c--a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\vista.exe
    2010-03-30 10:50 . 2010-03-30 10:50 64000 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\inst_config\gcapi_dll.dll
    2010-03-30 10:50 . 2010-03-30 10:50 52288 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\inst_config\gtapi.dll
    2010-03-30 10:50 . 2010-03-30 10:50 50688 -c--a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\inst_config\fftbapi.dll
    2010-03-30 10:50 . 2010-03-30 10:50 49152 -c--a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\inst_config\CarboniteCompatibility.dll
    2010-03-30 10:50 . 2010-03-30 10:50 118784 ----a-w- c:\documents and settings\ADRIANA MAZA\Application Data\Real\Update\setup3.10\RUP\inst_config\compat.dll
    2010-03-27 20:12 . 2010-03-27 20:12 52224 -c--a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
    2010-03-27 20:12 . 2009-03-17 15:44 117760 -c--a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
    2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26943\AdobeARM.exe
    2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26943\AdobeExtractFiles.dll
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26943\ReaderUpdater.exe
    2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\26943\AcrobatUpdater.exe
    2010-03-23 16:27 . 2010-03-23 16:27 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys
    2010-03-23 16:27 . 2006-09-01 04:36 570016 ----a-w- c:\windows\system32\drivers\timntr.sys
    2010-03-23 16:27 . 2009-11-02 00:38 156928 ----a-w- c:\windows\system32\drivers\snapman.sys
    2010-03-23 02:15 . 2009-08-11 00:24 902592 ----a-w- c:\windows\system32\drivers\tdrpm228.sys
    2010-03-11 12:38 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-03-11 12:38 . 2004-08-04 04:56 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-03-11 12:38 . 2004-08-04 04:56 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-03-09 11:09 . 2004-08-04 04:56 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-08 03:52 . 2010-03-08 03:52 127903 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Move Networks\uninstall.exe
    2010-03-08 03:52 . 2009-05-27 23:29 4183416 ----a-w- c:\documents and settings\HERIBERTO MAZA\Application Data\Move Networks\plugins\npqmp071502000008.dll
    2000-12-12 15:17 . 2000-12-13 22:22 100432 -c----w- c:\program files\Win2000PPAHotfix.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan "= "d:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3216816]
    "AOL Fast Start "= "d:\program files\AOL 9.5\AOL.EXE" [2009-10-28 50536]
    "AccountLogon "= "d:\program files\AccountLogon\AccountLogon.exe" [2003-06-25 470016]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartupFaster "= "d:\program files\Startup Faster\startuploader.exe" [2009-10-22 1226000]
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-05-26 202256]
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nlhr "= "c:\windows\System32\AdvPack.Dll" [2010-03-11 124928]
    "tscuninstall "= "c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

    c:\documents and settings\ADRIANA MAZA\Start Menu\Programs\Startup\StartupFaster
    StartupFaster.ini [2009-8-23 295]
    WallMaster Pro.lnk - d:\program files\WallMaster\wallmast.exe [2006-9-3 412160]

    c:\documents and settings\HERIBERTO MAZA\Start Menu\Programs\Startup\StartupFaster
    OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    ProcessTamer.lnk - d:\program files\ProcessTamer\ProcessTamerTray.exe [2005-3-11 151552]
    StartupFaster.ini [2010-5-31 1304]
    WallMaster Pro.lnk - d:\program files\WallMaster\wallmast.exe [2006-9-3 412160]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\StartupFaster
    HP Digital Imaging Monitor.lnk - d:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-5-28 241664]
    HP Image Zone Fast Start.lnk - d:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-5-28 53248]
    StartupFaster.ini [2010-5-31 930]
    WinDates.lnk - d:\program files\WinDates\WinDates.exe [2006-9-1 1589248]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoRecentDocsNetHood "= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
    "UIHost "= "c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe "

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2010-03-27 20:08 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sunotify]
    2005-01-26 01:59 45056 ----a-w- c:\windows\system32\sunotify.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
    @= "Service "

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "WMPNSCFG "=c:\program files\Windows Media Player\WMPNSCFG.exe
    "Clipboard Buddy "=d:\progra~1\CLIPBO~1\CLIPBO~1.EXE
    "IDMan "=d:\program files\Internet Download Manager\IDMan.exe /onboot
    "AOL Fast Start "= "d:\program files\AOL 9.5\AOL.EXE" -b
    "AccountLogon "=d:\program files\AccountLogon\AccountLogon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "tgcmd "=c:\program files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
    "QuickTime Task "= "c:\program files\QuickTime\qttask.exe" -atboottime
    "TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall "= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe "=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe "=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe "=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe "=
    "d:\\Program Files\\CyberLink\\PowerDirector\\PowerDirector\\PDR.exe "=
    "d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE "=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe "=
    "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe "=
    "c:\\Program Files\\Common Files\\AOL\\1262479731\\ee\\aolsoftware.exe "=
    "d:\\Program Files\\AOL 9.5\\waol.exe "=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe "=
    "d:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe "=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe "=
    "d:\\Program Files\\iTunes\\iTunes.exe "=
    "d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe "=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "443:UDP "= 443:UDP:*:Disabled:eek:oVoo UDP port 443
    "37674:TCP "= 37674:TCP:*:Disabled:eek:oVoo TCP port 37674
    "37674:UDP "= 37674:UDP:*:Disabled:eek:oVoo UDP port 37674
    "37675:UDP "= 37675:UDP:*:Disabled:eek:oVoo UDP port 37675
    "443:TCP "= 443:TCP:*:Disabled:eek:oVoo TCP port 443

    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0402000.00C\symds.sys [6/1/2010 5:27 PM 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0402000.00C\symefa.sys [6/1/2010 5:27 PM 173104]
    R0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\drivers\tdrpm251.sys [3/23/2010 12:27 PM 902432]
    R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100429.001\BHDrvx86.sys [4/29/2010 1:44 PM 537136]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0402000.00C\cchpx86.sys [6/1/2010 5:27 PM 501888]
    R1 ISODisk;ISODisk;c:\windows\system32\drivers\ISODisk.sys [8/27/2009 5:13 PM 9600]
    R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2009 11:43 AM 12872]
    R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2009 11:43 AM 66632]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0402000.00C\ironx86.sys [6/1/2010 5:27 PM 116784]
    R2 N360;Norton Security Suite;d:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/1/2010 5:27 PM 126392]
    R2 TomTomHOMEService;TomTomHOMEService;d:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 7:31 AM 92008]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [5/7/2010 12:04 PM 1051976]
    R3 DKRtWrt;DKRtWrt;c:\windows\system32\drivers\DKRtWrt.sys [4/4/2010 8:56 PM 41504]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/27/2010 10:00 AM 102448]
    R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100528.003\IDSXpx86.sys [5/28/2010 3:33 PM 331640]
    R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [11/27/2002 5:46 PM 6400]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10/14/2009 7:24 AM 10064]
    S0 Shadow;Shadow;c:\windows\system32\drivers\shadow.sys [1/25/2005 7:21 PM 114656]
    S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/25/2007 7:22 AM 639224]
    S0 stwlfbus;stwlfbus;c:\windows\system32\DRIVERS\stwlfbus.sys --> c:\windows\system32\DRIVERS\stwlfbus.sys [?]
    S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
    S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
    S2 gupdate1c9dd7a8df5dcfe;Google Update Service (gupdate1c9dd7a8df5dcfe);c:\program files\Google\Update\GoogleUpdate.exe [5/25/2009 4:51 PM 133104]
    S3 Ke386IO;Ke386IO; [x]
    S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [6/17/2009 8:20 AM 12648]
    S3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2009 11:43 AM 12872]
    S3 st3wolf;st3wolf;c:\windows\system32\DRIVERS\st3wolf.sys --> c:\windows\system32\DRIVERS\st3wolf.sys [?]
    S3 TfNetMon;TfNetMon; [x]
    S3 XE103Sp50;XE103Sp50 NDIS Protocol Driver;c:\windows\system32\Drivers\XE103Sp50.sys --> c:\windows\system32\Drivers\XE103Sp50.sys [?]
    S4 ThreatFire;ThreatFire; [x]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

    2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 20:51]

    2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-05-25 20:51]

    2010-06-04 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-299502267-963894560-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]

    2010-06-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-299502267-963894560-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 02:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uStart Page = hxxp://www.supportforyourpc.com/
    mLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: AccountLogon - c:\windows\al-popup-heriberto maza.html
    IE: Download all links with IDM - d:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - d:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - d:\program files\Internet Download Manager\IEExt.htm
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    LSP: c:\windows\system32\idmmbc.dll
    DPF: {116D4961-37BF-4A0A-919E-673A1B2D89A0} - hxxp://www.csdvrs.com/CSDVRS.ocx
    FF - ProfilePath - c:\documents and settings\HERIBERTO MAZA\Application Data\Mozilla\Firefox\Profiles\cbys48ej.default\
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
    FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\HERIBERTO MAZA\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
    FF - component: c:\program files\PayPal\PayPal Plug-In\components\PayPalPlugin.dll
    FF - plugin: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    FF - plugin: c:\documents and settings\HERIBERTO MAZA\Application Data\Move Networks\plugins\npqmp071502000008.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - plugin: d:\program files\Adobe\Reader 9.0\Reader\browser\nppdf32.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\NPcol308.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: d:\program files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    d:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
    d:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
    d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-06-03 22:20
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet140\Services\N360]
    "ImagePath "= "\ "d:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \ "N360\" /m \ "d:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1 "

    [HKEY_LOCAL_MACHINE\System\ControlSet140\Services\Iomega Activity Disk2]
    "ImagePath "=" "
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-299502267-963894560-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk "=hex(0):fa,6f,a9,ef,5c,b2,43,72,5a,ce,82,14,1a,81,4c,19,b9,2a,34,2f,3d,
    64,6a,17,36,75,43,1d,88,e4,42,62,d5,a2,d7,a8,74,66,d2,f0,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a60f1fd9-4971-49cc-b5ff-3570f84641ea}]
    @Denied: (Full) (Everyone)
    "Model "=dword:00000139
    "Therad "=dword:0000000f
    "MData "=hex(0):63,ae,cb,e6,c3,db,32,60,61,43,33,f4,c7,44,8e,a0,b4,73,0a,85,ea,
    c6,bc,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1296)
    d:\program files\SUPERAntiSpyware\SASWINLO.DLL
    c:\windows\system32\WININET.dll
    .
    Completion time: 2010-06-03 22:24:23
    ComboFix-quarantined-files.txt 2010-06-04 02:24

    Pre-Run: 79,829,229,568 bytes free
    Post-Run: 79,823,187,968 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=Z3J9G3 /Kernel=TUKernel.exe
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=Z3J9G3-BAK

    Current=140 Default=140 Failed=139 LastKnownGood=141 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,138,139,140,141
    - - End Of File - - 5C75B429B812702986E2903AE3614708
     
  13. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
  14. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Oh, OK, I posted without seeing your last reply. Hold on...
     
  15. 2010/06/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Combofix looks clean now.
    How is computer doing at the moment?

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start> "Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall "
    Click OK (Vista users - press Enter).
    Restart computer.

    =============================================================

    1. Download Temp File Cleaner (TFC)
    Double click on TFC.exe to run the program.
    Click on Start button to begin cleaning process.
    TFC will close all running programs, and it may ask you to restart computer.


    2. Go to Kaspersky website and perform an online antivirus scan.

    1. Disable your active antivirus program.
    2. Read through the requirements and privacy statement and click on Accept button.
    3. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    4. When the downloads have finished, click on Settings.
    5. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, Adware, Dialers, and other potentially dangerous programs
      [*] Archives
      [*] Mail databases
    6. Click on My Computer under Scan.
    7. Once the scan is complete, it will display the results. Click on View Scan Report.
    8. You will see a list of infected items there. Click on Save Report As....
    9. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

    Post fresh HijackThis log as well.
     
  16. 2010/06/05
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Here is the online Karspersky scan results:

    KASPERSKY ONLINE SCANNER 7.0: scan reportKASPERSKY ONLINE SCANNER 7.0:
    scan report
    Saturday, June 5, 2010
    Operating system: Microsoft Windows XP Professional Service Pack 3 (build
    2600)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Friday, June 04, 2010 23:44:15
    Records in database: 4201289


    Scan settings
    scan using the following databaseextended
    Scan archivesyes
    Scan e-mail databasesyes

    Scan areaMy Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\

    Scan statistics
    Objects scanned119187
    Threats found0
    Infected objects found0
    Suspicious objects found0
    Scan duration05:52:04

    No threats found. Scanned area is clean.
    Selected area has been scanned.
     
  17. 2010/06/05
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Here is an additional automatic IDDLE Norton Scan (made when disabled while Karspersky was scanning but it did not interfere with it) :

    Category: Resolved Security Risks
    Date & Time,Risk,Activity,Status,Recommended Action

    6/4/2010 6:29 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action

    6/3/2010 2:09 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action

    6/1/2010 9:06 PM,High,bab[1].htm (Trojan.Malscript!html) detected by Auto-Protect,Blocked,Resolved - No Action

    5/29/2010 8:38 PM,Low,Tracking Cookies detected by Virus scanner,Removed,Resolved - No Action

    5/27/2010 10:57 PM,High,removewga.exe (Infostealer.Gampass) detected by Auto-Protect,Quarantined,Resolved - No Action
     
  18. 2010/06/05
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    Here is the HijackThis Log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 6:50:17 AM, on 6/5/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
    C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\WINDOWS\system32\svchost.exe
    D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
    D:\Program Files\Internet Download Manager\IDMan.exe
    D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    D:\Program Files\AccountLogon\AccountLogon.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
    D:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
    D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    D:\Program Files\Weather Watcher Live\ww.exe
    D:\Program Files\WinDates\WinDates.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    D:\Program Files\WallMaster\wallmast.exe
    C:\Program Files\Common Files\AOL\1262479731\ee\aolsoftware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Java\jre6\bin\java.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supportforyourpc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
    O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\IPSBHO.DLL
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll
    O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD} - C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll
    O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\coIEPlg.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O4 - HKLM\..\Run: [StartupFaster] "D:\Program Files\Startup Faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [Clipboard Buddy] D:\PROGRA~1\CLIPBO~1\CLIPBO~1.EXE
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [AOL Fast Start] "D:\Program Files\AOL 9.5\AOL.EXE" -b
    O4 - HKCU\..\Run: [AccountLogon] D:\Program Files\AccountLogon\AccountLogon.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlhr] RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C (User 'Default user')
    O4 - S-1-5-18 Startup: StartupFaster (User 'SYSTEM')
    O4 - .DEFAULT Startup: StartupFaster (User 'Default user')
    O4 - Startup: StartupFaster
    O4 - Global Startup: StartupFaster
    O8 - Extra context menu item: AccountLogon - C:\WINDOWS\al-popup-heriberto maza.html
    O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: WinAVI FLV Manager - {DE365254-2F9B-4908-9E3A-7AAA6EC90BCC} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
    O9 - Extra 'Tools' menuitem: AccountLogon - {1CB13C88-96B6-11d6-9AF5-D12D26EE1F36} - C:\WINDOWS\al-popup-heriberto maza.html (HKCU)
    O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {116D4961-37BF-4A0A-919E-673A1B2D89A0} (CSDVRS) - http://www.csdvrs.com/CSDVRS.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) -
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O17 - HKLM\System\CS103\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS105\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS106\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS107\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS108\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS109\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS110\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS111\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS112\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS113\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS114\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS115\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS116\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS117\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS118\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS119\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS120\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS121\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS122\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS123\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS124\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS125\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS126\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS127\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS128\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS129\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS130\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS131\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS132\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS133\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS134\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CS135\Services\Tcpip\..\{25C53D09-25C7-4A50-8277-C26300DEADDD}: NameServer = 208.67.222.222,208.67.220.220
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - D:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
    O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: Google Update Service (gupdate1c9dd7a8df5dcfe) (gupdate1c9dd7a8df5dcfe) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Norton Security Suite (N360) - Symantec Corporation - D:\Program Files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
    O23 - Service: TomTomHOMEService - TomTom - D:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

    --
    End of file - 18457 bytes
     
  19. 2010/06/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Very good :)
    I still need fresh HJT log.
     
  20. 2010/06/05
    mazaprin

    mazaprin Inactive Thread Starter

    Joined:
    2003/11/14
    Messages:
    99
    Likes Received:
    0
    I already posted the HJT log this morning at 6:50 am right before your response, please check it.
     
  21. 2010/06/05
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Re-run HJT and checkmark:

    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)


    Click "Fix checked" button.

    When done...


    Your computer is clean :)

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore ".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C: ")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    [SIZE= "4"]5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately![/SIZE]

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run defrag at your convenience.

    8. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    9. Please, let me know, how is your computer doing.
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.