WinCoDecPRO Removal Needed - Hijackthis log included

I have a virus/spyware called WinCoDecPRO on my PC that I need help removing.
There is a red icon with an X on my taskbar saying several things when the pop-up comes up. It is saying my codecs are corrupted etc.
When I click on the icon it takes me to a website to purchase a program that will fix my media codecs.

How do I get rid of this entirely?

Any help is greatly appreciated.


Here is a log using HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:46 AM, on 10/14/2009
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINNT\system32\mnmsrvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = r1:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [dejusched] C:\Program Files\Java\jre6\bin\dejusched.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus CX8400 Series] C:\WINNT\system32\spool\DRIVERS\W32X86\3\E_FATICEA.EXE /FU "C:\WINNT\TEMP\E_SCAD.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: MIW Deployment - https://wil.radnetonline.com/downloads/MIWDeploy.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwic.ops.placeware.com/etc/place/INDIA/SCIpws-c2/5.1.7.413/lib/quicksilver.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RobertsonDX.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = RobertsonDX.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = RobertsonDX.com
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINNT\SYSTEM32\LxrSII1s.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

--
End of file - 6749 bytes

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Malwarebytes' Anti-Malware 1.41
Database version: 2956
Windows 5.0.2195 Service Pack 4

10/14/2009 12:55:20 PM
mbam-log-2009-10-14 (12-55-20).txt

Scan type: Quick Scan
Objects scanned: 144167
Time elapsed: 14 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Also, on a side not, my sound has completely stopped working.

Hello.
Do you have the latest sound card drivers installed?

Belahzur - I am not sure. How do I check on that?

Also, what else can I do regarding the virus/spyware issue I am having?
The AntiMalware report came back clean as I posted the log, however I am still infected.
Also I should mention, before I registered here I ran the scan and it came up with 2 threats however I deleted those threats. Not sure if that was any help though.

Hello.
We'll deal with sounds soon, just answer this for me.

Are you still getting fake popups? the log looks okay, I don't see anything loading up your startup, or other loading points that just stands out at me.

Are the popups happening on a certain website? or just randomly?

Thanks for your help my friend.

Actually the only pop-ups I have are on my task bar that contains a red circle with a white X in the middle saying such things as
“WARNING
Fatal Error: Windows can’t play the following media formats: AVI; ASF; WMV; AVS; FLV; MKV; MOV; 3GP; MP4; MPG; MPEG; MP3; AAC; WAV; WMA; CDA; FLAC; M4A; MID. Update your video codec to resolve the issue.”

Everything that comes up says something similar like "Corrupt Media Codecs", "System Failure" etc.

Also, I can access websites just fine. But my sound isn't working and when I try to open important documents in Word 2003 I just get a page full of funny characters that I can't interpret.
Not sure if that has anything to do with the virus/spyware though.

Hello.
Lets see about that codec error, we'll instsll VLC player.

Download and install VLC Player 1.0.1

Hopefully that takes care of the codec problem, now for the sound.
Is this a laptop, if so, what's the company name it's got on it? Dell, Acer, etc.

Belahzur - I don't think I have any problems with my codecs. The pop-ups from the spyware/virus are saying I do so I can buy their product which promises to solve the issue. If you do a google search for WinCodedPRO it will tell you all about it.
But do you think I should install VLC anyway?

Also, I am actually using a PC not a laptop.

This is a new one of me then, something else must be going on, because a guide I found shows two specific run values for this infection, but your HJT log/MBAM log both say it's okay.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

ComboFix 09-10-14.06 - Administrator 10/14/2009 20:43.1.1 - NTFSx86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.735.463 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\winnt\Downloaded Program Files\hotbar.inf
c:\winnt\system32\jgaw400.dll
c:\winnt\Web\default.htt

c:\winnt\system32\comres.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.

2009-10-15 03:42 . 2009-10-15 03:42 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_3c4.dat
2009-10-14 22:37 . 2009-10-14 22:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-10-14 09:05 . 2009-10-14 09:05 -------- d-----w- C:\unzipped
2009-10-14 09:00 . 2009-10-14 09:00 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WinZip
2009-10-14 07:58 . 2009-10-14 07:58 -------- d-----w- c:\program files\TVUPlayer
2009-10-14 05:44 . 2009-10-14 05:44 -------- d-----w- c:\program files\Trend Micro
2009-10-14 03:24 . 2009-10-14 03:48 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-14 00:47 . 2009-10-14 00:48 -------- d-----w- c:\program files\Enigma Software Group
2009-10-13 23:43 . 2009-10-14 00:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator
2009-10-13 23:43 . 2009-10-13 23:43 142592 ----a-w- c:\winnt\system32\drivers\sp_rsdrv2.sys
2009-10-13 23:43 . 2009-10-14 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-10-13 23:43 . 2009-10-14 01:17 -------- d---a-w- c:\program files\Spyware Terminator
2009-10-13 23:34 . 2009-10-13 23:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Antispyware
2009-10-13 16:57 . 2009-10-13 16:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\AOL
2009-10-13 16:57 . 2009-10-13 16:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AOL
2009-10-13 16:56 . 2002-12-12 00:34 82432 -c--a-w- c:\winnt\system32\dllcache\drmstor.dll
2009-10-13 16:56 . 2002-12-12 00:34 82432 ----a-w- c:\winnt\system32\drmstor.dll
2009-10-13 16:56 . 2002-12-12 01:50 301712 -c--a-w- c:\winnt\system32\dllcache\drmclien.dll
2009-10-13 16:56 . 2002-12-12 01:50 301712 ----a-w- c:\winnt\system32\drmclien.dll
2009-10-13 16:56 . 2002-12-12 00:34 9728 -c--a-w- c:\winnt\system32\dllcache\npwmsdrm.dll
2009-10-13 16:56 . 2009-10-13 16:56 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-10-13 16:55 . 2009-10-13 16:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-10-13 16:55 . 2009-10-13 16:55 -------- d-----w- c:\winnt\aolshare
2009-10-13 16:55 . 2009-10-14 18:34 -------- d-----w- c:\program files\AOL 9.1
2009-10-12 16:20 . 2009-10-12 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-10-10 23:01 . 2009-10-10 23:01 -------- d-----w- c:\program files\SopCast
2009-10-09 04:43 . 2009-10-09 04:43 -------- d-----w- c:\program files\MSECache
2009-10-06 20:54 . 2009-10-06 20:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Participatory Culture Foundation
2009-10-06 20:53 . 2009-10-06 20:53 -------- d-----w- c:\program files\Participatory Culture Foundation
2009-10-04 19:40 . 2009-10-04 19:40 -------- d-----w- c:\program files\CCleaner
2009-10-01 20:15 . 2009-10-01 20:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Talkback
2009-10-01 04:50 . 2009-10-01 04:50 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_3a8.dat
2009-10-01 03:04 . 2009-10-01 03:04 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_24c.dat
2009-09-30 22:31 . 2009-09-30 22:31 16384 ----atw- c:\winnt\system32\Perflib_Perfdata_3b4.dat
2009-09-30 19:24 . 2009-09-30 19:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-30 19:24 . 2009-09-10 21:54 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2009-09-30 19:24 . 2009-09-30 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 19:24 . 2009-09-30 19:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 19:24 . 2009-09-10 21:53 18520 ----a-w- c:\winnt\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-10-15 03:40 . 2008-02-11 23:53 -------- d---a-w- c:\program files\Symantec AntiVirus
2009-10-14 22:45 . 2004-05-11 18:29 -------- d---a-w- c:\program files\Common Files\Adobe
2009-10-14 09:06 . 2004-09-15 21:43 -------- d---a-w- c:\program files\Java
2009-10-14 09:00 . 2008-04-17 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-14 08:54 . 2009-05-04 19:44 411368 ----a-w- c:\winnt\system32\deploytk.dll
2009-10-13 16:57 . 2008-03-29 06:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-10-13 16:57 . 2004-05-05 23:18 -------- d---a-w- c:\program files\Common Files\AOL
2009-10-13 16:56 . 2008-03-28 08:53 -------- d---a-w- c:\program files\Common Files\aolshare
2009-10-12 17:58 . 2008-03-28 06:37 -------- d---a-w- c:\program files\America Online 8.0
2009-10-08 11:22 . 2004-05-01 21:16 -------- d---a-w- c:\program files\Microsoft Works
2009-10-07 19:08 . 2005-04-20 15:04 4489 -c--a-w- c:\winnt\mozver.dat
2009-10-07 08:24 . 2008-03-29 03:08 -------- d---a-w- c:\program files\TaxCut07
2009-10-06 21:21 . 2008-06-24 20:01 -------- d-----w- c:\program files\Incomplete
2009-10-06 20:57 . 2004-07-26 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-06 20:51 . 2008-04-17 00:31 -------- d-----w- c:\documents and settings\Administrator\Application Data\LimeWire
2009-10-06 20:48 . 2008-04-17 00:29 -------- d-----w- c:\program files\LimeWire
2009-10-01 09:20 . 2008-06-06 03:44 -------- d-----w- c:\program files\Canon
2009-10-01 09:19 . 2004-05-01 20:23 -------- d---a-w- c:\program files\Common Files\Symantec Shared
2009-10-01 08:31 . 2008-10-21 22:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\iolo
2009-09-30 22:15 . 2008-06-06 04:34 -------- d-----w- c:\documents and settings\Administrator\Application Data\ZoomBrowser EX
2009-09-25 03:26 . 2005-05-16 15:03 -------- d---a-w- c:\program files\Google
2009-09-24 18:50 . 2009-03-27 05:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\ArcSoft
2009-08-25 21:58 . 2009-08-25 02:56 -------- d-----w- c:\program files\IrfanView
2009-08-07 02:24 . 2009-01-28 20:01 327896 ----a-w- c:\winnt\system32\wucltui.dll
2009-08-07 02:24 . 2009-01-28 20:01 209632 ----a-w- c:\winnt\system32\wuweb.dll
2009-08-07 02:24 . 2009-01-28 20:01 44768 ----a-w- c:\winnt\system32\wups2.dll
2009-08-07 02:24 . 2009-01-28 20:01 35552 ----a-w- c:\winnt\system32\wups.dll
2009-08-07 02:24 . 2004-05-01 20:05 53472 ----a-w- c:\winnt\system32\wuauclt.exe
2009-08-07 02:24 . 2003-07-14 12:00 96480 ----a-w- c:\winnt\system32\cdm.dll
2009-08-07 02:23 . 2009-01-28 20:01 575704 ----a-w- c:\winnt\system32\wuapi.dll
2009-08-07 02:23 . 2009-06-13 01:06 274288 ----a-w- c:\winnt\system32\mucltui.dll
2009-08-07 02:23 . 2009-06-13 01:06 215920 ----a-w- c:\winnt\system32\muweb.dll
2009-08-07 02:23 . 2004-05-01 20:05 1929952 ----a-w- c:\winnt\system32\wuaueng.dll
2009-02-15 00:24 . 2009-02-15 00:24 336 ----a-w- c:\program files\temp995.bat
2004-09-21 20:32 . 2004-09-21 20:34 104595 -c--a-w- c:\program files\AutoConnDriv_Win98SE.exe
2004-05-01 20:06 . 2004-05-01 20:06 21952 -c-ha-w- c:\program files\folder.htt
2002-05-10 19:59 . 2004-09-21 20:34 25431 -c--a-w- c:\program files\AutoConnectDriverforWin98SEInstructions.PDF
2001-08-07 07:36 . 2004-09-21 20:34 9504 -c--a-r- c:\program files\Install.ini
2001-08-03 18:29 . 2004-09-21 20:34 71168 -c--a-r- c:\program files\INSTALL.EXE
2001-08-03 17:38 . 2004-09-21 20:34 83968 -c--a-r- c:\program files\UNINSTAL.EXE
2001-08-02 22:28 . 2004-09-21 20:34 917 -c--a-r- c:\program files\UNINSTAL.INI
2001-05-31 16:56 . 2004-09-21 20:34 25876 -c--a-r- c:\program files\OLPUBKCR.SYS
2000-09-28 04:11 . 2004-09-21 20:34 1198 -c--a-r- c:\program files\OLPUBKCR.INF
2000-07-17 22:09 . 2004-09-21 20:34 822 -c--a-r- c:\program files\OLPUSBCR.INF
2000-07-14 01:45 . 2004-09-21 20:34 11052 -c--a-r- c:\program files\MUSBPORT.PDR
2008-12-17 21:59 . 2009-10-04 03:08 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 . 2009-10-04 03:08 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 . 2009-10-04 03:08 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 . 2009-10-04 03:08 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 . 2009-10-04 03:08 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2008-06-11 00:03 . 2008-06-11 00:03 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-06-11 00:03 . 2008-06-11 00:03 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-06-11 00:03 . 2008-06-11 00:03 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2002-11-27 02:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [9.0.1.56] . . c:\winnt\system32\mspmsnsv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"AIM"="c:\progra~1\AIM95\aim.exe" [2002-05-22 57344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2004-08-03 124232]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-06-10 66680]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-06 185632]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"dejusched"="c:\program files\Java\jre6\bin\dejusched.exe" [2009-10-13 84480]
"HostManager"="c:\program files\Common Files\AOL\1255452910\ee\AOLSoftware.exe" [2007-05-25 42032]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-14 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Synchronization Manager"="mobsync.exe" - c:\winnt\system32\mobsync.exe [2003-07-14 111376]
"VTPreset"="VTPreset.exe" - c:\winnt\system32\VTPreset.exe [2004-02-25 45056]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-07-14 186640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-6-25 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 LxrSII1d;Secure II Driver;c:\winnt\system32\drivers\LxrSII1d.sys [1/31/2007 12:02 PM 70016]
R3 usbhub20;USB 2.0 Root Hub Support;c:\winnt\system32\drivers\usbhub20.sys [5/1/2004 5:58 AM 49776]
S0 SONYPVM1;Sony Memory Stick Driver(SONYPVM1);c:\winnt\system32\DRIVERS\SONYPVM 1.SYS --> c:\winnt\system32\DRIVERS\SONYPVM1.SYS [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [8/2/2004 8:36 PM 173392]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [5/1/2004 1:14 PM 9038]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
uInternet Settings,ProxyServer = r1:8080
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: %SystemRoot%\system32\msafd.dll
DPF: MIW Deployment - hxxps://wil.radnetonline.com/downloads/MIWDeploy.cab
DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} - hxxp://scpwic.ops.placeware.com/etc/place/INDIA/SCIpws-c2/5.1.7.413/lib/quicksilver.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\33k9j29p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-14 20:52
Windows 5.0.2195 Service Pack 4 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4 C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(172)
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2009-10-15 20:53
ComboFix-quarantined-files.txt 2009-10-15 03:53

Pre-Run: 67,671,175,168 bytes free
Post-Run: 68,454,715,392 bytes free

194 --- E O F --- 2009-10-08 11:38

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
mspmsnsv.dll
comres.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

I tried to click both links but the 'Save File' won't allow me to click it to save to my PC.

What browser are you using to download files?

Currently using FireFox. Should I try it with Internet Explorer?

Yes, try that.
If IE works, then it's a problem with Firefox.

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 19:30 on 18/10/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "mspmsnsv.dll"
C:\WINNT\system32\mspmsnsv.dll --a--c 52224 bytes [21:02 01/05/2004] [02:03 27/11/2002] 36678803A8030EE9A771935CFC1848BD

Searching for "comres.dll"
No files found.

-=End Of File=-

Still getting wincodec pro popups? I still don't see anything wrong here.

Belahzur - Unfortunately yes. I still have the red icon on my lower right-hand system bar/task tray saying "Fatal Error", "Media System Corrupt" etc.
And my sound still does not work

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Under the Custom Scan box paste this in
  
  netsvcs
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %systemroot%\system32\eventlog.dll
  %systemroot%\system32\scecli.dll
  %systemroot%\netlogon.dll
  %systemroot%\system32\cngaudit.dll
  %systemroot%\system32\sceclt.dll
  %systemroot%\ntelogon.dll
  %systemroot%\system32\logevent.dll
  %systemroot%\system32\drivers\iaStor.sys
  %systemroot%\System32\drivers\nvstor.sys
  %systemroot%\system32\drivers\atapi.sys
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time
    
  
  

Extras.Txt:

OTL Extras logfile created on: 10/19/2009 7:48:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 421.64 Mb Available Physical Memory | 57.33% Memory free
1.76 Gb Paging File | 1.42 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): C:\pagefile.sys 1102 1102 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.57 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS24
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1 File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007F4F0A-CC46-4C8F-A2AE-26E802625BF3}" = Microsoft Office Live Meeting 2005
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2b02f822-a9b9-458c-80e5-3ea8c0de8471}" = QuickBooks Pro Edition 2004
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5FF4A578-4588-4ACF-8317-7191FC45F3E1}" = TaxCut California 2007
"{60B9A48D-559E-43FA-8F28-D657190E4E52}" = Remote Desktop Connection
"{6D63A7D5-ACD1-4322-B1A6-52C9E530040D}" = Canon Camera TWAIN Driver
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{848AC794-8B81-440A-81AE-6474337DB527}" = Symantec AntiVirus
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{ADAED43C-BBD9-42C5-8B21-F4FBFA81E3C3}" = Palm
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Instant Messenger (SM)" = AOL Instant Messenger (SM)
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner (remove only)
"CSCLIB" = Canon Camera Support Core Library
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"HijackThis" = HijackThis 2.0.2
"InstallShield_{6D63A7D5-ACD1-4322-B1A6-52C9E530040D}" = Canon Camera TWAIN Driver 6.7
"LimeWire" = LimeWire 4.16.6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft Office Live Meeting" = Microsoft Office Live Meeting
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Pdf995" = Pdf995
"PhotoStitch" = Canon Utilities PhotoStitch
"PictureItSuite_v10" = Microsoft Digital Image Suite 10
"Q818043" = Windows 2000 Hotfix (SP5) Q818043
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"S3Display" = S3Display
"Silent Package Run-Time Sample" = EPSON CX8400 User's Guide
"SopCast" = SopCast 3.0.3
"Spyware Terminator_is1" = Spyware Terminator
"TVUPlayer" = TVUPlayer 2.3.0.0
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player system update (9 Series)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 10/15/2009 12:53:09 AM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/15/2009 1:35:10 AM | Computer Name = WS24 | Source = MsiInstaller | ID = 11706
Description = Product: Symantec AntiVirus -- Error 1706.No valid source could be
found for product Symantec AntiVirus. The Windows Installer cannot continue.

Error - 10/15/2009 8:41:41 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/15/2009 8:43:00 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/15/2009 10:27:44 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/15/2009 10:29:47 PM | Computer Name = WS24 | Source = PerfDisk | ID = 1000
Description = Unable to open the Disk performance object. Status code returned is
data
DWORD 0.

Error - 10/15/2009 10:29:47 PM | Computer Name = WS24 | Source = rasctrs | ID = 2001
Description =

Error - 10/15/2009 10:43:27 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 10/19/2009 6:47:20 PM | Computer Name = WS24 | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 10/19/2009 6:48:36 PM | Computer Name = WS24 | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 10/15/2009 10:34:01 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7001
Description = The Remote Access Connection Manager service depends on the Telephony
service which failed to start because of the following error: %%1077

Error - 10/15/2009 10:34:32 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {0C0A3666-30C9-11D0-8F20-00805F2CD064} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:35:16 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:35:48 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:36:18 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:36:51 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:37:21 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {943B6A75-BB5E-41A7-A6D3-A1A5E892B33B} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:42:28 PM | Computer Name = WS24 | Source = DCOM | ID = 10010
Description = The server {1BE1F766-5536-11D1-B726-00C04FB926AF} did not register
with DCOM within the required timeout.

Error - 10/15/2009 10:44:05 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SONYPVM1

Error - 10/19/2009 6:49:07 PM | Computer Name = WS24 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SONYPVM1


< End of report >

OTL.Txt:

OTL logfile created on: 10/19/2009 7:48:32 PM - Run 1
OTL by OldTimer - Version 3.0.21.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

735.48 Mb Total Physical Memory | 421.64 Mb Available Physical Memory | 57.33% Memory free
1.76 Gb Paging File | 1.42 Gb Available in Paging File | 80.53% Paging File free
Paging file location(s): C:\pagefile.sys 1102 1102 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 63.57 Gb Free Space | 85.30% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WS24
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/10/19 19:47:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/10/14 01:54:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/14 01:54:15 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/13 16:43:40 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe
PRC - [2009/10/12 18:13:33 | 00,084,480 | -H-- | M] () -- C:\Program Files\Java\jre6\bin\dejusched.exe
PRC - [2009/06/25 12:10:00 | 00,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2008/11/06 04:42:59 | 00,054,568 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\shellmon.exe
PRC - [2008/11/06 04:42:59 | 00,039,208 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.1\waol.exe
PRC - [2008/04/05 22:51:45 | 00,185,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2007/05/25 10:16:08 | 00,042,032 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe
PRC - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
PRC - [2005/05/19 16:48:34 | 00,053,248 | ---- | M] () -- C:\WINNT\System32\LxrSII1s.exe
PRC - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MSTask.exe
PRC - [2004/08/02 20:36:40 | 00,124,232 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2004/08/02 20:36:32 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2004/08/02 20:36:26 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2004/06/09 21:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/06/09 21:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2004/06/09 21:31:06 | 00,066,680 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2003/07/14 05:00:00 | 00,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Explorer.EXE
PRC - [2003/07/14 05:00:00 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\WBEM\WinMgmt.exe
PRC - [2003/07/14 05:00:00 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\regsvc.exe
PRC - [2003/07/14 05:00:00 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\stisvc.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\hidserv.exe
PRC - [2002/07/30 16:16:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe
PRC - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/10/14 01:54:15 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2009/10/13 16:43:40 | 00,487,424 | ---- | M] (Crawler.com) -- C:\Program Files\Spyware Terminator\sp_rsser.exe -- (sp_rssrv [Auto | Running])
SRV - [2006/10/23 05:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2005/05/19 16:48:34 | 00,053,248 | ---- | M] () -- C:\WINNT\System32\LxrSII1s.exe -- (LxrSII1s [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2004/09/07 08:59:06 | 00,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\MSTask.exe -- (Schedule [Auto | Running])
SRV - [2004/08/02 20:36:36 | 00,173,392 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam [On_Demand | Stopped])
SRV - [2004/08/02 20:36:32 | 01,267,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus [Auto | Running])
SRV - [2004/08/02 20:36:26 | 00,030,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch [Auto | Running])
SRV - [2004/06/11 19:28:30 | 00,201,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc [On_Demand | Stopped])
SRV - [2004/06/09 21:31:14 | 00,242,808 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr [Auto | Running])
SRV - [2004/06/09 21:31:12 | 00,087,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2004/06/09 21:31:08 | 00,255,096 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\WBEM\WinMgmt.exe -- (WinMgmt [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,147,728 | ---- | M] (VERITAS Software Corp.) -- C:\WINNT\System32\dmadmin.exe -- (dmadmin [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,094,992 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\faxsvc.exe -- (Fax [On_Demand | Stopped])
SRV - [2003/07/14 05:00:00 | 00,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\regsvc.exe -- (RemoteRegistry [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\stisvc.exe -- (StiSvc [Auto | Running])
SRV - [2003/07/14 05:00:00 | 00,022,800 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\UtilMan.exe -- (UtilMan [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2003/06/19 13:05:04 | 00,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\System32\hidserv.exe -- (HidServ [Auto | Running])
SRV - [2002/07/30 16:16:20 | 00,065,536 | ---- | M] (America Online, Inc.) -- C:\WINNT\wanmpsvc.exe -- (WANMiniportService [Auto | Running])
SRV - [2001/09/24 07:59:00 | 00,454,656 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = r1:8080

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?ei=UTF-8&fr=ytff-sunm&p="
FF - prefs.js..browser.search.selectedEngine: "AOL Search"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3
FF - prefs.js..keyword.URL: "http://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query="

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/14 01:54:16 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/10/03 20:08:56 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/14 15:45:42 | 00,000,000 | ---D | M]

[2009/01/28 15:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions
[2009/01/28 15:24:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/10/18 20:01:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\33k9j29p.default\extensions
[2009/10/01 03:35:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\mozilla\Firefox\Profiles\33k9j29p.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/01/29 19:29:39 | 00,001,331 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\FireFox\Profiles\33k9j29p.default\searchplugins\crawlersrch.xml
[2009/10/18 20:01:25 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/10/03 20:08:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/04/16 17:30:41 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/05/10 01:21:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/10/14 01:54:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2009/10/03 20:08:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\talkback@mozilla.org
[2008/12/17 14:59:30 | 00,067,688 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2008/12/17 14:59:31 | 00,054,368 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2008/12/17 14:59:32 | 00,034,944 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\myspell.dll
[2008/12/17 14:59:33 | 00,046,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\spellchk.dll
[2008/12/17 14:59:35 | 00,172,136 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2009/02/24 12:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2008/06/10 17:03:52 | 00,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll
[2008/06/10 17:03:52 | 00,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll
[2008/06/10 17:03:52 | 00,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll
[2009/10/14 01:54:16 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2009/02/24 12:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2005/12/05 22:31:00 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2008/12/17 14:59:36 | 00,022,656 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2007/03/22 19:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFFICE.DLL
[2009/02/27 13:13:42 | 00,103,792 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/04/05 22:51:53 | 00,144,720 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2008/04/05 22:51:58 | 00,024,576 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/04/05 22:51:49 | 00,081,920 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2009/07/17 20:21:00 | 03,883,424 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2007/08/21 17:42:32 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/02/24 12:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/12/17 11:24:41 | 00,001,514 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/17 11:24:41 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/11/06 04:42:54 | 00,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml
[2008/12/17 11:24:41 | 00,001,038 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/17 11:24:41 | 00,001,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/17 11:24:41 | 00,002,351 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/17 11:24:41 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINNT\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dejusched] C:\Program Files\Java\jre6\bin\dejusched.exe ()
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1255452910\ee\AOLSoftware.exe (AOL LLC)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Synchronization Manager] C:\WINNT\System32\mobsync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [VTPreset] C:\WINNT\System32\VTPreset.exe (S3 Graphics, Inc.)
O4 - HKCU..\Run: [AIM] C:\PROGRA~1\AIM95\aim.exe -cnetwait.odl File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKLM..\RunOnce: [MigrateMMDrivers] C:\WINNT\System32\mmsys.CPL (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe (America Online, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\System32\rnr20.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\System32\msafd.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} http://scpwic.ops.placeware.com/etc/place/INDIA/SCIpws-c2/5.1.7.413/lib/quicksilver.cab (Quicksilver Class)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: MIW Deployment https://wil.radnetonline.com/downloads/MIWDeploy.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = RobertsonDX.com
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\System32\msdxm.ocx ()
O18 - Protocol\Filter: - application/octet-stream - No CLSID value found
O18 - Protocol\Filter: - application/x-complus - No CLSID value found
O18 - Protocol\Filter: - application/x-msdownload - No CLSID value found
O18 - Protocol\Filter: - Class Install Handler - No CLSID value found
O18 - Protocol\Filter: - deflate - No CLSID value found
O18 - Protocol\Filter: - gzip - No CLSID value found
O18 - Protocol\Filter: - lzdhtml - No CLSID value found
O18 - Protocol\Filter: - text/webviewhtml - No CLSID value found
O18 - Protocol\Filter: - text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINNT\system32\NavLogon.dll - C:\WINNT\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O21 - SSODL: Network.ConnectionTray - {7007ACCF-3202-11D1-AAD2-00805FC1270E} - C:\WINNT\System32\NETSHELL.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/11/02 09:51:53 | 00,000,050 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINNT\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

NetSvcs: Ias - C:\WINNT\System32\ias [2004/05/01 05:55:15 | 00,000,000 | ---D | M]
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootMin: dmboot.sys - C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootMin: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootMin: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: sglfb.sys - File not found
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: tga.sys - File not found
SafeBootMin: vga.sys - Driver
SafeBootMin: WinMgmt - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: dmadmin - C:\WINNT\System32\dmadmin.exe (VERITAS Software Corp.)
SafeBootNet: dmboot.sys - C:\WINNT\System32\drivers\dmboot.sys (VERITAS Software Corp.)
SafeBootNet: dmio.sys - C:\WINNT\System32\drivers\dmio.sys (VERITAS Software Corp.)
SafeBootNet: dmload.sys - C:\WINNT\System32\drivers\dmload.sys (VERITAS Software Corp.)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NBF - Service
SafeBootNet: nbf.sys - Driver
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: sglfb.sys - File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: tga.sys - File not found
SafeBootNet: vga.sys - Driver
SafeBootNet: WinMgmt - C:\WINNT\System32\WBEM\WinMgmt.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {02f78298-8af6-495c-9ecb-b6ae68678186} - KB867282
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0e} - Internet Explorer ReadMe
ActiveX: {0fde1f56-0d59-4fd7-9624-e3df6b419d0f} - IEEX
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2cc9d512-6db6-4f1c-8979-9a41fae88de0} - Q837009
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3c0d61fe-1db3-4d0b-8477-3cb53eab9469} - KB951066
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows script 5.6
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5b7bf89d-d196-4c32-a303-a57b8ab7f18d} - KB918439
ActiveX: {5f3c70b3-ac2f-432c-8f9c-1624df61f54f} - Microsoft Data Access Components KB870669
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {685e3910-1f77-49b9-9434-50bcd95c51ab} - KB905495
ActiveX: {6A5110B5-E14B-4268-A065-EF89FF33C325} - regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {795d0712-722c-43ec-906a-fc5e678eada9} - Q831167
ActiveX: {80b81c71-14cd-41c3-9e8c-08b9e06d02ef} - KB960714
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - %SystemRoot%\system32\ie4uinit.exe
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - %SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl
ActiveX: {A00BF2EB-56EE-4fde-B5EA-6A8FA425B2A5} - W2KAppComp
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {dc0d5f50-5f0b-46bf-8683-93ac61c67001} - Q833989
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {e41091c0-06d5-474f-836e-dd190348ea18} - KB958215
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {eddbec60-89cb-44ef-8291-0850fd28ff6a} - Q832894
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: {f156e5b2-f52e-4094-800c-e7392fe62314} - KB938464
ActiveX: {f3d9c2d1-579f-4d41-95ba-5354eeb398d0} - KB972260
ActiveX: {f5173cf0-1dfb-4978-8e50-a90169ee7ca9} - Q823353
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINNT\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - "C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux1 - File not found
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer1 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: wave1 - File not found
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found

========== Files/Folders - Created Within 14 Days ==========

[4 C:\WINNT\*.tmp files]
[2009/10/12 09:20:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2009/10/13 09:55:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL OCP
[2009/10/14 21:40:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/10/13 09:57:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/10/19 19:29:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/10/13 16:43:38 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2009/10/14 15:37:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2009/10/13 16:34:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2009/10/13 09:57:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\AOL
[2009/10/06 13:54:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2009/10/13 16:43:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
[2009/10/15 14:50:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/10/13 09:57:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AOL
[2009/10/19 19:31:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PC_Drivers_Headquarters
[2009/10/14 02:00:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\WinZip
[2009/10/13 09:56:21 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Nullsoft
[2009/10/13 09:55:26 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2009/10/13 09:55:07 | 00,000,000 | ---D | C] -- C:\Program Files\AOL 9.1
[2009/10/13 17:47:01 | 00,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2009/10/14 21:40:02 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Easy Assist
[2009/10/08 21:43:08 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/10/06 13:53:14 | 00,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2009/10/19 19:29:30 | 00,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2009/10/10 16:01:30 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009/10/13 16:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2009/10/13 22:44:56 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/10/14 00:58:31 | 00,000,000 | ---D | C] -- C:\Program Files\TVUPlayer
[2009/10/15 14:49:27 | 00,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2009/10/13 20:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/10/19 19:46:59 | 00,521,216 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/19 19:25:24 | 00,000,000 | R-SD | C] -- C:\WINNT\assembly
[2009/10/19 19:24:25 | 00,000,000 | ---D | C] -- C:\WINNT\Microsoft.NET
[2009/10/19 19:22:03 | 01,045,536 | ---- | C] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Administrator\Desktop\DriverDetective.exe
[2009/10/19 16:36:58 | 00,102,664 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/10/15 15:06:39 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/10/14 22:02:40 | 00,661,352 | ---- | C] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2009/10/14 22:02:03 | 03,589,160 | ---- | C] (Sysinternals) -- C:\Documents and Settings\Administrator\Desktop\processexplorer.exe
[2009/10/14 20:53:46 | 00,000,000 | ---D | C] -- C:\WINNT\temp
[2009/10/14 20:42:44 | 00,000,000 | ---D | C] -- C:\ComboFix
[2009/10/14 20:35:07 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2009/10/14 20:35:07 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2009/10/14 20:35:06 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2009/10/14 20:35:06 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2009/10/14 19:52:01 | 00,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2009/10/14 19:51:49 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/14 15:41:23 | 27,386,280 | ---- | C] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr920_en_US.exe
[2009/10/14 02:05:58 | 00,000,000 | ---D | C] -- C:\unzipped
[2009/10/13 22:44:11 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/10/13 21:58:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1
[2009/10/13 16:39:28 | 00,646,840 | ---- | C] (Crawler Inc. ) -- C:\Documents and Settings\Administrator\Desktop\SpywareTerminatorSetup(2).exe
[2009/10/13 09:55:08 | 00,000,000 | ---D | C] -- C:\WINNT\aolshare
[2004/09/21 13:34:49 | 00,025,876 | R--- | C] (MicroStaff Co.,Ltd.) -- C:\Program Files\OLPUBKCR.SYS

========== Files - Modified Within 14 Days ==========

[8 C:\WINNT\System32\*.tmp files]
[4 C:\WINNT\*.tmp files]
[2009/10/19 19:47:01 | 00,521,216 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2009/10/19 19:31:22 | 00,071,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/19 19:29:37 | 00,002,010 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/19 19:28:51 | 00,394,054 | ---- | M] () -- C:\WINNT\System32\PerfStringBackup.INI
[2009/10/19 19:28:51 | 00,383,534 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2009/10/19 19:28:51 | 00,057,148 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2009/10/19 19:21:57 | 01,045,536 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Administrator\Desktop\DriverDetective.exe
[2009/10/19 16:58:22 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/10/19 16:35:40 | 00,102,664 | ---- | M] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\tmcomm.sys
[2009/10/19 15:51:17 | 00,000,588 | ---- | M] () -- C:\WINNT\win.ini
[2009/10/19 15:48:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\tasks\SA.DAT
[2009/10/19 15:48:30 | 00,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_25c.dat
[2009/10/19 15:46:10 | 00,642,880 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2009/10/18 19:25:30 | 00,102,660 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2009/10/14 22:02:43 | 00,661,352 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Documents and Settings\Administrator\Desktop\autoruns.exe
[2009/10/14 22:02:18 | 03,589,160 | ---- | M] (Sysinternals) -- C:\Documents and Settings\Administrator\Desktop\processexplorer.exe
[2009/10/14 20:52:20 | 00,000,227 | ---- | M] () -- C:\WINNT\system.ini
[2009/10/14 19:52:27 | 03,339,061 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/10/14 15:45:42 | 00,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 15:44:10 | 27,386,280 | ---- | M] ( ) -- C:\Documents and Settings\Administrator\Desktop\AdbeRdr920_en_US.exe
[2009/10/14 06:49:34 | 00,002,416 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Microsoft Office Word 2003 (2).lnk
[2009/10/14 02:03:00 | 00,071,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2009/10/14 02:00:47 | 00,001,535 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2009/10/14 01:58:58 | 13,722,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\winzip121.exe
[2009/10/14 00:58:33 | 00,000,587 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\TVUPlayer.lnk
[2009/10/13 22:44:57 | 00,001,590 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/13 22:44:14 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrator\Desktop\HJTInstall.exe
[2009/10/13 22:10:14 | 04,497,408 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Storm-op-zee.pps
[2009/10/13 21:58:13 | 00,118,910 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1.zip
[2009/10/13 21:55:56 | 00,011,044 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\personal file request.docx
[2009/10/13 16:43:40 | 00,142,592 | ---- | M] () -- C:\WINNT\System32\drivers\sp_rsdrv2.sys
[2009/10/13 16:39:30 | 00,646,840 | ---- | M] (Crawler Inc. ) -- C:\Documents and Settings\Administrator\Desktop\SpywareTerminatorSetup(2).exe
[2009/10/13 10:15:57 | 00,000,040 | ---- | M] () -- C:\WINNT\A
[2009/10/13 09:57:03 | 00,000,560 | ---- | M] () -- C:\WINNT\aolback.exe.lnk
[2009/10/13 09:57:02 | 00,000,507 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.1.lnk
[2009/10/13 09:57:00 | 00,316,640 | ---- | M] () -- C:\WINNT\WMSysPr9.prx
[2009/10/12 09:10:37 | 00,001,468 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DivX Movies.lnk
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINNT\PEV.exe
[2009/10/10 16:01:31 | 00,000,547 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk
[2009/10/09 12:04:38 | 00,276,560 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2009/10/08 11:06:07 | 05,087,188 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\jdbook.pdf
[2009/10/07 12:08:46 | 00,004,489 | ---- | M] () -- C:\WINNT\mozver.dat
[2009/10/06 02:41:27 | 00,018,944 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\phone numbers.xls

========== Files - No Company Name ==========
[2009/10/19 19:29:37 | 00,002,010 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Driver Detective.lnk
[2009/10/19 16:58:22 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_3c0.dat
[2009/10/19 15:48:30 | 00,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_25c.dat
[2009/10/19 15:46:10 | 00,642,880 | -H-- | C] () -- C:\WINNT\ShellIconCache
[2009/10/18 19:25:29 | 00,102,660 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2009/10/14 20:35:07 | 00,236,544 | ---- | C] () -- C:\WINNT\PEV.exe
[2009/10/14 20:35:07 | 00,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2009/10/14 20:35:06 | 00,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2009/10/14 20:35:06 | 00,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2009/10/14 15:45:42 | 00,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/10/14 02:03:06 | 00,071,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\JavaRa.zip
[2009/10/14 01:58:36 | 13,722,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\winzip121.exe
[2009/10/14 00:58:33 | 00,000,587 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\TVUPlayer.lnk
[2009/10/13 22:44:57 | 00,001,590 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
[2009/10/13 22:37:30 | 03,339,061 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2009/10/13 22:09:40 | 04,497,408 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Storm-op-zee.pps
[2009/10/13 21:58:11 | 00,118,910 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\BOARD_OP_SCHEDULE_Oct_11_2009R1.zip
[2009/10/13 21:55:55 | 00,011,044 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\personal file request.docx
[2009/10/13 16:43:40 | 00,142,592 | ---- | C] () -- C:\WINNT\System32\drivers\sp_rsdrv2.sys
[2009/10/13 10:15:57 | 00,000,040 | ---- | C] () -- C:\WINNT\A
[2009/10/13 09:57:02 | 00,000,507 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.1.lnk
[2009/10/10 16:01:31 | 00,000,547 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SopCast.lnk
[2009/10/08 11:05:55 | 05,087,188 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\jdbook.pdf
[2009/02/14 17:24:03 | 00,000,336 | ---- | C] () -- C:\Program Files\temp995.bat
[2008/10/21 15:14:01 | 00,074,703 | ---- | C] () -- C:\WINNT\System32\mfc45.dll
[2008/06/28 15:41:21 | 00,071,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2008/06/06 17:56:16 | 00,000,028 | ---- | C] () -- C:\WINNT\pdf995.ini
[2008/06/05 20:46:33 | 00,000,000 | ---- | C] () -- C:\WINNT\OPPRIN~1.INI
[2008/06/05 20:43:37 | 00,005,632 | ---- | C] () -- C:\WINNT\System32\CNMVS43.DLL
[2008/04/14 19:13:05 | 00,051,716 | ---- | C] () -- C:\WINNT\System32\pdf995mon.dll
[2008/04/06 17:50:03 | 00,000,097 | ---- | C] () -- C:\WINNT\System32\PICSDK.ini
[2008/04/06 17:48:39 | 00,000,044 | ---- | C] () -- C:\WINNT\EPCX8400.ini
[2008/03/28 21:39:54 | 00,000,142 | ---- | C] () -- C:\WINNT\wpd99.drv
[2007/03/16 11:33:35 | 00,442,368 | R--- | C] () -- C:\WINNT\System32\softcoin.dll
[2007/03/16 11:33:35 | 00,319,488 | R--- | C] () -- C:\WINNT\System32\gencoin.dll
[2007/01/31 12:02:32 | 00,070,016 | ---- | C] () -- C:\WINNT\System32\drivers\LxrSII1d.sys
[2006/07/27 14:43:04 | 00,001,528 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/01/04 09:45:39 | 00,000,978 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/11/02 09:50:50 | 00,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2005/05/02 11:23:19 | 00,000,072 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2005/03/30 12:04:21 | 00,000,037 | ---- | C] () -- C:\WINNT\ipixActivex.ini
[2005/01/10 09:21:20 | 00,000,000 | ---- | C] () -- C:\WINNT\JDSecure31.INI
[2004/11/09 13:15:23 | 00,000,080 | ---- | C] () -- C:\WINNT\encore_launcher.ini
[2004/11/04 15:40:50 | 00,000,023 | ---- | C] () -- C:\WINNT\PureEdgeAPI.ini
[2004/09/21 13:34:49 | 00,083,968 | R--- | C] () -- C:\Program Files\UNINSTAL.EXE
[2004/09/21 13:34:49 | 00,071,168 | R--- | C] () -- C:\Program Files\INSTALL.EXE
[2004/09/21 13:34:49 | 00,025,431 | ---- | C] () -- C:\Program Files\AutoConnectDriverforWin98SEInstructions.PDF
[2004/09/21 13:34:49 | 00,011,052 | R--- | C] () -- C:\Program Files\MUSBPORT.PDR
[2004/09/21 13:34:49 | 00,009,504 | R--- | C] () -- C:\Program Files\Install.ini
[2004/09/21 13:34:49 | 00,001,198 | R--- | C] () -- C:\Program Files\OLPUBKCR.INF
[2004/09/21 13:34:49 | 00,000,917 | R--- | C] () -- C:\Program Files\UNINSTAL.INI
[2004/09/21 13:34:49 | 00,000,822 | R--- | C] () -- C:\Program Files\OLPUSBCR.INF
[2004/09/21 13:34:06 | 00,104,595 | ---- | C] () -- C:\Program Files\AutoConnDriv_Win98SE.exe
[2004/05/25 14:56:56 | 00,001,366 | ---- | C] () -- C:\WINNT\CPWIN.INI
[2004/05/07 10:32:11 | 00,036,864 | R--- | C] () -- C:\WINNT\System32\RunSetup.dll
[2004/05/06 12:52:45 | 00,000,064 | ---- | C] () -- C:\WINNT\qwimp.ini
[2004/05/06 12:51:27 | 00,000,076 | ---- | C] () -- C:\WINNT\Quicken.ini
[2004/05/05 19:55:36 | 00,000,479 | ---- | C] () -- C:\WINNT\wininit.ini
[2004/05/05 19:55:32 | 00,000,002 | ---- | C] () -- C:\WINNT\msoffice.ini
[2004/05/01 13:25:45 | 00,000,000 | ---- | C] () -- C:\WINNT\VPC32.INI
[2004/05/01 13:23:48 | 00,000,730 | ---- | C] () -- C:\WINNT\ODBC.INI
[2004/05/01 13:18:24 | 00,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2004/05/01 13:16:45 | 00,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
[2004/05/01 13:13:39 | 00,003,000 | R--- | C] () -- C:\WINNT\System32\SetupNT.sys
[2004/05/01 13:06:39 | 00,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2004/05/01 13:06:39 | 00,000,271 | -H-- | C] () -- C:\Program Files\desktop.ini
[2003/07/14 05:00:00 | 00,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2003/07/14 05:00:00 | 00,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2003/07/14 05:00:00 | 00,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2003/07/14 05:00:00 | 00,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2003/07/14 05:00:00 | 00,000,588 | ---- | C] () -- C:\WINNT\win.ini
[2003/07/14 05:00:00 | 00,000,227 | ---- | C] () -- C:\WINNT\system.ini
[2003/07/14 05:00:00 | 00,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[1999/09/25 03:36:24 | 00,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 00,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========

[2009/10/15 14:50:19 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2008/10/16 20:29:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Aim
[2009/10/13 16:35:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Antispyware
[2009/05/04 11:58:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Any Video Converter
[2009/09/24 11:50:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ArcSoft
[2008/03/21 01:18:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\HotSync
[2009/10/01 01:31:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iolo
[2005/09/11 21:05:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ipswitch
[2009/03/26 22:55:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/10/15 14:59:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LimeWire
[2009/10/06 13:54:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Participatory Culture Foundation
[2008/06/06 17:56:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2009/10/13 17:58:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Spyware Terminator
[2009/02/14 17:27:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TaxCut
[2008/03/28 23:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/09/30 15:15:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ZoomBrowser EX
[2009/10/19 19:29:36 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/10/14 21:40:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009/03/26 22:48:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2005/11/23 09:03:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HotSync
[2004/11/09 15:07:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2008/10/21 15:13:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/10/19 19:29:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/02/14 17:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/10/13 18:17:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
[2008/03/28 19:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2007/10/23 11:34:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/14 02:00:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/07 18:37:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
[2003/07/14 05:00:00 | 00,000,065 | RH-- | M] () -- C:\WINNT\Tasks\desktop.ini
[2009/10/19 15:48:40 | 00,000,006 | -H-- | M] () -- C:\WINNT\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2003/07/14 05:00:00 | 00,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/07/14 05:00:00 | 00,163,840 | RHS- | M] () -- C:\arcsetup.exe

< %systemroot%\system32\eventlog.dll >
[2005/04/08 04:54:32 | 00,049,424 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\EVENTLOG.DLL
[8 C:\WINNT\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2005/01/12 12:39:44 | 00,114,448 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\scecli.dll
[8 C:\WINNT\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >

< %systemroot%\system32\drivers\iaStor.sys >

< %systemroot%\System32\drivers\nvstor.sys >

< %systemroot%\system32\drivers\atapi.sys >
[2003/07/14 05:00:00 | 00,086,672 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\drivers\atapi.sys

========== Files - Unicode (All) ==========
[2009/10/13 09:56:13 | 00,000,016 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\€
[2009/10/13 09:56:13 | 00,000,016 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\€
< End of report >

Please open SystemLook

• Copy the content of the following codebox into the main textfield:
  

  Code:

  
:filefind
netlogon.dll
iastor.sys
nvstor.sys
winlogon.exe
comres.dll
crypt32.dll
rundll32.exe
sfc.dll
svchost.exe
beep.sys
wscntfy.exe
logevent.dll

  
  
  
• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  

Note: The log can also be found on your Desktop entitled SystemLook.txt

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 00:12 on 20/10/2009 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "netlogon.dll"
C:\WINNT\$NtUpdateRollupPackUninstall$\netlogon.dll -----c 366864 bytes [02:11 18/03/2009] [23:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\ERDNT\cache\NETLOGON.DLL --a--- 366864 bytes [03:52 15/10/2009] [11:54 08/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\SoftwareDistribution\Download\546f42fcd512bfd684ff80fc83ac2033\generic\netlogon.dll --a--- 366864 bytes [22:24 07/04/2005] [22:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\system32\dllcache\NETLOGON.DLL --a--c 366864 bytes [23:24 07/04/2005] [23:24 07/04/2005] BE8FC3C74AB5212CD4067E8973764AD6
C:\WINNT\system32\NETLOGON.DLL ------ 366864 bytes [11:54 08/04/2005] [11:54 08/04/2005] BE8FC3C74AB5212CD4067E8973764AD6

Searching for "iastor.sys"
No files found.

Searching for "nvstor.sys"
No files found.

Searching for "winlogon.exe"
C:\WINNT\$NtUpdateRollupPackUninstall$\winlogon.exe -----c 182544 bytes [02:11 18/03/2009] [22:59 24/08/2004] 5922E8055EB439A58EF29530D8567A40
C:\WINNT\ERDNT\cache\WINLOGON.EXE --a--- 186640 bytes [03:52 15/10/2009] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265
C:\WINNT\system32\dllcache\WINLOGON.EXE --a--c 186640 bytes [22:25 14/03/2005] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265
C:\WINNT\system32\WINLOGON.EXE ------ 186640 bytes [11:51 08/04/2005] [11:51 08/04/2005] BB1DAF6A5737652646D52665251A0265

Searching for "comres.dll"
No files found.

Searching for "crypt32.dll"
C:\WINNT\$NtUpdateRollupPackUninstall$\crypt32.dll -----c 543504 bytes [02:11 18/03/2009] [02:17 24/03/2004] 5A8A54892CFC110596EB34953B455D7D
C:\WINNT\system32\CRYPT32.DLL --a--- 563984 bytes [11:54 08/04/2005] [11:54 08/04/2005] 9726A08C3E529C5E6A48FFF274A32932
C:\WINNT\system32\dllcache\CRYPT32.DLL --a--c 563984 bytes [20:52 01/05/2004] [11:54 08/04/2005] 9726A08C3E529C5E6A48FFF274A32932

Searching for "rundll32.exe"
C:\WINNT\system32\dllcache\rundll32.exe --a--c 10000 bytes [12:00 14/07/2003] [12:00 14/07/2003] 1ED5274825CD1EEBBE102B9FF7C9EC31
C:\WINNT\system32\rundll32.exe --a--- 10000 bytes [12:00 14/07/2003] [12:00 14/07/2003] 1ED5274825CD1EEBBE102B9FF7C9EC31

Searching for "sfc.dll"
C:\WINNT\ERDNT\cache\sfc.dll --a--- 95024 bytes [03:52 15/10/2009] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76
C:\WINNT\system32\dllcache\sfc.dll --a--c 95024 bytes [12:00 14/07/2003] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76
C:\WINNT\system32\sfc.dll ------ 95024 bytes [12:00 14/07/2003] [12:00 14/07/2003] 0E1F5E9B2D00611DC9FE59EEF9487C76

Searching for "svchost.exe"
C:\WINNT\ERDNT\cache\svchost.exe --a--- 7952 bytes [03:52 15/10/2009] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C
C:\WINNT\system32\dllcache\svchost.exe --a--c 7952 bytes [12:00 14/07/2003] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C
C:\WINNT\system32\svchost.exe ------ 7952 bytes [12:00 14/07/2003] [12:00 14/07/2003] 9E64AD53CFD9DA2D22E8A924F8C6E62C

Searching for "beep.sys"
C:\WINNT\ERDNT\cache\beep.sys --a--- 4080 bytes [03:52 15/10/2009] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1
C:\WINNT\system32\dllcache\beep.sys --a--c 4080 bytes [12:00 14/07/2003] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1
C:\WINNT\system32\drivers\beep.sys ------ 4080 bytes [12:00 14/07/2003] [12:00 14/07/2003] DF012C2853281CE2BF536E8DE871C8C1

Searching for "wscntfy.exe"
No files found.

Searching for "logevent.dll"
No files found.

-=End Of File=-

Please navigate to this webpage: http://support.microsoft.com/kb/313222 and see the section "Fix it for me" and click the Microsoft Fix-It button. This will download a fix utility to repair the security settings on your computer, due to damages of malware or other harmful system changes. Install the file after download.

==

Try the following:

1. Please download Restore Sound by right-clicking on the link and click Save Target as (Save link as in Firefox), and save it to your desktop. Be sure to double click on it to install. Confirm the install, if necessary.
   
2. Restart your computer.
   
3. Test sound.

Did this work?

I am in trouble now.

As far as the Microsoft link, when I tried to install it it told me it only works on Vista and XP. I have 2000 Pro.
I tried to look for something similar for 2000 but I couldn't find anything.


As for the 'Restore Sound' link, when I tried to install it, it said "Are you sure you want to add the information in C:\DOCUME~1\ADMINI~1\Desktop\audiosvr.reg to the registry?"
I clicked yes and a similar window popped up and I clicked yes again, then restarted my PC.

When I restarted, before my desktop opened, I had a blue screen for like 30 seconds. This has never happened before.

Now I can't open Malware Bytes, and when I go to Add/Remove Programs the window comes up but there are no icons.

Add to that, I still have no sound either

To start the computer by using last known good configuration, follow these steps:

1. Restart the computer.
   
2. Press F8 when you receive the following message:
   Please select the operating system to start
   
   
3. In Windows Advanced Option Menu, use the arrow keys to select Last Known Good Configuration, and then press ENTER.
   
4. If you are running other operating systems on the computer, click Microsoft Windows 2000 from the list that is displayed, and then press ENTER.
   
   
   WARNING: After you start your computer by using the last
   known good configuration, changes that you made since the last
   successful startup are lost.
   

Article: http://support.microsoft.com/kb/315396

DMJ - I tried everything and did what you just posted.

I still have a 30 second blue screen before desktop loads, I still can't open Malware Bytes, I still have the WinCodecPRO icon and still no sound among other things.

I really need the sound to work the most at this point.

Let me know what you think my man, and thanks for taking your time with me.
Thank you Belahzur as well.

Do you have any recovery discs or the Windows 2000 pro cd?

I am thinking a system repair is necessary, since 2000 does not have a built-in restore feature, except for the Last Known Good Configuration you just tried.

DJM - Unfortunately I was given this computer and it had the operating system already on it, so I don't have the CD or recovery disks.

Is there anything else I can do?

Please reboot to Safe Mode with Networking (tap the F8 key just before Windows starts to load and select the Safe Mode with Networking option from the menu).

Please reply back here when you have done this, or if you had any problems.

==

The trojan has caused the blue screen, by the way. The wincodecpro trojan shoots a blue screen when you try to fix the audio.

That makes sense to me in regards to the trojan and trying to fix the audio.

I actually read on another site that it is located in the processes tab under "dejusched.exe". When I end the process the pop-ups go away, however upon restart it comes right back.


On a side note, I rebooted to Safe Mode with Networking but unfortunately I could not establish an internet connection.

Ok.

Please transfer this download from a clean computer to the infected one:

Make sure to stay in Safe Mode with Networking.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Double-click smitfraudfix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

This is my only computer. Do I have to use a different one?

It is recommended to, so you can get the download. If you are not able to access the internet, that is.

Will it work if I saved it to my desktop, and then installed it after restarting in Safe Mode?

Otherwise I will try to get online in Safe Mode again. The problem is when I open IE, it just freezes and the mouse pointer turns into the hour-glass. I didn't try FireFox though. What do you think?

DMJ - I got it to work using FireFox:

SmitFraudFix v2.424

Scan done at 22:38:46.51, Tue 10/20/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrator\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, following keys are not inevitably infected!!!

o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
!!!Attention, following keys are not inevitably infected!!!

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!



»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINNT\\system32\\userinit.exe,"

»»»»»»»»»»»»»»»»»»»»»»»» RK

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""




»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End

Still in Safe Mode, open the SmitfraudFix folder and double click "SmitfraudFix.cmd".
Select option #2 - Clean by typing 2 and press "Enter".
You will be prompted : "Registry cleaning - Do you want to clean the registry?", answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found), answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process. If it doesn't, please restart anyway into Normal Mode. A text file will appear, with results from the cleaning process.

Please copy/paste its content into your next reply with a new HijackThis log.

(The report can also be found at the root of the system drive, usually at C:\rapport.txt)

(Warning: running option #2 on a non infected computer will remove your Desktop background.)

SmitFraudFix v2.424

Scan done at 11:53:15.48, Wed 10/21/2009
Run from C:\Documents and Settings\Administrator\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

DMJ - On a side note I have sound now. I clicked on the speaker icon and went to properties. Under the audio tab, I clicked volume and saw that 'Wave' was turned down all the way so I turned it up. And 'Line In' was muted.

I hope it stays now.


I think i still have the trojan though.


one last thing, I cannot paste using the mouse.
Any help is greatly appreciated.

Please download comres.dll and save it to the following folder: C:\windows\system32

Note: do not open the file, just save.

NEXT


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

• Follow the Instruction Here for installation.
  
• Accept the License Agreement.
  
• Once the ActiveX installs,Click Full System Scan
  
• Once the download completes,the scan will begin automatically.
  
• The scan will take some time to finish,so please be patient.
  
• When the scan completes, click the Automatic cleaning (recommended) button.
  
• Click the Show Report button and Copy&Paste the entire report in your next reply.
  

DMJ - I was able to save comres.dll to System32.


When I tried to open the link with IE it wouldn't let me. So I opened with FireFox but for some reason I am not able to copy and paste the URL over to IE. And I actually can't copy/paste anything right now.

This should let you download a separate scanner, so download the scanner from Firefox:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

I still can't open it with IE nor can I copy or paste anything at all.

What should I do?

You did not try it with Firefox? It should allow you to download a separate scanner.

DMJ - There is no 'Scan Unwanted Applications' option, however there is a scan archives option. Should I click that?

Also, what if I can't copy/paste the log here for you after completion?

Hi

Go ahead with the scan archives option.

When done, you don't have to copy and paste, but rather just type out the results you see:

Total files scanned: XXXXXX
Infected: XXXXXX

When I went to My Computer - C drive - I could not find the EsetOnlineScanner folder. And when I try to open any folder it comes up blank, no icons. However at the bottom, it says there "xx" amount of objects.
What do I do about this?


Scan results-

Scanned Files: 59765
Infected Files: 1
Cleaned Files: 1
Found = C:\Program Files\Java\jre6\bin\dejusched.exe a variant of Win32/Kryptik.AVG trojan cleaned by deleting - quarantined