Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox 3.5 google search re-directing to unwanted sites


  • This topic is locked This topic is locked
11 replies to this topic

#1 RexG

RexG

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 10 December 2009 - 11:04 AM

I'm having the same problem as anonymous posted 12/6/09

My browser (Firefox 3.5.5) recently started redirecting me to unrequested sites. Usually ad/survey sites, possibly trying to get personal/financial information from me. One appeared to be for a TV satellite dish company, for example. This problem only seems to happen when I click "search" on Google, or if I type "enter" after typing a URL in the address bar in Firefox. At this point, I arrive at the correct page, but at random intervals a new tab will appear and load an unrequested site.

I also noticed it is affecting my Calyx Point program winpoint.exe file seems to be corrupt. I spoke to tech support at Calyx he told me to remove .net framework 3.5, 3.0 & 2.0 since the 2.0sp2 is the one that Calyx uses, then re-install. I was able to remove 3.5 but 3.0 would not remove and can't remove 2.0 before 3.0.

I ran Norton and it did find trojans which it quarantined but am still having the problem. Attached file.

I also just ran hijackthis and have attached that file.

Any help would be appreciated.

Thank you,
Rex

Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 22 December 2009 - 12:54 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 RexG

RexG
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 22 December 2009 - 02:48 PM

Thanks for responding to me. I didn't do anything yet to solve my problem as I have been working around it by copying the link & pasting it into my URL address bar instead of direct clicking on the link. When I click google results links they go to unwanted sites.

Thanks for your help.

Rex

Attached Files

  • Attached File  DDS.txt   21.03KB   1 downloads


#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 23 December 2009 - 10:38 AM

Hello, RexG and again
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.




Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 RexG

RexG
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 24 December 2009 - 11:31 AM

Hi Tom,

Here's the log info you requested. Thank you for helping me.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2009-12-23 15:24:44
Windows 5.1.2600 Service Pack 3
Running: ll95ekme.exe; Driver: C:\DOCUME~1\Rex\LOCALS~1\Temp\pxtdqpoc.sys


---- System - GMER 1.0.15 ----

SSDT 82CE1AB8 ZwAlertResumeThread
SSDT 82CE1B78 ZwAlertThread
SSDT 82CFDA60 ZwAllocateVirtualMemory
SSDT 82CE0C08 ZwAssignProcessToJobObject
SSDT 82D99CE8 ZwConnectPort
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwCreateKey [0xB8E86130]
SSDT 82CE1868 ZwCreateMutant
SSDT 82CE0A28 ZwCreateSymbolicLinkObject
SSDT 82CFF268 ZwCreateThread
SSDT 82CE0CE8 ZwDebugActiveProcess
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteKey [0xB8E863B0]
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwDeleteValueKey [0xB8E86910]
SSDT 82D1BA38 ZwDuplicateObject
SSDT 82CFD8C0 ZwFreeVirtualMemory
SSDT 82CE1938 ZwImpersonateAnonymousToken
SSDT 82CE19F8 ZwImpersonateThread
SSDT 82D58FD0 ZwLoadDriver
SSDT 82CFD7E0 ZwMapViewOfSection
SSDT 82CE17A8 ZwOpenEvent
SSDT 82CAA660 ZwOpenProcess
SSDT 82CFDB30 ZwOpenProcessToken
SSDT 82CE0ED0 ZwOpenSection
SSDT 82D1BB08 ZwOpenThread
SSDT 82CE0B18 ZwProtectVirtualMemory
SSDT 82CFD298 ZwResumeThread
SSDT 82CE1DB8 ZwSetContextThread
SSDT 82CE1E78 ZwSetInformationProcess
SSDT 82CE0DC8 ZwSetSystemInformation
SSDT \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (Symantec Event Library/Symantec Corporation) ZwSetValueKey [0xB8E86B60]
SSDT 82CE0F90 ZwSuspendProcess
SSDT 82CE1C38 ZwSuspendThread
SSDT 82D019B0 ZwTerminateProcess
SSDT 82CE1CF8 ZwTerminateThread
SSDT 82CE1F48 ZwUnmapViewOfSection
SSDT 82CFD990 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + C8 804E2724 4 Bytes CALL 72D100C5
.text ntoskrnl.exe!_abnormal_termination + 130 804E278C 4 Bytes CALL 1BD0F59D
.text ntoskrnl.exe!_abnormal_termination + 451 804E2AAD 7 Bytes [19, D0, 82, F8, 1C, CE, 82]
.rsrc C:\WINDOWS\system32\drivers\atapi.sys entry point in ".rsrc" section [0xF77087A4]
? SYMEFA.SYS The system cannot find the file specified. !
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xB9140280, 0x7B1C, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[1224] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00A1000A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)
IAT C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe[2564] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] [00431420] C:\Program Files\Snappy Fax 2000 Version 3\Sf2k3.exe (Snappy Fax Version 3/John Taylor and Assoc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 snapman.sys (Acronis Snapshot API/Acronis)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device -> \Driver\atapi \Device\Harddisk0\DR0 83F53618

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2 0 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img 0 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\alert.gif 818 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\button.gif 280 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\buttons.gif 1195 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\confirm.gif 915 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\corners.gif 911 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\horizontal.gif 769 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\img\vertical.gif 92 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\plugins\inlinepopups\skins\clearlooks2\window.css 6625 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\content.css 1307 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\dialog.css 5513 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img 0 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\buttons.png 3274 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\items.gif 70 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\menu_arrow.gif 68 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\menu_check.gif 70 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\progress.gif 1787 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\img\tabs.gif 1326 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\default\ui.css 15646 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\content.css 1329 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\dialog.css 5539 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\img 0 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\img\button_bg.png 5859 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\img\button_bg_black.png 3736 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\img\button_bg_silver.png 5358 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\ui.css 15013 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\ui_black.css 1655 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\advanced\skins\o2k7\ui_silver.css 819 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\default\content.css 513 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\default\ui.css 2105 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\o2k7\content.css 461 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\o2k7\img 0 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\o2k7\img\button_bg.png 5102 bytes
File C:\Documents and Settings\Rex\My Documents\HOME BUSINESS\Twitter Anhillation\Module6\Module 6 - How To Build A Self-Sustaining Blog That Builds Traffic And Leads\plugins\wp-popup-scheduler\wp-popup-scheduler\editor\jscripts\tiny_mce\themes\simple\skins\o2k7\ui.css 2340 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\Holiday2009_300x250_c2[1].swf 38223 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\home;s1=home;pos=right;mv=ad;kw=;;tile=2;dcopt=ist;sz=300x250;ord=2135639257373753[1].7 114 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[1] 1057 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[1].gif 43 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[2] 0 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[2].gif 0 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[3] 0 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[4] 0 bytes
File C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KLEFC9Q7\imp[5] 0 bytes
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 26 December 2009 - 03:31 AM

Hi,



Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 RexG

RexG
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 26 December 2009 - 05:57 PM

Tom,

Here's the file form combofix.

My computer is not scrolling now on websites and also won't allow me to choose any icons below other icons reverting to the top level icon(ex. if i try to click desktop shortcut at bottom of column it will select the top shortcut in that column, same when trying to access levels in my documents and my computer) but i was able to email this file by doing a search for it then attaching to email to my email account then reply on my other computer.

My computer also sounds an alarm everytime it re-boots and the only way it will boot is if i press any of the F1-F12 keys. Maybe any key but i know F6 & F8 worked to allow it to re-boot.

Thank you,
Rex

Attached Files



#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 27 December 2009 - 07:09 AM

Hi,


Please don't attach the logfiles, just post it here in your thread :(.


  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
  • Push the Quick Scan button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#9 RexG

RexG
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 28 December 2009 - 12:19 AM

Tom,

Here's the OTL.txt file, I will send the other to follow due to file size too large for one post.

My computer started working more like it should all by itself shortly after i last posted.

Let me know whats next.

I just noticed the file is too large to attach so here it is copy & paste

OTL logfile created on: 12/27/2009 11:52:31 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1280 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 2.33 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 73.66 Gb Total Space | 14.58 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORK
Current User Name: Rex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/27 23:51:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rex\Desktop\OTL.exe
PRC - [2009/12/17 14:52:45 | 00,908,248 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/10/22 09:47:50 | 00,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/10/11 04:17:36 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2009/10/07 10:32:34 | 00,117,640 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe
PRC - [2009/09/01 02:49:30 | 00,479,232 | ---- | M] (MySpace) -- C:\Program Files\MySpace\Toolbar\1.0.56.0\MSTBCoreContainer.exe
PRC - [2009/08/18 05:30:12 | 02,200,576 | ---- | M] (1&1 Internet Inc) -- C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe
PRC - [2009/04/27 09:50:20 | 00,733,928 | ---- | M] ( James J. Jones, LLC.) -- C:\Program Files\Micro Niche Finder\bggoogle.exe
PRC - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/11 10:23:38 | 00,050,184 | R--- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE
PRC - [2007/06/13 14:15:38 | 00,483,328 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\SYSTEM32\ati2evxx.exe
PRC - [2007/01/12 17:45:32 | 00,897,584 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2tray.exe
PRC - [2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2svc.exe
PRC - [2007/01/12 17:45:28 | 00,251,440 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2pre.exe
PRC - [2007/01/12 17:45:24 | 00,590,384 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Program Files\Expertcity\GoToMyPC\g2comm.exe
PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/13 12:39:32 | 10,445,824 | ---- | M] (John Taylor and Assoc.) -- C:\Program Files\Snappy Fax 2000 Version 3\sf2k3.exe
PRC - [2006/11/03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/10/16 21:17:16 | 01,941,784 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2006/10/16 21:13:32 | 00,087,584 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/10/16 21:12:20 | 01,164,912 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2005/11/11 17:30:22 | 00,995,328 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\ControlCenter2\brctrcen.exe
PRC - [2005/04/07 23:17:28 | 00,031,744 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfRsmg.exe
PRC - [2005/03/17 13:25:54 | 00,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
PRC - [2004/09/10 15:32:48 | 00,053,248 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\SYSTEM32\BrmfBAgS.exe
PRC - [2004/01/21 08:45:48 | 00,413,816 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
PRC - [2004/01/21 08:44:28 | 00,155,770 | ---- | M] (American Power Conversion Corporation) -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
PRC - [2003/10/23 23:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/09/30 20:49:53 | 00,077,824 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2003/04/18 14:06:26 | 00,008,192 | ---- | M] () -- C:\Program Files\Micro Niche Finder\srvany.exe
PRC - [2002/12/02 20:56:10 | 00,040,960 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
PRC - [2002/08/14 18:29:26 | 00,090,112 | ---- | M] (MUSICMATCH, Inc.) -- C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
PRC - [2002/06/10 14:21:32 | 00,102,400 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\SYSTEM32\LVComS.exe
PRC - [2002/04/11 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE
PRC - [2002/04/10 17:44:04 | 00,679,936 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2002/04/03 02:01:00 | 00,135,264 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
PRC - [2001/12/12 19:01:00 | 00,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\SYSTEM32\BRSS01A.EXE
PRC - [2001/04/03 09:38:30 | 00,038,912 | ---- | M] (LUCENT TECHNOLOGIES) -- C:\WINDOWS\SYSTEM32\ltmsg.exe
PRC - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe
PRC - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE


========== Modules (SafeList) ==========

MOD - [2009/12/27 23:51:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rex\Desktop\OTL.exe
MOD - [2009/10/07 10:32:09 | 00,419,696 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360\Engine\3.5.2.11\asOEHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/10/11 04:17:35 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Running] -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2009/10/07 10:32:34 | 00,117,640 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360\Engine\3.5.2.11\ccSvcHst.exe -- (N360)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 19:12:22 | 00,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\INETSRV\inetinfo.exe -- (IISADMIN)
SRV - [2007/06/13 14:15:38 | 00,483,328 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\SYSTEM32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/12 17:45:32 | 00,249,904 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Auto | Running] -- C:\Program Files\Expertcity\GoToMyPC\g2svc.exe -- (GoToMyPC)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/10/16 21:13:28 | 00,230,944 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/09/10 15:32:48 | 00,053,248 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\BrmfBAgS.exe -- (brmfbags)
SRV - [2004/01/21 08:44:28 | 00,155,770 | ---- | M] (American Power Conversion Corporation) [Auto | Running] -- C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe -- (APC UPS Service)
SRV - [2003/04/18 14:06:26 | 00,008,192 | ---- | M] () [Auto | Running] -- C:\Program Files\Micro Niche Finder\srvany.exe -- (Micro Niche Finder Background Download Service)
SRV - [2002/05/03 12:29:42 | 01,118,208 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\NMSSvc.Exe -- (NMSSvc) Intel®
SRV - [2002/04/11 19:00:00 | 00,057,344 | ---- | M] (brother Industries Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\BRSVC01A.EXE -- (Brother XP spl Service)
SRV - [2000/06/26 08:44:20 | 00,053,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\SYSTEM32\MsPMSPSv.exe -- (WMDM PMSP Service)
SRV - [1999/12/13 02:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\SYSTEM32\CTsvcCDA.EXE -- (Creative Service for CDROM Access)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.amtrustgemstone.com/Login.aspx
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.trafficswarm.com/cgi-bin/swarm.cgi?967569&8d5e8a0f4f28254dc54cb35c2a61ff11"
FF - prefs.js..extensions.enabledItems: bitlypreview@jay.ridgeway:1.266
FF - prefs.js..extensions.enabledItems: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}:6.2.5.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: myspacefftb@myspace.com:1.0.56.0
FF - prefs.js..extensions.enabledItems: rankchecker@seobook.com:1.6.9
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {7CEA821D-3DAB-4238-B424-BF7324531750}:0.4.8
FF - prefs.js..extensions.enabledItems: seo4firefox@seobook.com:3.3.0
FF - prefs.js..extensions.enabledItems: seotoolbar@seobook.com:1.0.14
FF - prefs.js..network.proxy.no_proxies_on: "127.0.0.1"


FF - HKLM\software\mozilla\Firefox\Extensions\\myspacefftb@myspace.com: C:\Program Files\MySpace\Toolbar\1.0.56.0\ [2009/10/14 17:18:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/17 14:53:10 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 14:53:11 | 00,000,000 | ---D | M]

[2008/09/19 08:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Extensions
[2009/12/27 11:47:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions
[2009/10/30 12:29:16 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
[2009/12/08 10:12:57 | 00,000,000 | ---D | M] (iMacros for Firefox) -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2009/11/22 13:39:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\bitlypreview@jay.ridgeway
[2009/12/03 16:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\rankchecker@seobook.com
[2009/12/03 16:12:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\seo4firefox@seobook.com
[2009/12/03 16:12:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\extensions\seotoolbar@seobook.com
[2009/12/26 12:31:51 | 00,002,301 | ---- | M] () -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\searchplugins\alexa.xml
[2009/09/28 20:46:40 | 00,002,160 | ---- | M] () -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\searchplugins\MySpace.xml
[2009/07/16 19:56:03 | 00,005,595 | ---- | M] () -- C:\Documents and Settings\Rex\Application Data\Mozilla\Firefox\Profiles\vndzi4tw.default\searchplugins\wordtracker.xml
[2009/12/27 11:47:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/18 02:43:04 | 00,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/10 16:18:42 | 00,024,684 | ---- | M] (MyWebSearch.com) -- C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No CLSID value found.
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\3.5.2.11\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (no name) - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [diagent] C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GoToMyPC] C:\Program Files\Expertcity\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [LTWinModem1] C:\WINDOWS\System32\ltmsg.exe (LUCENT TECHNOLOGIES)
O4 - HKLM..\Run: [LVCOMS] C:\WINDOWS\SYSTEM32\LVComS.exe (Logitech Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe (MUSICMATCH, Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet Inc)
O4 - HKCU..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\366\g2mstart.exe (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKCU..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe ()
O4 - HKCU..\Run: [Snappy Fax 2000 Version 3] C:\Program Files\Snappy Fax 2000 Version 3\sf2k3.exe (John Taylor and Assoc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk = C:\Program Files\APC\APC PowerChute Personal Edition\Display.exe (American Power Conversion Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe (Hewlett-Packard)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save Page As PDF ... - C:\Program Files\Nitro PDF\PDF Download\nitroweb.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: ameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: ameritrade.com ([wwws] https in Trusted sites)
O15 - HKCU\..Trusted Domains: blitzdocs.net ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: tdameritrade.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://www.comcastsupport.com/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} https://www.taylorbeanonline.com/scriptx/smsx.cab (MeadCo ScriptX)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/0/5...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1DF36010-E276-11D4-A7C0-00C04F0453DD} https://secure.stamps.com/download/us/regis...40/sdcregie.cab (Stamps.com Secure Postal Account Registration)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6...922/wmv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {40F8967E-34A6-474A-837A-CEC1E7DAC54C} https://accounting.quickbooks.com/c8/v16.594/qboax9.cab (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} http://a1540.g.akamai.net/7/1540/52/200305...meInstaller.exe (Reg Error: Key error.)
O16 - DPF: {616A44A9-5D02-445B-B16E-5C6E4A0C2AA6} http://www.mortgagecreditlink.com/download/eprintin.cab (PDFPrinter Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1172942282049 (MUWebControl Class)
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} http://www.bitdefender.com/scan/Msie/bitdefender.cab (AvxScanOnline Control)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.quickbooks.com/c8/v19.096/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} https://www.spmloans.com/xml/msxml4.cab (XML DOM Document 4.0)
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} https://www40.wirelesssync.vzw.com/en/SyncInstall.cab (Installer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8CE3BAE6-AB66-40B6-9019-41E5282FF1E2} https://accounting.quickbooks.com/c1/v13.101/qboax8.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {A9515ACA-5B85-11D0-848F-00400526305B} http://webdemo.aegismtg.com/InteractiveDemo/WDOutNT.cab (Reg Error: Key error.)
O16 - DPF: {AA1B4C96-90AA-4842-A0A4-A0E1899E4C81} https://www.blitzdocs.net/Installs/BlitzDocs.CAB (Advectis HTTP Transfer Class v3)
O16 - DPF: {AECD14A8-F662-11D1-A395-00805F535788} http://www.investors.com/member/ocx/plotwon.ocx (Plotwon Control)
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} http://autos.msn.com/components/ocx/exterior/Outside.cab (ExteriorSurround Object)
O16 - DPF: {BE5431D2-0F30-11D4-89D9-00C04F509C0A} https://secure.stamps.com/download/us/cab/s...file=stamps.cab (SDCInstaller Class)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flas...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF05D910-DC8E-403A-93B0-5C866F3200D1} http://www.clickloan.com/CAB/PtClickLoan/1...PtClickLoan.cab (PtClickLoan Control)
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab (EPSImageControl Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360\Engine\3.5.2.11\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll - C:\Program Files\Expertcity\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {EDB0E980-90BD-11D4-8599-0008C7D3B6F8} - Reg Error: Key error. File not found
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/09/03 14:36:02 | 00,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\SYSTEM32\IAS [2003/10/29 23:22:34 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16892003295952896)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/27 23:51:26 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rex\Desktop\OTL.exe
[2009/12/27 03:01:15 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/12/26 15:58:15 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/26 15:51:00 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/26 15:51:00 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/26 15:51:00 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/26 15:51:00 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/12/26 15:49:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/12/26 15:46:15 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/23 02:06:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\PCHealth
[2009/12/16 10:22:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rex\Desktop\TFAN
[2009/12/15 15:40:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rex\Desktop\Win7Ultimate
[2009/12/14 14:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\The Wierman Group
[2009/11/13 14:51:38 | 03,634,762 | ---- | C] (HTTrack ) -- C:\Program Files\httrack-3.43-7.exe
[2009/06/15 08:24:42 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2008/03/10 12:48:26 | 02,939,142 | ---- | C] (Plaino ) -- C:\Program Files\FLVplayr.exe
[2007/07/11 02:03:10 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/10/06 08:26:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/11/24 11:53:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2004/10/03 02:09:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec
[2004/06/05 13:18:57 | 00,160,768 | ---- | C] (Soeperman Enterprises Ltd.) -- C:\Program Files\HijackThis.exe
[2003/02/05 13:21:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[58 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Rex\My Documents\*.tmp files -> C:\Documents and Settings\Rex\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/27 23:51:34 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rex\Desktop\OTL.exe
[2009/12/27 21:37:55 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{0939553F-346C-48F8-9A17-E203F876D133}.job
[2009/12/27 01:31:24 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/12/26 17:20:13 | 00,000,039 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/12/26 17:19:53 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/12/26 17:19:31 | 00,002,483 | ---- | M] () -- C:\WINDOWS\ilan_txt.ini
[2009/12/26 17:19:20 | 00,001,826 | ---- | M] () -- C:\WINDOWS\BRMFBIDI.INI
[2009/12/26 17:19:00 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/12/26 17:18:43 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/26 17:18:34 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/12/26 17:18:28 | 80,440,5248 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/26 17:16:57 | 11,534,336 | -H-- | M] () -- C:\Documents and Settings\Rex\NTUSER.DAT
[2009/12/26 17:16:33 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Rex\NTUSER.INI
[2009/12/26 17:01:26 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/12/26 16:40:30 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/26 16:39:39 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/12/26 15:58:40 | 00,000,282 | RHS- | M] () -- C:\boot.ini
[2009/12/26 15:40:31 | 03,866,078 | R--- | M] () -- C:\Documents and Settings\Rex\Desktop\schrauber.exe
[2009/12/25 12:57:28 | 00,127,172 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\bookmarks.html
[2009/12/23 15:40:46 | 00,000,212 | ---- | M] () -- C:\Boot.bak
[2009/12/23 15:40:44 | 00,000,741 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/12/23 11:30:54 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\ll95ekme.exe
[2009/12/22 14:07:26 | 00,167,424 | ---- | M] () -- C:\Documents and Settings\Rex\My Documents\passwords.doc
[2009/12/21 22:11:39 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Rex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 17:22:02 | 00,001,042 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\rex%40fidelitymodifications.com%20Email%20Settings.reg
[2009/12/15 14:05:16 | 00,532,922 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\templateRealEstate.zip
[2009/12/15 14:04:39 | 00,504,868 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\templateBusiness.zip
[2009/12/14 14:51:24 | 00,001,906 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Online Lead Finder.lnk
[2009/12/14 12:40:55 | 68,366,3360 | ---- | M] () -- C:\Documents and Settings\Rex\Desktop\sp3.tar
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[58 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\Rex\My Documents\*.tmp files -> C:\Documents and Settings\Rex\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/26 15:58:39 | 00,000,212 | ---- | C] () -- C:\Boot.bak
[2009/12/26 15:58:21 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/26 15:51:00 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/26 15:51:00 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/26 15:51:00 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/26 15:51:00 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/26 15:51:00 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/26 15:40:10 | 03,866,078 | R--- | C] () -- C:\Documents and Settings\Rex\Desktop\schrauber.exe
[2009/12/25 12:57:27 | 00,127,172 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\bookmarks.html
[2009/12/23 15:40:42 | 00,001,856 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
[2009/12/23 15:40:42 | 00,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2009/12/23 15:40:42 | 00,000,779 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
[2009/12/23 11:30:49 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\ll95ekme.exe
[2009/12/22 20:11:01 | 80,440,5248 | -HS- | C] () -- C:\hiberfil.sys
[2009/12/15 17:22:00 | 00,001,042 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\rex%40fidelitymodifications.com%20Email%20Settings.reg
[2009/12/15 14:05:10 | 00,532,922 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\templateRealEstate.zip
[2009/12/15 14:04:09 | 00,504,868 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\templateBusiness.zip
[2009/12/14 14:51:24 | 00,001,906 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Online Lead Finder.lnk
[2009/12/14 11:55:26 | 68,366,3360 | ---- | C] () -- C:\Documents and Settings\Rex\Desktop\sp3.tar
[2009/12/03 15:29:18 | 00,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/12/03 15:29:18 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/09/30 11:32:26 | 00,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2008/08/29 14:49:26 | 00,000,267 | ---- | C] () -- C:\WINDOWS\epfax.ini
[2008/04/01 09:21:45 | 00,000,664 | ---- | C] () -- C:\Documents and Settings\Rex\Local Settings\Application Data\d3d9caps.dat
[2008/03/28 19:25:02 | 00,000,262 | ---- | C] () -- C:\WINDOWS\I32FONTS.INI
[2008/03/14 18:06:31 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat
[2007/10/22 15:08:33 | 00,018,764 | ---- | C] () -- C:\WINDOWS\System32\ddmon.dll
[2007/08/24 10:50:24 | 00,010,875 | ---- | C] () -- C:\WINDOWS\ESOA.INI
[2007/08/24 10:50:24 | 00,000,053 | ---- | C] () -- C:\WINDOWS\PRSRVDLL.INI
[2007/06/19 18:17:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PNTINFO.INI
[2007/02/07 17:54:58 | 00,000,058 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\mchguid.ini
[2006/12/22 17:23:19 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2006/11/25 13:13:00 | 00,000,052 | ---- | C] () -- C:\WINDOWS\System32\BrmfBAgP.ini
[2006/11/25 13:13:00 | 00,000,029 | ---- | C] () -- C:\WINDOWS\System32\BrmfBAgS.ini
[2006/10/28 20:47:08 | 00,000,225 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2006/10/28 20:47:08 | 00,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2006/10/28 20:44:26 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\BRTCPCON.DLL
[2006/10/28 20:44:07 | 00,000,114 | ---- | C] () -- C:\WINDOWS\System32\BRLMW03A.INI
[2006/10/28 20:41:35 | 00,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/10/28 20:31:00 | 00,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/09/02 15:42:36 | 00,002,508 | ---- | C] () -- C:\Documents and Settings\Rex\Application Data\$_hpcst$.hpc
[2006/08/08 19:43:47 | 00,037,833 | ---- | C] () -- C:\WINDOWS\alaRedun.ini
[2006/08/08 19:43:10 | 00,000,252 | ---- | C] () -- C:\WINDOWS\alamode.ini
[2006/04/30 00:34:04 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\WbxRMenu.dll
[2006/04/13 23:18:24 | 00,196,608 | ---- | C] () -- C:\WINDOWS\System32\atonres.dll
[2006/04/13 23:18:24 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\WbxMSAI.dll
[2006/04/13 23:18:24 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\atonecli.dll
[2006/02/24 15:54:42 | 00,073,728 | ---- | C] () -- C:\WINDOWS\System32\deskMenu2.dll
[2006/01/24 09:33:16 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\ExpLoansFromGenesis.dll
[2006/01/02 09:52:13 | 00,000,058 | ---- | C] () -- C:\WINDOWS\mchguid.ini
[2005/11/01 15:21:20 | 00,692,224 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2005/11/01 15:21:18 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/10/06 09:34:36 | 31,327,346 | ---- | C] () -- C:\Program Files\NAV061200.exe
[2004/10/18 19:50:59 | 00,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2004/09/13 19:40:59 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/13 17:25:47 | 00,000,058 | ---- | C] () -- C:\WINDOWS\sview.ini
[2004/07/14 07:14:50 | 00,000,126 | ---- | C] () -- C:\Documents and Settings\Rex\Local Settings\Application Data\fusioncache.dat
[2004/03/15 14:36:19 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/03/11 17:58:35 | 00,000,298 | ---- | C] () -- C:\WINDOWS\PROCDMAP.INI
[2004/03/11 17:43:03 | 00,002,028 | ---- | C] () -- C:\WINDOWS\PHONEBKS.INI
[2004/03/11 17:42:39 | 00,000,069 | ---- | C] () -- C:\WINDOWS\SERIALNO.INI
[2004/03/04 11:05:46 | 00,021,504 | ---- | C] () -- C:\Documents and Settings\Rex\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/02/19 17:53:32 | 00,000,032 | ---- | C] () -- C:\WINDOWS\album.ini
[2004/02/19 17:51:55 | 00,000,459 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/02/19 17:51:54 | 00,000,521 | ---- | C] () -- C:\WINDOWS\photoprn.ini
[2004/02/19 17:50:01 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
[2004/02/19 17:49:22 | 00,000,027 | ---- | C] () -- C:\WINDOWS\P2150LOC.INI
[2004/02/19 17:40:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2004/02/19 17:10:48 | 00,028,672 | R--- | C] () -- C:\WINDOWS\vqsetup.dll
[2004/02/08 16:54:16 | 00,000,043 | ---- | C] () -- C:\WINDOWS\POINTHelp.INI
[2004/01/18 18:35:31 | 00,000,807 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2003/11/12 08:16:58 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\GNetParserX.dll
[2003/11/10 19:31:26 | 00,001,098 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2003/11/06 20:50:23 | 00,000,010 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmbi.sys
[2003/11/06 18:18:00 | 00,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2003/11/06 18:17:59 | 00,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2003/11/06 18:16:51 | 00,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2003/11/06 18:16:50 | 00,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2003/11/06 18:16:38 | 00,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2003/11/03 18:10:10 | 00,000,121 | ---- | C] () -- C:\WINDOWS\IMPORT.INI
[2003/11/03 10:18:31 | 00,000,170 | ---- | C] () -- C:\WINDOWS\EwUser.ini
[2003/10/31 11:54:01 | 00,000,313 | ---- | C] () -- C:\WINDOWS\BRDIAG.INI
[2003/10/31 11:54:01 | 00,000,145 | ---- | C] () -- C:\WINDOWS\BRVIDEO.INI
[2003/10/31 11:54:01 | 00,000,023 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2003/10/31 11:54:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\BROHL505.INI
[2003/10/31 11:54:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2003/10/31 11:53:59 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC32.DLL
[2003/10/31 11:53:59 | 00,004,608 | ---- | C] () -- C:\WINDOWS\System32\BRGSRC16.DLL
[2003/10/31 11:53:58 | 00,011,604 | ---- | C] () -- C:\WINDOWS\HL-5050.INI
[2003/10/31 11:53:46 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_5050.ini
[2003/10/31 11:53:44 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2003/10/31 09:23:03 | 00,002,483 | ---- | C] () -- C:\WINDOWS\ilan_txt.ini
[2003/10/31 09:23:03 | 00,000,039 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2003/10/30 22:05:38 | 00,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2003/10/30 16:52:07 | 00,000,049 | ---- | C] () -- C:\WINDOWS\WinInit.INI
[2003/10/29 23:37:14 | 00,001,826 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2003/10/20 22:22:48 | 00,000,509 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2003/10/20 22:22:48 | 00,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2003/06/30 11:28:00 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\ex25b.dll
[2003/05/23 13:22:21 | 00,000,289 | ---- | C] () -- C:\WINDOWS\HPODJC05.INI
[2003/02/22 11:42:01 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\Isb.dll
[2003/02/19 22:08:04 | 00,184,320 | ---- | C] () -- C:\WINDOWS\System32\EmbeddedDX.dll
[2003/02/19 22:08:04 | 00,003,679 | ---- | C] () -- C:\WINDOWS\GrAddrBk.ini
[2003/02/19 22:08:04 | 00,003,128 | ---- | C] () -- C:\WINDOWS\WINPOINT.INI
[2003/02/19 22:08:04 | 00,000,995 | ---- | C] () -- C:\WINDOWS\GRACE.INI
[2003/02/19 19:30:43 | 00,000,989 | ---- | C] () -- C:\WINDOWS\HPOCSS05.INI
[2003/02/19 19:30:43 | 00,000,427 | ---- | C] () -- C:\WINDOWS\HPOTBX05.INI
[2003/02/05 14:00:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/02/05 13:47:18 | 00,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2003/02/05 13:46:56 | 00,002,092 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2003/02/05 13:46:56 | 00,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2003/02/05 13:46:55 | 00,039,936 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2003/02/05 13:46:55 | 00,005,917 | ---- | C] () -- C:\WINDOWS\SBMIXDEF.INI
[2003/02/05 13:46:54 | 00,006,175 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2003/02/05 13:46:54 | 00,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2003/02/05 13:46:16 | 00,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2003/02/05 13:42:52 | 00,000,883 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/05 13:23:20 | 00,000,550 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2002/09/09 09:28:56 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2002/06/10 14:16:22 | 00,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2002/03/04 09:16:34 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2002/02/06 10:04:14 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\NMSInst.dll
[2002/01/21 16:17:18 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PROInst.dll
[1999/10/20 14:04:56 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\Gn32.dll
[1999/10/13 15:59:48 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\gns2kzip.dll
[1999/08/10 12:02:20 | 00,116,736 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[1999/08/10 12:02:16 | 00,343,040 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[1998/08/31 11:59:48 | 00,356,352 | ---- | C] () -- C:\WINDOWS\System32\GENCRI32.DLL

========== LOP Check ==========

[2006/11/29 22:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/06/03 17:51:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Micro Niche Finder
[2008/10/13 09:18:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2006/10/28 20:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2006/11/29 15:49:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SyncClient
[2007/04/06 08:33:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/21 14:55:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\1&1
[2006/07/28 08:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\acccore
[2008/01/04 18:37:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Acronis
[2006/10/29 22:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Aim
[2006/07/28 07:58:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\AIMPro
[2008/11/03 19:00:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Calyx Software
[2009/04/07 10:44:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Calyx_Software
[2006/07/26 11:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Chaos Software
[2008/01/09 10:55:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\deskPDF
[2008/04/02 18:09:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Encompass
[2009/12/22 14:21:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\FileZilla
[2009/02/11 07:54:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Good Keywords v2
[2009/11/20 21:43:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\gtk-2.0
[2009/08/31 15:35:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\KompoZer
[2009/09/09 21:08:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\LimeWire
[2005/01/28 09:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\MSNInstaller
[2005/09/01 13:49:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\PDS
[2006/06/16 09:38:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Qualcomm
[2008/08/29 14:49:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\RemoteDocs
[2006/10/30 19:44:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\ScanSoft
[2009/12/26 17:21:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Snappy Fax 2000
[2007/04/06 08:33:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rex\Application Data\Viewpoint
[2009/12/27 01:31:24 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/12/27 21:37:55 | 00,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{0939553F-346C-48F8-9A17-E203F876D133}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2005/10/06 09:27:52 | 00,159,744 | ---- | M] () -- C:\Norton_2006_Setup.exe


< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\SYSTEM32\ReinstallBackups\0017\DriverFiles\i386\AGP440.SYS
[2001/08/17 14:58:00 | 00,025,472 | ---- | M] (Microsoft Corporation) MD5=65880045C51AA36184841CEE915A61DF -- C:\I386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2002/10/16 18:31:10 | 00,087,040 | ---- | M] (Microsoft Corporation) MD5=3DF589B9A15FF9EF4AA499F98C1C16D5 -- C:\I386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DLLCACHE\atapi.sys
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys
[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll
[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2002/08/29 06:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=BF3C8CF53C77B48206B39910B6D6CBCC -- C:\I386\EVENTLOG.DLL

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll
[2002/08/29 06:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=3ADD563ED7A1C66E6F5E0F7A661AA96D -- C:\I386\NETLOGON.DLL
[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2002/08/29 06:00:00 | 00,174,592 | ---- | M] (Microsoft Corporation) MD5=97418A5C642A5C748A28BD7CF6860B57 -- C:\I386\SCECLI.DLL
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll

< %systemroot%\*. /mp /s >
< End of report >


Thank you,
Rex

Edited by RexG, 28 December 2009 - 12:27 AM.


#10 RexG

RexG
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US Pittsburgh
  • Local time:06:30 AM

Posted 28 December 2009 - 12:21 AM

Here's the extra.txt file Tom.
Again, it was too large to attach.

OTL Extras logfile created on: 12/27/2009 11:52:31 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Rex\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

767.00 Mb Total Physical Memory | 256.00 Mb Available Physical Memory | 33.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): C:\pagefile.sys 1280 1280 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.84 Gb Total Space | 2.33 Gb Free Space | 4.18% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 73.66 Gb Total Space | 14.58 Gb Free Space | 19.79% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WORK
Current User Name: Rex
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"2078:TCP" = 2078:TCP:*:Enabled:SSL
"2077:TCP" = 2077:TCP:*:Enabled:non-ssl

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\fxsclnt.exe" = C:\WINDOWS\SYSTEM32\fxsclnt.exe:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"C:\Program Files\Snappy Fax 2000 Version 3\sf2k3.exe" = C:\Program Files\Snappy Fax 2000 Version 3\sf2k3.exe:*:Enabled:Snappy Fax 2000 Version 3 -- (John Taylor and Assoc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\WINDOWS\SYSTEM32\java.exe" = C:\WINDOWS\SYSTEM32\java.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM -- ()


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"!ntellect" = !ntellect
"{01A4AEDE-F219-49A2-B855-16A016EAF9A4}" = Intel® PROSet II
"{0474E812-61E7-4FF2-ACC9-AD0538164716}" = Encompass
"{07CEBBBD-E6EF-4265-BC65-777BD5C1FCD7}" = Point
"{0A48F047-5D01-463F-A732-DE75D224034B}" = Point
"{0F6A7971-0F11-4A79-A0E9-133D0963A570}" = ISO Recorder
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{151C555A-A9E7-4A2E-B6D7-165D04A3C956}" = Dell Picture Studio - Dell Image Expert
"{1D0859C7-4C5D-40BA-A3EA-698BA820E7A7}" = MassArticleCreator
"{1D532B73-1812-483C-8720-E3E24B582015}" = POINT
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2555F283-A782-4F9F-829F-268A9B0F9CC1}" = POINT
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 17
"{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"{2FDBDAE0-6FC9-CC7B-CAF4-C94434F9B4C0}" = TweetDeck
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357F75A5-CADA-42E3-8B16-3F3EDD431141}" = Point
"{35870352-4116-4E80-AB2A-37A07ECE30E2}" = R-Viewer.1.6.3768
"{3DA3F35E-32DB-47D2-9AF7-926460A05E30}" = MagicListBot
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Acronis True Image Home
"{46B18AEA-28E3-4AD1-BDAB-034E823D8D94}" = GTrends Made Easy
"{55A26FBA-3777-4F13-B593-7701474313DF}" = QuickCam
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{5A0C892E-FD1C-4203-941E-0956AED20A6A}" = APC PowerChute Personal Edition
"{5C088418-0D63-4698-B2D0-7A3A171EE339}" = POINT
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5CD4F991-BA3E-4EC4-A7A1-EFB61F4D7291}" = Setup
"{5F283360-B979-46F2-A359-365FE8492E75}" = Point 6.1a
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6567F265-62EC-4BA9-9629-6B483B608854}" = SmarterMail Sync for Outlook
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Photo and Imaging 2.0 - All-in-One Drivers
"{71C97545-E547-4A8B-B0C8-61FF853270AC}" = PaperPort
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75DB87E6-9FA9-4BE3-9796-065F986865C8}" = MassArticleSubmitter
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{8130A003-5A2A-4316-9CD5-1A08D983192A}" = Twitter Friend Follower 2009
"{85BC5C08-E73D-11D2-964D-444553540000}" = Point
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{9211CCBB-BEFE-4A0C-9199-D7A535DBFE5F}" = Brother MFL-Pro Suite
"{93016515-95C8-450B-A7ED-B968CA9103B5}" = ArcSoft Software Suite
"{95b1d3e3-8d0a-404a-a94b-3ca93281eab4}" = Easy PDF Maker
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Photo and Imaging 2.0 - All-in-One
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2C82F57-F312-4525-A19C-40E228E09939}" = Setup
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4D58580-EA01-11D3-9318-008048B86EFE}" = Turtle Beach Santa Cruz Driver
"{A5CC2A09-E9D3-49EC-923D-03874BBD4C2C}" = Windows Defender Signatures
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B43A3C5D-7F74-4493-840E-D7B74520BC19}" = PDF Download for Internet Explorer
"{BA06201D-7021-4463-AE46-575EE2AF4830}" = GYC Automator Beta
"{C03826A0-3008-492F-924D-D507A7A2A628}" = Online Lead Finder
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2753107-E71A-4F00-BB5F-C5200786BF8B}_is1" = vForms WorkCenter
"{C302ACDE-50C9-43F2-B17A-4F7CF69B6339}" = SureDocs
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF69A9A6-4D1E-4A98-8A59-A203A1B43AA7}" = BlitzScan v2.8
"{D1EBC6DB-FC50-425A-B421-11A213D261DF}" = Setup
"{D3A04D2F-28C4-4D9C-8487-DAB75992AE09}" = AIM Pro
"{D6C35F0E-D09D-4177-BAEE-4D412D749A96}" = Point
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{D9952F01-1EBB-494B-AD8C-36BCA14B0FC4}" = POINT
"{DD73817F-FE93-415E-AEB1-9E42CE3D9874}" = TwitterBlasterPro
"{DDC63227-BA06-4855-B002-BDB49E9F677E}" = Symantec Technical Support Web Controls
"{F05E2B98-DA04-4FFA-8D08-DA218E6A2B47}" = Point
"{F0954773-3DA6-4FFE-BD6E-642AC883ECF5}" = Setup
"{F0A11282-E105-4307-861D-C41B4DD1DFAF}" = Point 7.0
"{F2E0640D-BEB8-4E14-8C97-71D5C7A29844}" = Point
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F751F153-0D23-4ED5-85D5-BAE46893D1F9}" = Point
"{FA02ACAC-9E14-4878-A257-92A22A647C2C}" = LG USB Modem Drivers
"{FC63DDCD-FDDA-4BA9-8B02-2DC8130BCC32}" = Encompass NetBranch Installation Manager
"{FCE14E89-E472-4501-A87F-784CB7128AAB}" = POINT
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"1&1 EasyLogin" = 1&1 EasyLogin
"7-Zip" = 7-Zip 4.57
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aimersoft Audio Converter_is1" = Aimersoft Audio Converter(Build 2.2.0.37)
"Aimersoft DVD Copy_is1" = Aimersoft DVD Copy(Build 2.1.0.6)
"Aimersoft DVD Creator_is1" = Aimersoft DVD Creator(Build 2.1.1.0)
"Aimersoft DVD Ripper_is1" = Aimersoft DVD Ripper(Build 2.3.0.1)
"Aimersoft DVD Studio Pack_is1" = Aimersoft DVD Studio Pack(Build 2.2.0.0)
"Aimersoft Video Converter_is1" = Aimersoft Video Converter(Build 2.3.0.6)
"AnvSoft Web FLV Player Free" = AnvSoft Web FLV Player Free 2.0.4
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AVS Audio Converter 5.1_is1" = AVS Audio Converter version 5.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BirdCollector" = BirdCollector
"Brother HL-5050" = Brother HL-5050
"CCleaner" = CCleaner (remove only)
"CoffeeCup Free HTML Editor" = CoffeeCup Free HTML Editor
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"deskPDF 2.5 Professional_is1" = deskPDF 2.5 Professional Edition
"deskUNPDF Standard_is1" = deskUNPDF Standard
"DT NetDocs Print Only" = DT NetDocs Print Only
"Eds Viewer" = Eds Viewer
"ePrint Setup" = ePrint Setup
"FileZilla Client" = FileZilla Client 3.3.0.1
"FriendBlasterPro_is1" = FriendBlasterPro
"Good Keywords v2.01_is1" = Good Keywords v2.01.100107
"HijackThis" = HijackThis 2.0.2
"hp instant support" = hp instant support
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{2DBE41DD-2129-4C65-A3D3-5647236A60F3}" = Quicken 2005
"InstallShield_{35870352-4116-4E80-AB2A-37A07ECE30E2}" = R-Viewer.1.6.3768
"InstallShield_{C302ACDE-50C9-43F2-B17A-4F7CF69B6339}" = SureDocs
"IsoBuster_is1" = IsoBuster 1.5
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LTWinModem" = Lucent Win Modem
"Magic Pop-Up" = Magic Pop-Up 1.0
"Micro Niche Finder_is1" = Micro Niche Finder
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSNINST" = MSN
"MUSICMATCH Jukebox" = MUSICMATCH Jukebox
"MySpaceIM" = MySpaceIM
"MySpaceToolbar" = MySpace Toolbar
"MyWebSearch bar Uninstall" = My Web Search (Webfetti)
"N360" = Norton 360
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"novaPDF Printer Professional 2_is1" = novaPDF Printer Professional 2.5
"Outlook Extract" = Outlook Extract
"PlaceWarePlugIn-Snapshot" = PlaceWare Snapshot Plug-In CC2K-4.4.0.0-D
"POINTAGENT" = POINTAGENT
"PROSet" = Intel® PRO Ethernet Adapter and Software
"QuickTime" = QuickTime
"RADVideo" = RAD Video Tools
"RealPlayer 12.0" = RealPlayer
"Secret SqueezePage Software_is1" = Secret SqueezePage Software v2.0
"Select Phone" = Select Phone
"Serials 2000" = Serials 2000
"Shockwave" = Shockwave
"Snappy Fax 2000 Version 3_is1" = Snappy Fax 2000 Version 3
"SocialBlaster" = SocialBlaster
"ST6UNST #1" = Advantage Credit Windows Interface
"SwiftView" = SwiftView Viewer
"The File Splitter 1.3 Beta_is1" = The File Splitter 1.3 Beta
"Time and Chaos" = Time and Chaos
"Time and Chaos 6" = Time and Chaos 6
"TTB000001.TTB000001Toolbar" = CouponBar
"TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1" = TweetDeck
"Twitter Blaster" = Twitter Blaster
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"vmpdelivers dtPrint" = vmpdelivers dtPrint
"Web Print Utility" = Web Print Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-7
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"xat.com Image Optimizer" = xat.com Image Optimizer
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.1 final uninstall

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Easy PDF Maker" = Easy PDF Maker
"ed505933fb1466f4" = Web2Submitter
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/7/2009 3:49:26 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application videoconverter.exe, version 2.3.0.6, faulting
module wp_wmv.dll, version 3.2.0.5, fault address 0x000022ad.

Error - 12/9/2009 10:16:13 AM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 12/9/2009 10:46:22 PM | Computer Name = WORK | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 Service Pack 2 -- Microsoft
.NET Framework 2.0 Service Pack 2 cannot be uninstalled because it will affect other
applications that are installed. For more information, see http://go.microsoft.com/fwlink/?LinkId=91126.

Error - 12/10/2009 12:09:19 AM | Computer Name = WORK | Source = MsiInstaller | ID = 1013
Description = Product: Microsoft .NET Framework 2.0 -- Setup cannot continue because
this version of the .NET Framework is incompatible with a previously installed
one. For more information, see http://support.microsoft.com/support/kb/ar...s/q312/5/00.asp

Error - 12/11/2009 8:49:37 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.5755, fault address 0x00011689.

Error - 12/14/2009 11:45:38 AM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application EXCEL.EXE, version 10.0.6841.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 12/15/2009 12:09:38 PM | Computer Name = WORK | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module Flash10c.ocx, version 10.0.32.18, fault address 0x000e672a.

Error - 12/15/2009 12:11:26 PM | Computer Name = WORK | Source = Application Error | ID = 1001
Description = Fault bucket 1484159298.

Error - 12/15/2009 3:23:26 PM | Computer Name = WORK | Source = Application Hang | ID = 1002
Description = Hanging application notepad.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/23/2009 3:06:09 AM | Computer Name = WORK | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024001f, P2 endsearch, P3 search, P4 1.1.1593.0,
P5 mpsigdwn.dll, P6 1.1.1593.0, P7 windows defender, P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/22/2009 8:52:51 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068

Error - 12/22/2009 8:52:51 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD BHDrvx86 black ccHP eeCtrl Fips IDSxpx86 IPSec MRxSmb NetBIOS NetBT oreans32 Processor RasAcd
Rdbss
SRTSPX
SYMTDI
Tcpip

Error - 12/22/2009 8:53:24 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/22/2009 9:09:17 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 12/22/2009 9:09:39 PM | Computer Name = WORK | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 12/22/2009 9:11:39 PM | Computer Name = WORK | Source = ACPI | ID = 327685
Description = AMLI: ACPI BIOS is attempting to write to an illegal IO port address
(0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 12/22/2009 9:11:39 PM | Computer Name = WORK | Source = ACPI | ID = 327684
Description = AMLI: ACPI BIOS is attempting to read from an illegal IO port address
(0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to
system instability. Please contact your system vendor for technical assistance.

Error - 12/22/2009 9:11:39 PM | Computer Name = WORK | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 12/22/2009 9:11:39 PM | Computer Name = WORK | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 12/22/2009 9:12:37 PM | Computer Name = WORK | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
black


< End of report >


Thank you,
Rex

Edited by RexG, 28 December 2009 - 12:30 AM.


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 28 December 2009 - 07:20 AM

Hi,



Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.





Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




Step 2

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:12:30 PM

Posted 02 January 2010 - 05:57 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users