Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91679 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] trying to rid a nasty browser/google redirector


  • This topic is locked This topic is locked
12 replies to this topic

#1 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 31 October 2009 - 08:43 AM

IE Explorer browser. Google search. When I google something and get results, anything clicked on leads to a totally unrelated web site. Can copy and paste the link into the url and it will work fine but redirects other wise. Have installed and ran the following: Ad-Aware, Malwarebytes' Anti Malware, Spybot - Search and Destroy and finally hijackthis to try and rid the machine of the redirect to no avail. Have the hijackthis log but don't know what to do with it. Any help would be greatly appreciated.
Included HijackThis log.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:59:22 AM, on 10/31/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\sYSteM32\SvchOst.eXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Skyler\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.messenger-inquirer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Search - ?p=ZRfox000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 6351 bytes

Edited by kevinlee, 31 October 2009 - 01:32 PM.

    Advertisements

Register to Remove


#2 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 November 2009 - 01:24 AM

Hi , welcome to the forum.

To make cleaning this machine easier
  • Please do not uninstall/install any programs unless asked to
    It is more difficult when files/programs are appearing in/disappearing from the logs.
  • Please do not run any scans other than those requested
  • Please follow all instructions in the order posted
  • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
  • Do not attach any logs/reports, etc.. unless specifically requested to do so.
  • If you have problems with or do not understand the instructions, Please ask before continuing.
  • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

Before we get started, unless I missed it, where is your anti virus program?

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any
"<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop

Download OTListIt2 to your desktop.
  • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output
  • Check the boxes beside LOP Check and Purity Check.
  • In the Custom Scans/Fixes box near the bottom, copy and paste this line
    Drivers32
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Please post back with
  • GMER log
  • both OTL logs
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#3 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 01 November 2009 - 08:40 PM

Thanks for the welcome, and I appreciate your help very much.

To answer your question about Anti Virus. At this time, this machine does not have an Anti Virus program installed. On 11/3 I will be switching ISP and adding ATT Security Suite. Do you feel that I should install a seperate program? I just want the best protection for my pc and can do what is recommended.

I have followed your instructions and the results are as follows.

GMER 1.0.15.15163 - http://www.gmer.net
Rootkit scan 2009-11-01 20:16:37
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Skyler\LOCALS~1\Temp\pxtdipow.sys


---- System - GMER 1.0.15 ----

SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xF861687E]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xF8616BFE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2408 80501C40 2 Bytes [7E, 68] {JLE 0x6a}
.text ntkrnlpa.exe!ZwCallbackReturn + 2740 80501F78 2 Bytes [FE, 6B]
? System32\Drivers\hiber_WMILIB.SYS The system cannot find the path specified. !

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 EABFiltr.sys (QLB PS/2 Keyboard filter driver/Hewlett-Packard Company)
AttachedDevice \Driver\Tcpip \Device\Tcp fio32.sys (FIO32/FIO32)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----





OTL logfile created on: 11/1/2009 8:21:47 PM - Run 1
OTL by OldTimer - Version 3.1.2.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 203.60 Mb Available Physical Memory | 39.88% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 63.42 Gb Free Space | 85.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 495.72 Mb Total Space | 486.04 Mb Free Space | 98.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TH
Current User Name: Skyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
PRC - C:\WINDOWS\system32\wbem\unsecapp.exe (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - C:\WINDOWS\system32\fio32.dll ()
SRV - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - C:\WINDOWS\system32\drivers\fio32.sys (FIO32)
DRV - C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\MRV8335XP.sys (Marvell Semiconductor, Inc)
DRV - C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - C:\WINDOWS\system32\CBTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Modules (SafeList) ==========

MOD - E:\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.messenger-inquirer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.omuonline.net"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3


[2005/12/27 00:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Firefox\Profiles\xyqphy8q.default\extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/12/27 00:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Firefox\Profiles\xyqphy8q.default\extensions
[2009/02/23 18:57:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2009/09/17 12:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/17 12:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/23 18:57:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2006/09/03 13:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007/01/09 13:03:02 | 00,658,056 | ---- | M] (Move Networks) -- C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll
[2006/07/27 02:05:47 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

O1 HOSTS File: (348853 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 11962 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/31 07:58:26 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Skyler\Desktop\HiJackThis.exe
[2009/10/30 10:40:35 | 00,064,288 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2009/10/30 10:35:24 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/10/30 10:34:32 | 00,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2009/10/30 10:34:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/29 16:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\Malwarebytes
[2009/10/29 11:39:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 11:39:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 11:39:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 11:39:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/28 14:07:30 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/10/28 14:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/27 09:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\CS
[2009/10/27 09:26:43 | 00,056,064 | ---- | C] (FIO32) -- C:\WINDOWS\System32\drivers\fio32.sys
[2009/10/19 08:21:12 | 00,176,640 | ---- | C] (Lexmark) -- C:\WINDOWS\System32\LXROSUI.DLL
[2009/10/19 08:09:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/10/19 08:09:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/10/19 08:04:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\My Documents\My eBooks
[2009/10/11 06:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/11 06:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/11 06:07:35 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/11 06:07:22 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/10/11 06:07:22 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/10/11 06:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/11 06:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/11 03:09:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Skyler\Recent
[2009/10/05 10:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\DriverCure
[2009/10/05 10:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2009/10/05 10:24:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/10/03 22:48:44 | 00,000,000 | ---D | C] -- C:\users
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/01 11:56:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/01 11:07:49 | 06,815,744 | ---- | M] () -- C:\Documents and Settings\Skyler\ntuser.dat
[2009/11/01 11:05:22 | 00,282,833 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\gmer.zip
[2009/10/31 07:46:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/31 07:42:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/31 07:41:47 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/31 07:41:33 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/31 07:40:58 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Skyler\Desktop\HiJackThis.exe
[2009/10/30 22:22:12 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Skyler\ntuser.ini
[2009/10/30 10:35:23 | 00,000,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/29 17:03:48 | 00,000,444 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/10/28 15:15:30 | 00,004,895 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/28 13:52:35 | 00,013,312 | ---- | M] () -- C:\WINDOWS\rdr_1256759482.exe
[2009/10/28 13:32:16 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465448.xxe
[2009/10/28 13:32:00 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465249.xxe
[2009/10/28 13:32:00 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\tgm2.dat
[2009/10/28 13:31:45 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465349.xxe
[2009/10/28 13:31:45 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\hpm2.dat
[2009/10/28 13:31:28 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\bx4657.dat
[2009/10/28 13:31:27 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465649.xxe
[2009/10/27 18:48:43 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465055.xxe
[2009/10/27 09:26:54 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/10/27 09:26:43 | 00,056,064 | ---- | M] (FIO32) -- C:\WINDOWS\System32\drivers\fio32.sys
[2009/10/27 09:26:43 | 00,051,200 | ---- | M] () -- C:\WINDOWS\System32\fio32.dll
[2009/10/27 09:26:30 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465050.xxe
[2009/10/27 09:26:29 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465248.xxe
[2009/10/27 09:26:29 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
[2009/10/27 09:26:28 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464955.xxe
[2009/10/27 09:26:28 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146116101.xxe
[2009/10/24 20:12:54 | 00,001,405 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2009/10/23 12:46:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/22 23:33:00 | 00,000,418 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2009/10/16 18:14:31 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/10/16 13:22:44 | 00,291,328 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\gmer.exe
[2009/10/14 17:17:51 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/11 22:08:04 | 00,444,802 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/10/11 22:08:04 | 00,384,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/10/11 22:08:04 | 00,054,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/10/11 17:47:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pcfriend.INI
[2009/10/11 06:08:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/11 06:08:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/11 03:20:50 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\Windows Media Player.lnk
[2009/10/11 03:20:14 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 02:13:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2009/10/07 08:35:52 | 06,944,254 | -H-- | M] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\IconCache.db
[2009/10/04 16:47:27 | 00,093,640 | ---- | M] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/01 11:06:50 | 00,282,833 | ---- | C] () -- C:\Documents and Settings\Skyler\Desktop\gmer.zip
[2009/10/30 11:20:39 | 00,015,688 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2009/10/30 10:46:12 | 00,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2009/10/30 10:35:23 | 00,000,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2009/10/28 14:36:34 | 00,004,895 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/28 13:52:35 | 00,013,312 | ---- | C] () -- C:\WINDOWS\rdr_1256759482.exe
[2009/10/28 13:32:16 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465448.xxe
[2009/10/28 13:32:00 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465249.xxe
[2009/10/28 13:32:00 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\tgm2.dat
[2009/10/28 13:31:45 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465349.xxe
[2009/10/28 13:31:45 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\hpm2.dat
[2009/10/28 13:31:28 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\bx4657.dat
[2009/10/28 13:31:27 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465649.xxe
[2009/10/27 18:48:43 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465055.xxe
[2009/10/27 09:26:54 | 00,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/10/27 09:26:43 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\fio32.dll
[2009/10/27 09:26:30 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465050.xxe
[2009/10/27 09:26:29 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101465248.xxe
[2009/10/27 09:26:29 | 00,000,001 | -H-- | C] () -- C:\WINDOWS\bk23567.dat
[2009/10/27 09:26:28 | 00,000,002 | ---- | C] () -- C:\WINDOWS\0101120101464955.xxe
[2009/10/27 09:26:28 | 00,000,002 | ---- | C] () -- C:\WINDOWS\010112010146116101.xxe
[2009/10/24 19:04:12 | 00,001,405 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/16 13:22:44 | 00,291,328 | ---- | C] () -- C:\Documents and Settings\Skyler\Desktop\gmer.exe
[2009/10/11 17:47:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/11 06:08:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/11 06:08:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/11 06:07:40 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/11 02:13:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2009/10/05 10:25:02 | 00,000,444 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration.job
[2009/10/05 10:24:56 | 00,000,418 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version2.job
[2007/12/05 17:40:22 | 00,093,640 | ---- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/05 15:58:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2007/12/05 15:58:32 | 00,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2007/12/05 15:58:32 | 00,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2007/12/05 15:58:18 | 00,000,000 | ---- | C] () -- C:\WINDOWS\WINHELP.INI
[2006/05/08 20:05:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 19:52:55 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2005/12/26 21:39:13 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 03:01:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Skyler\Application Data\desktop.ini
[2005/12/25 03:01:24 | 06,944,254 | -H-- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\IconCache.db
[2005/12/24 20:28:40 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/24 20:21:35 | 00,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2005/05/11 22:02:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 22:02:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 22:02:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 22:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 22:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 22:02:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 21:49:08 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 02:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 07:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 07:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:58:22 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 23:47:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/06 23:46:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/03/20 00:00:00 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 00,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI

========== LOP Check ==========

[2009/10/05 10:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2005/05/11 22:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/10/05 10:24:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2007/01/25 22:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/10/11 06:11:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/30 10:35:38 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2005/12/24 20:32:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\acccore
[2005/12/24 23:14:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Aim
[2007/03/04 20:41:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Azureus
[2009/10/05 10:25:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\DriverCure
[2005/12/28 13:00:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\InterVideo
[2007/01/25 22:33:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Viewpoint
[2009/10/31 07:46:37 | 00,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2009/11/01 11:56:03 | 00,000,256 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 02:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/29 17:03:48 | 00,000,444 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration.job
[2009/10/22 23:33:00 | 00,000,418 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version2.job
[2009/10/31 07:42:07 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< Drivers >
< End of report >



OTL Extras logfile created on: 11/1/2009 8:21:47 PM - Run 1
OTL by OldTimer - Version 3.1.2.0 Folder = E:\
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 203.60 Mb Available Physical Memory | 39.88% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.90% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 63.42 Gb Free Space | 85.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 495.72 Mb Total Space | 486.04 Mb Free Space | 98.05% Space Free | Partition Type: FAT
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TH
Current User Name: Skyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E22217-0E96-4C3F-B831-83AA942B7715}" = UserGuides
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{15D91706-6ADF-44CF-9D7D-FF2D8ACD2C6F}" = LS_HSI
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91CA0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Small Business Edition 2003
"{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = TIxx21
"{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}" = Highlight Viewer (Windows Live Toolbar)
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B3
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3085103C" = Data Fax SoftModem with SmartCP
"Conexant PCI Audio" = Conexant AC-Link Audio
"ESPN Java Check" = ESPN Java Check
"HijackThis" = HijackThis 2.0.2
"HP Pavillion zv6000 User Guides" = HP Pavillion zv6000 User Guides
"ie8" = Windows Internet Explorer 8
"InstallShield_{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up
"InstallShield_{96C0E73B-8813-4F4A-9EA1-D407C27AA1A1}" = Texas Instruments PCIxx21/x515 drivers.
"InstallShield_{99D42EC7-652B-4819-B3E6-6450C815E03F}" = Odyssey Client
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2005b" = Microsoft Money 2005
"Move Player_is1" = Move Networks Player for Firefox
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Pacific Poker" = Pacific Poker
"ScreensaversInstaller" = Screensavers Installer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/12/2008 5:22:28 AM | Computer Name = SKYLER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.62306, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/14/2008 1:44:23 AM | Computer Name = SKYLER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.62306, faulting
module ntdll.dll, version 5.1.2600.2180, fault address 0x00018fea.

Error - 7/14/2008 1:45:13 AM | Computer Name = SKYLER | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.62306, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 7/27/2008 9:55:45 PM | Computer Name = SKYLER | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20080.4669, faulting
module unknown, version 0.0.0.0, fault address 0x035f310a.

Error - 4/19/2009 8:50:14 PM | Computer Name = TH | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20080.4669, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/28/2009 9:54:04 PM | Computer Name = TH | Source = MsiInstaller | ID = 1024
Description = Product: Microsoft .NET Framework 1.1 - Update '{8EFA4753-7169-4CC3-A28B-0A1643B8A39B}'
could not be installed. Error code 1603. Windows Installer can create logs to help
troubleshoot issues with installing software packages. Use the following link for
instructions on turning on logging support: http://go.microsoft....k/?LinkId=23127

Error - 4/28/2009 10:15:21 PM | Computer Name = TH | Source = MsiInstaller | ID = 10005
Description = Product: J2SE Runtime Environment 5.0 Update 2 -- You already have
this version of the JRE installed. Please uninstall the product through your add/remove
programs utility before reinstalling.

Error - 9/6/2009 11:18:44 PM | Computer Name = TH | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3160, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

Error - 9/6/2009 11:18:44 PM | Computer Name = TH | Source = LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
failed. The Error code is the first DWORD in Data section.

Error - 9/6/2009 11:18:48 PM | Computer Name = TH | Source = LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is incorrectly
formatted.
The bogus string is 3160, the bogus index value is the first DWORD in Data section
while the last valid index values are the second and third DWORD in Data section.

[ System Events ]
Error - 10/29/2009 10:52:13 AM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/29/2009 1:23:10 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/29/2009 1:51:28 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/29/2009 5:18:37 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/29/2009 6:35:35 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/30/2009 12:42:48 PM | Computer Name = TH | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.103 for the Network Card with network
address 0014A51D7E2D has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 10/30/2009 12:44:16 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/30/2009 1:27:29 PM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/31/2009 12:10:56 AM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.

Error - 10/31/2009 9:43:50 AM | Computer Name = TH | Source = Service Control Manager | ID = 7022
Description = The fioo32 service hung on starting.


< End of report >


I look forward to your help and thanks again.

#4 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 01 November 2009 - 11:06 PM

Hi kevinlee,

Ok thanks for the info on the antivirus program. Do you know what antivirus program that ATT provides? One antivirus program at a time is all you need, so if you are getting one from ATT that will be fine.

Untill we get you cleaned up, please do not use this computer online for anything beside checking this forum and downloading tools. Without an AV you are very vulnerable.

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
[2009/10/28 13:52:35 | 00,013,312 | ---- | M] () -- C:\WINDOWS\rdr_1256759482.exe
[2009/10/28 13:32:16 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465448.xxe
[2009/10/28 13:32:00 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465249.xxe
[2009/10/28 13:32:00 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\tgm2.dat
[2009/10/28 13:31:45 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465349.xxe
[2009/10/28 13:31:45 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\hpm2.dat
[2009/10/28 13:31:28 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\bx4657.dat
[2009/10/28 13:31:27 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465649.xxe
[2009/10/27 18:48:43 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465055.xxe
[2009/10/27 09:26:54 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/10/27 09:26:43 | 00,056,064 | ---- | M] (FIO32) -- C:\WINDOWS\System32\drivers\fio32.sys
[2009/10/27 09:26:43 | 00,051,200 | ---- | M] () -- C:\WINDOWS\System32\fio32.dll
[2009/10/27 09:26:30 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465050.xxe
[2009/10/27 09:26:29 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101465248.xxe
[2009/10/27 09:26:29 | 00,000,001 | -H-- | M] () -- C:\WINDOWS\bk23567.dat
[2009/10/27 09:26:28 | 00,000,002 | ---- | M] () -- C:\WINDOWS\0101120101464955.xxe
[2009/10/27 09:26:28 | 00,000,002 | ---- | M] () -- C:\WINDOWS\010112010146116101.xxe
[2009/10/11 17:47:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pcfriend.INI
[2009/10/11 02:13:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
:Services
FIO32

:Commands
[emptytemp]
[start explorer]

Then click the Run Fix button at the top
  • Let the program run unhindered
  • Please save the resulting log to be posted in your next reply.
Please post the OTL log.

Please read through these instructions to familarize yourself with what to expect when this tool runs

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with
  • OTL fix log
  • combofix log
How's the computer?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#5 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 November 2009 - 02:27 AM

Hi, oldman960

I have completed the instructions.

The OTL fix log: recieved an error with this one. Error completing log. If there is a way to retrieve this I will gladly do so.

combofix log: is below



Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.194 [GMT -6:00]
Running from: E:\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-2738528725-3377773627-2742169642-1003
c:\windows\010112010146116101.xxe
c:\windows\0101120101464955.xxe
c:\windows\0101120101465050.xxe
c:\windows\0101120101465055.xxe
c:\windows\0101120101465248.xxe
c:\windows\0101120101465249.xxe
c:\windows\0101120101465349.xxe
c:\windows\0101120101465448.xxe
c:\windows\0101120101465649.xxe
c:\windows\bk23567.dat
c:\windows\rdr_1256759482.exe
c:\windows\system32\drivers\fio32.sys
c:\windows\system32\fio32.dll
c:\windows\winhelp.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FIOO32
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_fioo32
-------\Service_SfX
-------\Legacy_fio32
-------\Service_fio32


((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-10-30 17:20 . 2009-09-03 09:17 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-30 16:40 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 16:35 . 2009-10-30 16:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 16:34 . 2009-10-30 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 16:34 . 2009-10-30 16:34 -------- d-----w- c:\program files\Lavasoft
2009-10-29 22:21 . 2009-10-29 22:21 -------- d-----w- c:\documents and settings\Skyler\Application Data\Malwarebytes
2009-10-29 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 17:39 . 2009-10-29 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 17:39 . 2009-10-29 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 20:07 . 2009-10-28 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-28 19:32 . 2009-10-28 19:32 1 ---ha-w- c:\windows\tgm2.dat
2009-10-28 19:31 . 2009-10-28 19:31 1 ---ha-w- c:\windows\hpm2.dat
2009-10-28 19:31 . 2009-10-28 19:31 1 ---ha-w- c:\windows\bx4657.dat
2009-10-27 15:51 . 2009-10-28 21:15 -------- d-----w- c:\program files\CS
2009-10-25 01:04 . 2009-10-25 02:12 1405 ----a-w- c:\windows\checkip.dat
2009-10-23 18:46 . 2009-10-23 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-19 14:21 . 2001-08-18 03:36 176640 ----a-w- c:\windows\system32\LXROSUI.DLL
2009-10-19 14:09 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-19 14:09 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-17 00:14 . 2009-10-17 00:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-11 12:10 . 2009-10-11 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-11 12:09 . 2009-10-11 12:09 -------- d-----w- c:\program files\Bonjour
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 12:07 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-11 12:07 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-05 16:25 . 2009-10-05 16:25 -------- d-----w- c:\documents and settings\Skyler\Application Data\DriverCure
2009-10-05 16:24 . 2009-10-05 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2009-10-05 16:24 . 2009-10-05 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2009-10-04 04:48 . 2009-10-04 04:48 -------- d-----w- C:\users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 12:18 . 2005-12-25 09:01 -------- d-----w- c:\documents and settings\Skyler\Application Data\Apple Computer
2009-10-11 12:13 . 2005-12-25 02:12 -------- d-----w- c:\program files\iTunes
2009-10-11 12:10 . 2005-05-12 04:07 -------- d-----w- c:\program files\iPod
2009-10-11 12:09 . 2005-12-25 02:13 -------- d-----w- c:\program files\QuickTime
2009-10-11 12:09 . 2005-05-12 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 04:54 . 2005-12-25 05:13 -------- d-----w- c:\program files\AIM
2009-10-04 22:47 . 2007-12-05 23:40 93640 -c--a-w- c:\documents and settings\Skyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 04:53 . 2009-09-26 04:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\program files\Symantec
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 03:11 . 2009-09-07 03:11 -------- d-----w- c:\program files\ATI Technologies
2009-09-07 03:10 . 2009-09-07 03:10 -------- d-----w- c:\program files\CONEXANT
2009-09-07 03:10 . 2009-04-29 01:43 -------- d-----w- c:\program files\ATI Technologies(2)
2009-09-07 03:10 . 2005-05-12 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 03:10 . 2005-05-12 04:02 -------- d-----w- c:\program files\InterVideo
2009-09-07 03:10 . 2005-05-12 03:37 -------- d-----w- c:\program files\HPQ
2009-09-07 03:10 . 2009-04-29 01:49 -------- d-----w- c:\program files\CPQ
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-04 08:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-07-03 21:26 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2008-07-03 21:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 08:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-04 14:20 . 2004-08-04 08:00 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 10:40 AM 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 5:17 AM 1169232]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/25/2007 4:39 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/22/2005 8:39 AM 200192]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
fioo32 REG_MULTI_SZ fioo32
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:06]

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.messenger-inquirer.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZRfox000
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Pacific Poker - c:\progra~1\PACIFI~1\UNWISE.EXE
AddRemove-ScreensaversInstaller - c:\program files\Screensavers.com\Installer\bin\siuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 02:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1448)
c:\windows\system32\Ati2evxx.dll
c:\program files\Funk Software\Funk Client\odLogin.dll

- - - - - - - > 'explorer.exe'(988)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\HPQ\SHARED\HPQWMI.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2009-11-02 2:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-02 08:10

Pre-Run: 68,120,285,184 bytes free
Post-Run: 67,995,439,104 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 952C0E95D1603D27A5AA4A72E6863106


I am going to leave this machine off line until I install an AV program which should be on 11/2.
I would like to ask your opinion on some of the tools that I installed (adaware, malwarebytes, spybot). If I have a good AV are these tools useful as extra protection?

Thanks
kevinlee

#6 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 02 November 2009 - 03:22 AM

Hi Kevinlee,

That's ok, if OTL errored out with that message there won't be one. The combofix log will give us enough to work with.

(adaware, malwarebytes, spybot). If I have a good AV are these tools useful as extra protection?

Yes they will make for the beginnings of a good layered security system. AdAware is not as good as it once was, you can do without it if you wish. Spybot with TeaTimer enabled is a good resident (real time) antispyware program. MBAM (malwarebytes) is an excellent on demand antimalware program and is one I use on my PC and on the forums for cleaning. We will cover some of this when your computer is clean. Let's see if we can get you cleaned up in time for your new AV.

Having said the above, sometimes TeaTimer is too good. Please disable this program and leave it disabled until we are done. It may interfere with our fixes.

SPYBOT TEATIMER
  • Launch Spybot S&D, go to the Mode menu and make sure "Advanced Mode" is selected.
  • On the left hand side, click on Tools, then click on the Resident Icon in the list.
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • Click on the "System Startup" icon in the List
  • Uncheck the "TeaTimer" box and "OK" any prompts.
  • If Teatimer gives you a warning that changes were made, click the "Allow Change" box when prompted.
  • Exit Spybot S&D when done.
  • (When we are done, you can re-enable Teatimer using the same steps but this time place a check next to "Resident TeaTimer" and check the "TeaTimer" box in System Startup.]

Please follow all previous instructions regarding security programs.

Open a new Notepad session
  • Click the Start button, click run
  • in the run box type notepad
  • click ok
  • In the notepad, Click "Format" and be certain that Word Wrap is not checked.
  • Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE

File::
c:\windows\tgm2.dat
c:\windows\hpm2.dat
c:\windows\bx4657.dat

Folder::
c:\documents and settings\Skyler\Application Data\DriverCure
c:\documents and settings\All Users\Application Data\DriverCure
c:\documents and settings\All Users\Application Data\ParetoLogic

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
"fioo32"=-

In the notepad
  • Click File, Save as..., and set the Save in to your Desktop
  • In the filename box, type (including quotation marks) as the filename: "CFScript.txt"
  • Click save
Using your mouse left button, drag the new file CFscript.txt and drop it on the ComboFix.exe icon as shown below.

This will start ComboFix again.Close all browser/windows first.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Posted Image



You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Please post back with
  • combofix log
  • MBAM log
How is your computer?

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#7 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 02 November 2009 - 10:29 AM

Hi oldman960

I have completed the instructions. The log files follow.


ComboFix 09-11-01.04 - Skyler 11/02/2009 9:59.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.257 [GMT -6:00]
Running from: E:\ComboFix.exe
Command switches used :: c:\documents and settings\Skyler\Desktop\CFScript.txt

FILE ::
"c:\windows\bx4657.dat"
"c:\windows\hpm2.dat"
"c:\windows\tgm2.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\DriverCure
c:\documents and settings\All Users\Application Data\DriverCure\9B13A86D3456.plf
c:\documents and settings\All Users\Application Data\ParetoLogic
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Update.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Master.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Patch.xml
c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Update.xml
c:\documents and settings\Skyler\Application Data\DriverCure
c:\documents and settings\Skyler\Application Data\DriverCure\Client.txt
c:\documents and settings\Skyler\Application Data\DriverCure\LogFile.txt
c:\documents and settings\Skyler\Application Data\DriverCure\Server.txt
c:\windows\bx4657.dat
c:\windows\hpm2.dat
c:\windows\tgm2.dat

.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-10-30 16:34 . 2009-11-02 15:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-29 22:21 . 2009-10-29 22:21 -------- d-----w- c:\documents and settings\Skyler\Application Data\Malwarebytes
2009-10-29 17:39 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 17:39 . 2009-10-29 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 17:39 . 2009-10-29 17:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 17:39 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 20:07 . 2009-10-28 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-28 20:07 . 2009-10-28 20:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-27 15:51 . 2009-10-28 21:15 -------- d-----w- c:\program files\CS
2009-10-25 01:04 . 2009-10-25 02:12 1405 ----a-w- c:\windows\checkip.dat
2009-10-23 18:46 . 2009-10-23 18:46 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-10-19 14:21 . 2001-08-18 03:36 176640 ----a-w- c:\windows\system32\LXROSUI.DLL
2009-10-19 14:09 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-10-19 14:09 . 2008-04-13 17:47 25856 ----a-w- c:\windows\system32\dllcache\usbprint.sys
2009-10-17 00:14 . 2009-10-17 00:14 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-11 12:10 . 2009-10-11 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-11 12:09 . 2009-10-11 12:09 -------- d-----w- c:\program files\Bonjour
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 12:07 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-10-11 12:07 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 12:07 . 2009-10-11 12:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-04 04:48 . 2009-10-04 04:48 -------- d-----w- C:\users

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-11 12:18 . 2005-12-25 09:01 -------- d-----w- c:\documents and settings\Skyler\Application Data\Apple Computer
2009-10-11 12:13 . 2005-12-25 02:12 -------- d-----w- c:\program files\iTunes
2009-10-11 12:10 . 2005-05-12 04:07 -------- d-----w- c:\program files\iPod
2009-10-11 12:09 . 2005-12-25 02:13 -------- d-----w- c:\program files\QuickTime
2009-10-11 12:09 . 2005-05-12 04:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-11 04:54 . 2005-12-25 05:13 -------- d-----w- c:\program files\AIM
2009-10-04 22:47 . 2007-12-05 23:40 93640 -c--a-w- c:\documents and settings\Skyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-26 04:53 . 2009-09-26 04:53 -------- d-----w- c:\program files\Windows Media Connect 2
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\program files\Symantec
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-17 21:21 . 2005-05-12 04:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-09-11 14:18 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-07 03:11 . 2009-09-07 03:11 -------- d-----w- c:\program files\ATI Technologies
2009-09-07 03:10 . 2009-09-07 03:10 -------- d-----w- c:\program files\CONEXANT
2009-09-07 03:10 . 2009-04-29 01:43 -------- d-----w- c:\program files\ATI Technologies(2)
2009-09-07 03:10 . 2005-05-12 03:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-07 03:10 . 2005-05-12 04:02 -------- d-----w- c:\program files\InterVideo
2009-09-07 03:10 . 2005-05-12 03:37 -------- d-----w- c:\program files\HPQ
2009-09-07 03:10 . 2009-04-29 01:49 -------- d-----w- c:\program files\CPQ
2009-09-04 21:03 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2004-08-04 08:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-07 00:24 . 2004-08-04 08:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2004-08-04 08:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2005-05-26 10:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2004-08-04 08:00 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2004-08-04 08:00 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 08:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2004-08-04 08:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2008-07-03 21:26 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-07 00:23 . 2008-07-03 21:26 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 00:23 . 2004-08-04 08:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 08:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2004-08-04 08:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-05 00:52 . 2009-08-05 00:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-11-02_08.04.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-07 13:10 . 2009-11-02 07:48 54528 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2009-11-02 15:47 54528 c:\windows\system32\perfc009.dat
+ 2004-08-07 13:10 . 2009-11-02 15:47 384698 c:\windows\system32\perfh009.dat
- 2004-08-07 13:10 . 2009-11-02 07:48 384698 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-14 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-04-11 794624]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/25/2007 4:39 PM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [3/22/2005 8:39 AM 200192]
S3 iscFlash;iscFlash;\??\c:\windows\SYSTEM32\DRIVERS\iscflash.sys --> c:\windows\SYSTEM32\DRIVERS\iscflash.sys [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-11-02 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.messenger-inquirer.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - ?p=ZRfox000
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 10:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1168)
c:\windows\system32\Ati2evxx.dll
c:\program files\Funk Software\Funk Client\odLogin.dll
.
Completion time: 2009-11-02 10:07
ComboFix-quarantined-files.txt 2009-11-02 16:06
ComboFix2.txt 2009-11-02 08:11

Pre-Run: 68,302,278,656 bytes free
Post-Run: 68,264,214,528 bytes free

- - End Of File - - E94B2D75BED4BA5F5EDE8EBA9FECB9D1







Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

11/2/2009 10:19:16 AM
mbam-log-2009-11-02 (10-19-16).txt

Scan type: Quick Scan
Objects scanned: 90890
Time elapsed: 6 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



I did encounter an error when updateing MBAM. Instructed to send the error code to support team. error code: 732(0,0)

Computer seems to be fine to this point.

Thanks
kevinlee

#8 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 02 November 2009 - 12:45 PM

Hi Kevinlee,

So far so good. It looks like you used to use Norton (Symantec). and uninstalled it. If that's the case, we'll make sure all traces are gone.

Download the Norton Removal Tool from HERE and save it to your desktop.

Next Double click on Norton_Removal_Tool.exe to run the tool.

Follow the on-screen instructions.
Your computer may be restarted more than once, and you may be asked to repeat some steps after the computer restarts.

Use OTL with this fix to make sure the folders have been removed by the Norton Removal Tool

Next, Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:OTL
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)

:Services

:Reg

:Files
c:\program files\Symantec
c:\program files\Common Files\Symantec Shared
c:\documents and settings\All Users\Application Data\Symantec

Then click the Run Fix button at the top
  • Let the program run unhindered

Your java is out of date and vulnerable.
If Information Bar pop-ups up, right-click on it and say it's OK to display the blocked content.
  • Select the platform (Windows, in your case), mutli language.
  • Accept the license agreement, click continue.
You do not have to install the Java Web Start ActiveX Control
  • Scroll down and click on Windows Offline Installation,
  • Save the file jre-6u16-windows-i586-p.exe to your desktop;
Do not select Run . Do not install it yet.

When the download is complete, close your browser.

Open Control Panel > Add/Remove Programs and uninstall

J2SE Runtime Environment 5.0 Update 2

Do not uninstall Java TM 6 Update 16 if found! :yeah:

Reboot your computer.

  • Double-click on the saved file ( jre-6u16-windows-i586-p.exe) to install the update.
  • Delete the downloaded installation file after completing the above procedure and reboot if not prompted to do so.

Next, clear the java cache

To clear the Java Plug-in cache:
  • Click Start > Control Panel.
  • Double-click the Java icon in the control panel.
  • On the General tab, Click Settings under Temporary Internet Files.
  • On the Temporary Files Settings screen, Click Delete Files.
  • check all boxes
  • Click OK

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions.
  • You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computerr under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Change the Files of type to Text file (.txt)
  • Set the Save In to Desktop
  • click the Save button.
  • Please post this log in your next reply.

Please post back with
  • Kaspersky log
  • OTL scan log taken after Kaspersky
Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#9 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 03 November 2009 - 04:15 PM

Hi oldman960, Completed instructions. Log following: KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, November 3, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Tuesday, November 03, 2009 18:15:09 Records in database: 3118942 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ Scan statistics: Objects scanned: 54859 Threats found: 3 Infected objects found: 4 Suspicious objects found: 0 Scan duration: 02:21:36 File name / Threat / Threats count C:\Program Files\Online Services\AOL90US\comps\toolbar\toolbr.EXE Infected: not-a-virus:AdWare.Win32.SearchIt.t 1 C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fio32.sys.vir Infected: Rootkit.Win32.Agent.vir 1 C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000029.sys Infected: Rootkit.Win32.Agent.vir 1 C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP1\A0000030.dll Infected: Net-Worm.Win32.Koobface.cgk 1 Selected area has been scanned. ========== OTL ========== Process Explorer.EXE killed successfully! ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File\Folder c:\program files\Symantec not found. File\Folder c:\program files\Common Files\Symantec Shared not found. File\Folder c:\documents and settings\All Users\Application Data\Symantec not found. OTL by OldTimer - Version 3.1.2.0 log created on 11032009_120038 Thanks kevinlee

#10 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 03 November 2009 - 07:39 PM

Hi Kevinlee,

One file to remove that's related to AOL. The other detections will be removed when we cleanup our tools.

The one detection belong to an AOL toolbar. I don't see the progran installed.

If you do not use this program we can remove the folder with OTL if you wish. To do so:

Double click on OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
  • Do Not copy the word CODE
  • please note the fix starts with the :
:Files
C:\Program Files\Online Services\AOL90US\comps\toolbar

Then click the Run Fix button at the top.

No need for the OTL fix log. Please run a new OTL scan log. If everything is OK, we'll clean up our tools after you post back.

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#11 kevinlee

kevinlee

    New Member

  • Authentic Member
  • Pip
  • 6 posts

Posted 04 November 2009 - 12:25 AM

Hi oldmn960,

Well, I hate to say it but I received my new modem and AV (Trend Micro AntiVirus+AntiSpyware) today, while I was at work my son took the liberty to install the modem and AV for me without knowing the removal process we were going through. Thankfully he didn't remove my tools or log files, I guess. I do apologize and hope this isn't too much of an inconvenience.

I went ahead and finished the instructions and the log follows


OTL logfile created on: 11/3/2009 11:54:21 PM - Run 2
OTL by OldTimer - Version 3.1.2.0 Folder = C:\Documents and Settings\Skyler\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.48 Mb Total Physical Memory | 128.41 Mb Available Physical Memory | 25.15% Memory free
1.22 Gb Paging File | 0.87 Gb Available in Paging File | 71.60% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 62.65 Gb Free Space | 84.07% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TH
Current User Name: Skyler
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Skyler\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
PRC - C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()
PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ATTToolbar\FDServer.exe (AT&T Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
PRC - C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe (Viewpoint Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
PRC - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()


========== Win32 Services (SafeList) ==========

SRV - C:\Program Files\Common Files\Motive\McciCMService.exe (Alcatel-Lucent)
SRV - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - C:\WINDOWS\pchealth\helpctr\binaries\pchsvc.dll (Microsoft Corporation)
SRV - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.)
SRV - C:\Program Files\HPQ\Shared\hpqwmi.exe (Hewlett-Packard Development Company, L.P.)
SRV - C:\Program Files\Common Files\LightScribe\LSSrvc.exe ()
SRV - C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - C:\WINDOWS\system32\drivers\usbaapl.sys (Apple, Inc.)
DRV - C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - C:\WINDOWS\system32\drivers\tmactmon.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\tmevtmgr.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)
DRV - C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - C:\WINDOWS\system32\drivers\mdmxsdk.sys (Conexant)
DRV - C:\WINDOWS\system32\drivers\HSFHWATI.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - C:\WINDOWS\system32\drivers\camc6hal.sys (Conexant Systems Inc.)
DRV - C:\WINDOWS\system32\drivers\camc6aud.sys (Conexant Systems Inc.)
DRV - C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - C:\WINDOWS\system32\drivers\MRV8335XP.sys (Marvell Semiconductor, Inc)
DRV - C:\WINDOWS\system32\drivers\odysseyIM4.sys (Funk Software, Inc.)
DRV - C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)
DRV - C:\WINDOWS\system32\drivers\Rtlnicxp.sys (Realtek Semiconductor Corporation )
DRV - C:\WINDOWS\system32\drivers\eabfiltr.sys (Hewlett-Packard Company)
DRV - C:\WINDOWS\system32\CBTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - C:\WINDOWS\system32\drivers\EabUsb.sys (Hewlett-Packard Company)
DRV - C:\WINDOWS\system32\drivers\smcirda.sys (SMC)
DRV - C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Skyler\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wbem\framedyn.dll (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.omuonline.net"
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/11/03 12:37:56 | 00,000,000 | ---D | M]

[2005/12/27 00:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Firefox\Profiles\xyqphy8q.default\extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions
[2009/09/16 19:17:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2005/12/27 00:08:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Skyler\Application Data\Mozilla\Firefox\Profiles\xyqphy8q.default\extensions
[2009/02/23 18:57:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2009/09/17 12:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/09/17 12:03:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/02/23 18:57:55 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla(2).org
[2006/09/03 13:12:48 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
[2007/01/09 13:03:02 | 00,658,056 | ---- | M] (Move Networks) -- C:\Program Files\Mozilla Firefox\plugins\npmnqmp07010901.dll
[2006/07/27 02:05:47 | 00,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2007/03/22 18:23:30 | 00,017,248 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar4.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [hpWirelessAssistant] C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [ISW.exe] C:\Program Files\AT&T\Internet Security Wizard\ISW.exe (AT&T)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/03 18:34:11 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmevtmgr.sys
[2009/11/03 18:34:10 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/11/03 18:34:10 | 00,050,192 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmactmon.sys
[2009/11/03 18:33:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Trend Micro
[2009/11/03 18:31:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/11/03 17:39:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\AT&T
[2009/11/03 17:39:19 | 00,000,000 | ---D | C] -- C:\Program Files\AT&T
[2009/11/03 17:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2009/11/03 17:39:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ATTToolbar
[2009/11/03 17:39:09 | 00,000,000 | ---D | C] -- C:\Program Files\ATTToolbar
[2009/11/03 17:39:09 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\ATTToolbar
[2009/11/03 17:37:22 | 00,000,000 | ---D | C] -- C:\Program Files\ATT-SST
[2009/11/03 17:35:54 | 00,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2009/11/03 16:25:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\Motive
[2009/11/03 16:24:45 | 00,000,000 | ---D | C] -- C:\Program Files\ATT-HSI
[2009/11/03 16:24:33 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Motive
[2009/11/03 16:23:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Motive
[2009/11/03 16:19:23 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/11/03 16:19:23 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/11/03 16:19:23 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/11/03 16:17:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Desktop\MALWARE REMOVAL FILE
[2009/11/03 12:38:15 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/11/03 12:38:15 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/11/03 11:55:12 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/11/03 11:53:37 | 00,527,360 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Skyler\Desktop\OTL.exe
[2009/11/02 10:07:28 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/11/02 01:51:47 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/11/02 01:45:54 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/11/02 01:45:54 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/11/02 01:45:53 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/11/02 01:45:53 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/11/02 01:45:39 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/11/02 01:45:09 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/10/31 07:58:26 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Skyler\Desktop\HiJackThis.exe
[2009/10/30 10:34:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2009/10/29 16:21:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\Application Data\Malwarebytes
[2009/10/29 11:39:18 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/10/29 11:39:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/29 11:39:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/29 11:39:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/28 14:07:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2009/10/27 09:51:10 | 00,000,000 | ---D | C] -- C:\Program Files\CS
[2009/10/19 08:21:12 | 00,176,640 | ---- | C] (Lexmark) -- C:\WINDOWS\System32\LXROSUI.DLL
[2009/10/19 08:09:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbprint.sys
[2009/10/19 08:09:38 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usbprint.sys
[2009/10/19 08:04:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Skyler\My Documents\My eBooks
[2009/10/11 06:10:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/10/11 06:09:52 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/10/11 06:07:35 | 00,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2009/10/11 06:07:22 | 02,065,696 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2009/10/11 06:07:22 | 00,040,448 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\drivers\usbaapl.sys
[2009/10/11 06:07:04 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2009/10/11 06:07:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/10/11 03:09:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Skyler\Recent

========== Files - Modified Within 30 Days ==========

[2009/11/03 23:56:04 | 00,000,256 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/11/03 23:44:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/11/03 23:44:17 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/11/03 23:44:01 | 53,535,1296 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/03 19:28:47 | 07,077,888 | ---- | M] () -- C:\Documents and Settings\Skyler\ntuser.dat
[2009/11/03 19:28:47 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Skyler\ntuser.ini
[2009/11/03 18:32:39 | 00,444,826 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/11/03 18:32:39 | 00,384,698 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/11/03 18:32:39 | 00,054,528 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/11/03 17:39:36 | 00,000,157 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\AT&T Webmail.url
[2009/11/03 17:39:36 | 00,000,155 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\AT&T Internet.url
[2009/11/03 11:29:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/11/02 10:04:02 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/11/02 02:04:05 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2009/11/02 01:51:59 | 00,000,281 | RHS- | M] () -- C:\boot.ini
[2009/11/01 20:19:14 | 00,527,360 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Skyler\Desktop\OTL.exe
[2009/10/31 07:40:58 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Skyler\Desktop\HiJackThis.exe
[2009/10/28 15:15:30 | 00,004,895 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2009/10/27 09:26:54 | 00,000,001 | ---- | M] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/10/24 20:12:54 | 00,001,405 | ---- | M] () -- C:\WINDOWS\checkip.dat
[2009/10/23 12:46:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/14 17:17:51 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/10/11 17:47:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\pcfriend.INI
[2009/10/11 08:10:09 | 00,236,544 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/10/11 06:08:51 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/10/11 06:08:51 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/10/11 04:17:33 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2009/10/11 04:17:32 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2009/10/11 04:17:31 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2009/10/11 04:17:27 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll
[2009/10/11 03:20:50 | 00,000,782 | ---- | M] () -- C:\Documents and Settings\Skyler\Desktop\Windows Media Player.lnk
[2009/10/11 03:20:14 | 00,036,864 | ---- | M] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/11 02:14:35 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2009/10/11 02:13:06 | 00,000,000 | ---- | M] () -- C:\WINDOWS\muveeapp.INI
[2009/10/07 08:35:52 | 06,944,254 | -H-- | M] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\IconCache.db

========== Files Created - No Company Name ==========

[2009/11/03 17:39:36 | 00,000,157 | ---- | C] () -- C:\Documents and Settings\Skyler\Desktop\AT&T Webmail.url
[2009/11/03 17:39:36 | 00,000,155 | ---- | C] () -- C:\Documents and Settings\Skyler\Desktop\AT&T Internet.url
[2009/11/02 01:51:59 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/11/02 01:51:51 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/11/02 01:45:54 | 00,236,544 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/11/02 01:45:54 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/11/02 01:45:54 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/11/02 01:45:53 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/11/02 01:45:53 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/28 14:36:34 | 00,004,895 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/10/27 09:26:54 | 00,000,001 | ---- | C] () -- C:\WINDOWS\fdgg34353edfgdfdf
[2009/10/24 19:04:12 | 00,001,405 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2009/10/11 17:47:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\pcfriend.INI
[2009/10/11 06:08:51 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/10/11 06:08:51 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/10/11 06:07:40 | 00,000,284 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/10/11 02:13:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\muveeapp.INI
[2007/12/05 17:40:22 | 00,093,640 | ---- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/12/05 15:58:47 | 00,000,029 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2007/12/05 15:58:32 | 00,000,014 | ---- | C] () -- C:\WINDOWS\exchng32.ini
[2007/12/05 15:58:32 | 00,000,012 | ---- | C] () -- C:\WINDOWS\datalink.ini
[2006/05/08 20:05:03 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/16 19:52:55 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\unzdll.dll
[2005/12/26 21:39:13 | 00,036,864 | ---- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/25 03:01:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Skyler\Application Data\desktop.ini
[2005/12/25 03:01:24 | 06,944,254 | -H-- | C] () -- C:\Documents and Settings\Skyler\Local Settings\Application Data\IconCache.db
[2005/12/24 20:28:40 | 00,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/24 20:21:35 | 00,000,064 | ---- | C] () -- C:\WINDOWS\init.ini
[2005/05/11 22:02:36 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/05/11 22:02:36 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/05/11 22:02:35 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/05/11 22:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/05/11 22:02:35 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/05/11 22:02:35 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/05/11 21:49:08 | 00,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/02/12 02:33:06 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/07 07:16:44 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/07 07:10:08 | 00,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/07 06:58:22 | 00,000,624 | ---- | C] () -- C:\WINDOWS\win.ini
[2004/08/06 23:47:16 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/06 23:46:50 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2004/01/13 13:46:34 | 00,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1996/03/20 00:00:00 | 00,151,040 | ---- | C] () -- C:\WINDOWS\System32\IR32.DLL
[1996/03/20 00:00:00 | 00,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 00,077,664 | ---- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[1996/03/20 00:00:00 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 00,002,041 | ---- | C] () -- C:\WINDOWS\MSFNTMAP.INI
[1996/03/20 00:00:00 | 00,000,280 | ---- | C] () -- C:\WINDOWS\TTEMBED.INI
< End of report >

#12 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 04 November 2009 - 01:13 AM

Hi Kevinlee,

That's ok, we were pretty much done anyway.

We have a slight problem which I should have noticed before. E:\ComboFix.exe . It is important that this be on your desktop or the cleanup routine will not work.

Please locate and delete E:\ComboFix.exe

Download a new copy from either link below. Make sure it is saved directly to your desktop. Do not run it, we need it for the uninstall.

Link 1
Link 2

From your desktop, please delete
  • any notepads/logs that we created
  • GMER.zip
  • GMER.exe


Next

Click the Start button, click Run. Copy and paste the following line into the run box and click OK
Combofix /uninstall


Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.

Isuggest you keep MBAM. Keep it updated and use it as an ondemand scanner.


Updates and upgrades

You have an older version of Adobe Reader. You can download the current version HERE

You may want to consider Foxit Reader instead. It may be a bit lighter on resources.

Visit their support forum
Foxit Forum

In either case you should uninstall Adobe Reader 6.0.1 first. Be sure to move any PDF documents to another folder first though.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. If you are using the antispyware from Trendmicro, I suggest you leave Teatimer disabled, the 2 may conflict. It doesn't appear Trendmicro also supplied a firewall, please consider the following information on firewalls.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for tips, reviews and links to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Ensure that Automatic Update is turned on so you get all the latest patches.
Click start, control panel, click Security Center.


- Keep your antivirus program updated, as well as any other security programs you have.


-Check this site out to check for out of date programs
Secunia Personal Software Inspector (PSI) 1.0


-More tips and programs can be found HERE


- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

We will keep this thread open for a couple of days. Please post back if you have any problems or questions. Please post back when you have finished so this thread can be marked "Resolved".

Take care :adios:

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

#13 oldman960

oldman960

    Forum God

  • Classroom Teacher
  • 14,755 posts

Posted 08 November 2009 - 01:44 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation Posted Image
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Posted Image

Threads will be closed if no response after 5 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users