Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google yahoo redirect in IE/Firefox


  • This topic is locked This topic is locked
17 replies to this topic

#1 freakyness

freakyness

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 26 February 2010 - 08:01 AM

I've seen a few other threads on the subject and tried to follow those steps but I'm having trouble and could use some personalized help.

1) When I try to run Malware bytes anti-malware, I get a blue screen of death a few seconds into the scan.

2) I tried to run GooredFix, but it didn't seem to sound any alarms.

GooredFix by jpshortstuff (08.01.10.1)
Log created at 07:45 on 26/02/2010 (Me)
Firefox version 3.5.8 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [08:21 06/06/2007]
{B13721C7-F507-4982-B2E5-502A71474FED} [13:47 24/09/2008]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [23:22 07/06/2007]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [20:16 06/08/2007]

C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\
2020Player@2020Technologies.com [16:36 08/02/2010]
firefox@facebook.com [04:43 13/02/2010]
{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [04:43 13/02/2010]
{49f3fc85-dcfe-4e42-9301-226ebe658509} [16:18 30/01/2010]
{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51} [04:43 13/02/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [04:43 13/02/2010]
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [12:18 12/11/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [10:49 09/08/2009]

---------- Old Logs ----------
GooredFix[22.28.38_25-02-2010].txt

-=E.O.F=-

Please help if you can. I'd really appreciate some direction.

BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 28 February 2010 - 02:25 PM

Hello and welcome to Bleeping Computer

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    activex
    drivers32
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 March 2010 - 10:34 AM

So I kept getting blue screens when trying to run it with all the options. I kept running in safe mode and then without options to finally generate 2 log files from OTL.

OTL.txt:

OTL logfile created on: 3/1/2010 10:07:44 AM - Run 2
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 462.00 Mb Available Physical Memory | 45.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 6.74 Gb Free Space | 19.85% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXXX
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/01 09:10:45 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
PRC - [2008/10/15 00:04:34 | 000,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
PRC - [2008/09/15 06:34:20 | 000,625,952 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\Hamachi\hamachi.exe
PRC - [2008/03/30 18:52:34 | 000,799,496 | ---- | M] () -- C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
PRC - [2008/02/16 11:35:04 | 000,405,504 | ---- | M] (www.tortoisesvn.org) -- C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
PRC - [2007/07/12 03:00:36 | 000,132,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
PRC - [2007/07/11 14:57:42 | 000,880,640 | R--- | M] (Sony Ericsson Mobile Communications AB) -- C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
PRC - [2007/06/13 07:16:02 | 000,528,384 | R--- | M] () -- C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/06/07 12:11:08 | 000,765,952 | ---- | M] () -- C:\Program Files\AIM Lite\aimlite.exe
PRC - [2007/03/16 02:23:20 | 000,983,040 | R--- | M] (Teleca AB) -- C:\Program Files\Common Files\Teleca Shared\Generic.exe
PRC - [2007/03/14 18:49:02 | 000,125,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe
PRC - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
PRC - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/11/21 16:38:28 | 000,052,840 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2004/08/18 05:30:00 | 000,708,608 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
PRC - [2004/08/18 05:30:00 | 000,081,920 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
PRC - [2004/08/18 05:30:00 | 000,073,728 | ---- | M] (IBM Corp.) -- C:\WINDOWS\system32\QCONSVC.EXE
PRC - [2004/08/06 21:26:28 | 000,094,208 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
PRC - [2004/08/04 02:56:56 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\savedump.exe
PRC - [2004/08/04 02:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2004/07/16 22:24:24 | 000,036,864 | ---- | M] () -- C:\WINDOWS\system32\acs.exe
PRC - [2004/07/15 23:51:14 | 000,077,824 | ---- | M] () -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
PRC - [2004/05/12 14:18:54 | 000,135,168 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
PRC - [2004/02/26 03:26:00 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\ibmpmsvc.exe
PRC - [2003/08/28 13:11:24 | 000,110,592 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2003/08/19 03:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2003/08/04 16:28:18 | 000,049,152 | ---- | M] (Hewlett-Packard) -- C:\Program Files\HP\HP Software Update\hpwuSchd.exe
PRC - [2003/07/21 17:00:26 | 000,540,672 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
PRC - [2003/07/18 04:02:00 | 000,208,896 | ---- | M] (IBM Corp.) -- C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe
PRC - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
PRC - [2002/01/10 17:01:34 | 000,065,536 | ---- | M] (IBM Corporation) -- C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe


========== Modules (SafeList) ==========

MOD - [2010/03/01 09:10:45 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 02:56:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wsock32.dll
MOD - [2004/08/04 00:31:44 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\rsaenh.dll
MOD - [2003/08/28 13:10:58 | 000,065,536 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 09:20:16 | 000,051,168 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2007/03/14 18:48:56 | 000,116,416 | ---- | M] (symantec) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2007/03/14 18:48:50 | 001,816,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2007/03/14 18:48:40 | 000,031,424 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2007/02/12 16:23:10 | 000,214,672 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2007/01/10 15:27:38 | 001,160,792 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2007/01/04 16:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/11/21 16:38:40 | 000,169,576 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/11/21 16:38:32 | 000,192,104 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/09/02 15:36:33 | 000,198,336 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2004/08/18 05:30:00 | 000,073,728 | ---- | M] (IBM Corp.) [Auto | Running] -- C:\WINDOWS\system32\QCONSVC.EXE -- (QCONSVC)
SRV - [2004/08/04 02:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2004/08/04 02:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2004/08/04 02:56:52 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2004/07/16 22:24:24 | 000,036,864 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2004/02/26 03:26:00 | 000,057,344 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2004/01/05 02:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/11 20:19:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = news.google.com
IE - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\S-1-5-21-2469697218-1065626186-3247022264-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "news.google.com"
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:3.0.31.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}:2.3.54
FF - prefs.js..extensions.enabledItems: firefox@facebook.com:1.4.3
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {49f3fc85-dcfe-4e42-9301-226ebe658509}:0.6.6
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/23 17:11:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/19 22:51:21 | 000,000,000 | ---D | M]

[2008/09/17 18:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Extensions
[2010/03/01 09:02:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions
[2010/02/12 23:43:51 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010/01/30 11:18:57 | 000,000,000 | ---D | M] (LinkChecker) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\{49f3fc85-dcfe-4e42-9301-226ebe658509}
[2010/02/12 23:43:46 | 000,000,000 | ---D | M] (Answers) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\{C0D0F6D1-9FC9-4b0a-B485-D5E13AF40D51}
[2010/02/12 23:43:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/11/12 07:18:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus®)) -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/02/08 11:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\2020Player@2020Technologies.com
[2010/02/12 23:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Mozilla\Firefox\Profiles\97if0mb4.default\extensions\firefox@facebook.com
[2010/03/01 09:02:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/04/16 14:28:00 | 000,360,448 | ---- | M] (ParallelGraphics) -- C:\Program Files\Mozilla Firefox\plugins\npCortona.dll
[2007/07/31 17:44:28 | 000,069,632 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npitunes.dll
[2006/01/18 11:50:00 | 000,319,488 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2001/08/18 04:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [EZEJMNAP] C:\Program Files\ThinkPad\Utilities\EzEjMnAp.Exe (IBM Corp.)
O4 - HKLM..\Run: [frymxins] C:\Program Files\ATI Technologies\Fire GL 3D Studio Max\atiimxgl.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [laim] C:\Program Files\AIM Lite\aimlite.exe ()
O4 - HKLM..\Run: [QCTray] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [Sony Ericsson PC Suite] C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec NetDriver Monitor] C:\Program Files\SymNetDrv\SNDMon.exe (Symantec Corporation)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_Start] C:\IBMTOOLS\Updater\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe ()
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll (Sun Microsystems, Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (Intertrust Technologies, Inc.)
O15 - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\..Trusted Domains: ([]msn in My Computer)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} https://www.systemsdefinition.com/Remote/msrdp.cab (Microsoft RDP Client Control (redist))
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/...all-141-win.cab (Java Plug-in 1.4.1 <applet> redirector)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\0035.DLL) - C:\WINDOWS\system32\0035.DLL ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\sdra64.exe) - C:\WINDOWS\System32\sdra64.exe File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/06 03:17:34 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/01 09:29:16 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/03/01 09:10:44 | 000,551,424 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/02/26 07:35:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Malwarebytes
[2010/02/26 07:35:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/02/26 07:35:10 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/02/26 07:35:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/26 07:35:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/02/25 17:44:08 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2010/02/25 17:28:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\GooredFix Backups
[2007/08/30 02:01:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/06/08 17:27:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2003/02/20 11:20:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2003/02/20 11:02:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Me\My Documents\*.tmp files -> C:\Documents and Settings\Me\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/01 10:09:10 | 000,589,306 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/01 10:09:10 | 000,490,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/01 10:09:10 | 000,088,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/01 10:05:20 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/01 10:04:51 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/01 10:04:29 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/01 10:04:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/01 10:04:19 | 1072,680,960 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/01 09:37:12 | 004,194,304 | -H-- | M] () -- C:\Documents and Settings\Me\NTUSER.DAT
[2010/03/01 09:37:12 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini
[2010/03/01 09:37:03 | 002,205,544 | -H-- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db
[2010/03/01 09:10:45 | 000,551,424 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/02/26 07:35:16 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 21:39:01 | 000,006,863 | ---- | M] () -- C:\WINDOWS\System32\WORK.DAT
[2010/02/25 21:39:01 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\wupd.dat
[2010/02/25 19:25:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/02/25 18:14:42 | 000,000,701 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/02/25 17:15:14 | 041,693,002 | ---- | M] () -- C:\launch.exe
[2010/02/24 21:35:22 | 000,001,162 | -H-- | M] () -- C:\Documents and Settings\Me\My Documents\Default.rdp
[2010/02/24 18:39:34 | 000,025,600 | ---- | M] () -- C:\WINDOWS\System32\0035.DLL
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Me\My Documents\*.tmp files -> C:\Documents and Settings\Me\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/01 10:04:19 | 1072,680,960 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/26 07:35:16 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/25 17:58:32 | 041,693,002 | ---- | C] () -- C:\launch.exe
[2010/02/25 17:01:28 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\wupd.dat
[2010/02/24 18:39:34 | 000,025,600 | ---- | C] () -- C:\WINDOWS\System32\0035.DLL
[2010/02/24 18:39:34 | 000,006,863 | ---- | C] () -- C:\WINDOWS\System32\WORK.DAT
[2009/12/19 16:54:58 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\avdrn.dat
[2009/09/13 19:34:28 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\winscp.rnd
[2008/12/21 23:09:46 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/06/12 22:08:29 | 000,000,363 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\AutobahnAcceleratorInstall.txt
[2008/04/25 16:22:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2008/04/10 15:43:10 | 006,465,480 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\AutobahnAcceleratorInstall.exe
[2008/04/02 19:13:11 | 000,001,437 | ---- | C] () -- C:\Documents and Settings\Me\Application Data\autobahn.log
[2007/09/07 09:35:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/08/30 15:50:37 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\glut32.dll
[2007/08/29 13:09:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2007/08/29 13:04:35 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2007/08/29 13:04:35 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2007/08/29 13:04:10 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2007/08/29 13:04:09 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2007/08/29 13:04:08 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2007/06/27 21:06:14 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/06/09 19:41:07 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\fusioncache.dat
[2007/06/06 18:31:16 | 000,001,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/06/06 18:30:26 | 000,000,520 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/06/05 22:28:09 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/06/05 22:26:46 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2007/06/05 22:25:58 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2007/06/05 22:25:58 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2007/06/05 22:19:41 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/06/05 22:17:09 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Welcome.ini
[2007/06/05 22:12:37 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2007/06/05 22:12:27 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2007/06/05 22:11:51 | 000,008,830 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007/06/05 22:11:33 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2007/06/05 22:11:03 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2007/06/05 22:11:03 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2007/06/05 20:52:06 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/01/05 02:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/12/09 14:01:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/05 11:53:36 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/20 11:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[1980/01/01 02:00:00 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 02:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 02:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 02:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll

========== LOP Check ==========

[2010/02/25 18:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aventail
[2007/06/05 22:18:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
[2009/07/02 23:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Juniper Networks
[2009/10/09 15:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PDF Writer
[2009/06/29 18:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Teleca
[2007/11/05 10:47:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/19 20:11:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\acccore
[2008/10/28 19:50:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Aventail
[2008/10/15 21:22:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\InterVideo
[2009/07/02 23:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Juniper Networks
[2008/09/19 20:11:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\LAIM
[2008/07/03 18:29:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Subversion
[2009/07/02 11:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Teleca
[2008/12/24 11:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Walgreens
[2008/02/24 14:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\acccore
[2008/04/26 14:35:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\LAIM
[2009/02/27 12:20:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Subversion
[2009/08/29 21:43:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Teleca
[2008/01/29 21:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\acccore
[2008/10/19 11:07:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\DeepBurner
[2007/11/04 17:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\IBM
[2007/07/31 14:35:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\ICAClient
[2007/06/07 18:16:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\InterTrust
[2007/06/27 21:06:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\InterVideo
[2010/02/05 12:11:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Juniper Networks
[2008/04/05 18:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\LAIM
[2008/03/11 20:59:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Leadertech
[2009/10/09 15:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\PDF Writer
[2007/11/26 12:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SecondLife
[2008/04/05 17:59:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Snapfish
[2009/12/21 09:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SQL Developer
[2008/06/12 22:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Subversion
[2009/07/06 20:27:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Teleca
[2007/07/07 09:44:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Viewpoint
[2008/08/22 13:02:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Walgreens
[2007/06/06 04:14:50 | 000,000,410 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job

========== Purity Check ==========


< End of report >


Extras.txt:
OTL Extras logfile created on: 3/1/2010 9:32:10 AM - Run 1
OTL by OldTimer - Version 3.1.32.0 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 756.00 Mb Available Physical Memory | 74.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.97 Gb Total Space | 7.75 Gb Free Space | 22.81% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: XXXX
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\IBMTOOLS\Updater\ucsmb.exe" = C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\IBMTOOLS\Updater\jre\bin\java.exe" = C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector -- (IBM)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector -- (IBM)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\IBMTOOLS\Updater\ucsmb.exe" = C:\IBMTOOLS\Updater\ucsmb.exe:*:enabled:IBM Update Connector -- (IBM Corporation, Inc.)
"C:\IBMTOOLS\Updater\jre\bin\java.exe" = C:\IBMTOOLS\Updater\jre\bin\java.exe:*:enabled:IBM Update Connector -- (IBM)
"C:\IBMTOOLS\Updater\jre\bin\javaw.exe" = C:\IBMTOOLS\Updater\jre\bin\javaw.exe:*:enabled:IBM Update Connector -- (IBM)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Disabled:AIM -- File not found
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE" = C:\Program Files\Microsoft Games\Age of Empires\EMPIRESX.EXE:*:Enabled:Age of Empires, the Rise of Rome -- (Microsoft Corporation)
"C:\WINDOWS\system32\dplaysvr.exe" = C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Program Files\MLB TV Mosaic\Swarmcast\mlb-nexdef-autobahn.exe" = C:\Program Files\MLB TV Mosaic\Swarmcast\mlb-nexdef-autobahn.exe:*:Enabled:mlb-nexdef-autobahn -- ()
"C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe" = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe:*:Enabled:mlb-nexdef-autobahn -- ()
"C:\Program Files\Hamachi\hamachi.exe" = C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client -- (LogMeIn Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe" = C:\Program Files\Java\jre1.6.0_02\bin\javaw.exe:*:Enabled:Java™ Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Documents and Settings\Me\Local Settings\Temp\Temporary Directory 1 for ftpserver3lite.zip\ftpserver.exe" = C:\Documents and Settings\Me\Local Settings\Temp\Temporary Directory 1 for ftpserver3lite.zip\ftpserver.exe:*:Enabled:Quick 'n Easy FTP Server 3.1 -- (Pablo Software Solutions)
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe" = C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
"C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe" = C:\Program Files\Juniper Networks\Secure Application Manager\dsSamProxy.exe:*:Enabled:Secure Application Manager Proxy -- File not found
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Program Files\winscp\winscp423.exe" = C:\Program Files\winscp\winscp423.exe:*:Enabled:WinSCP: SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\DOCUME~1\Me\LOCALS~1\Temp\0.10725813742607593.exe" = C:\DOCUME~1\Me\LOCALS~1\Temp\0.10725813742607593.exe:*:Enabled:Win32load -- (G9E34ZSn)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1ADE23D7-7A1E-4AEC-BA5D-EB8A01BED943}" = DeepBurner v1.8.0.224
"{1E010E57-0453-4A84-A899-47EEA104661C}" = TortoiseSVN 1.4.8.12137 (32 bit)
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = IBM ThinkPad Keyboard Customizer Utility
"{22B71A00-4DED-11D4-A5E5-0004AC564F43}" = IBM Access Connections
"{23170F69-40C1-2701-0442-000001000000}" = 7-Zip 4.42
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ Beta 4.0
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{25BEC3AB-5CD4-481D-9143-215C1BBB189E}" = Sony Ericsson PC Suite
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{31C2FBAC-67CF-4093-8F36-15A146613747}" = IBM Update Connector
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35A3A4F4-B792-11D6-A78A-00B0D0142160}" = Java 2 SDK, SE v1.4.2_16
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}" = ATI HYDRAVISION
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{50E125D1-88E5-48CE-80AE-98EC9698E639}" = Symantec AntiVirus
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{6010CB17-4DC8-45F2-891F-D90C7B8670B7}" = MLB.TV Mosaic
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
"{710C0BB2-FE39-484E-BB23-C9B96835A14A}" = Access IBM Message Center
"{7169B8E4-2632-46B1-AA5F-167CB5FE5029}" = Symantec Network Drivers Update
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{72552C46-944B-4E16-BBC8-0D85F31C1800}" = Aventail Access Manager
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{7AD35FDD-A268-44b7-9A8E-4677020CC90B}" = 1300Tour
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{82512BC9-BD5D-4C50-BE4D-B98E7DF78687}" = IBM ThinkPad UltraNav Wizard
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
"{924FD767-4B99-47FC-9DB5-2F44E062E548}" = FIRE GL Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{967D588C-9B96-40C9-A222-DCD6922563CA}" = Apple Mobile Device Support
"{980606BB-A475-4a85-A665-6E30DB2F28B3}" = 1300Trb
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = IBM Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A71822CD-7F77-46a3-B761-D6BA35245E95}" = 1300
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B5599ECB-DA72-43EE-8A30-2C80396FF8BB}" = Access IBM
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5AEBFD6-3AF9-4784-81C2-F442C86AA096}" = FIRE GL driver for 3D Studio MAX/VIZ
"{C60BA916-9E44-4DA4-B11A-9E27B7624EF5}" = Sony Ericsson Drivers
"{C92E7DF1-624A-4D95-A4C4-18CB491B44A4}" = Sony Ericsson Device Data
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB83F10A-D02A-4aba-8843-ACAB50D48216}" = 1300_Help
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF44C7A5-5705-41E4-BE84-A9A42977AB05}" = Access IBM Cleanup Utility
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D6BF6477-8369-489F-8DE6-3731F4B88560}" = Sony Ericsson PC Suite
"{E0219810-16E4-437D-9165-93D7B22524F9}" = iTunes
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EA664480-3844-11D5-8C25-444553540000}" = IBM TrackPoint Accessibility Features
"{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"{FF102450-55AA-4AE1-ACE4-E271E2470C83}" = hpmdtab
"7-Zip" = 7-Zip 4.62
"Access IBM Tools" = Access IBM Tools
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age of Empires" = Microsoft Age of Empires
"Age of Empires Expansion 1.0" = Microsoft Age of Empires Expansion
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM Lite" = AIM Lite 0.33
"ATI Display Driver" = ATI Display Driver
"Autobahn" = MLB.TV NexDef Plug-in
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 7.0.0.928
"CD-DA X-Tractor_is1" = CD-DA X-Tractor v0.24
"EasyEject Utility" = IBM ThinkPad EasyEject Utility
"GPL Ghostscript Lite_is1" = GPL Ghostscript Lite 8.64
"Hamachi" = Hamachi 1.0.3.0
"HP Photo & Imaging" = HP Image Zone 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{6010CB17-4DC8-45F2-891F-D90C7B8670B7}" = MLB.TV Mosaic
"InstallShield_{6C72E14A-C1F3-45E5-8810-83CE3C19ED63}" = IBM 32-bit SDK for Java 2, v1.4.1
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.8)" = Mozilla Firefox (3.5.8)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = IBM ThinkPad Power Management Driver
"Presentation Director" = IBM ThinkPad Presentation Director
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealVNC_is1" = VNC Free Edition 4.1.2
"Samsung ML-2010 Series" = Samsung ML-2010 Series
"SecondLife" = SecondLife (remove only)
"Shockwave" = Shockwave
"SynTPDeinstKey" = IBM ThinkPad UltraNav Driver
"ThinkPad Configuration" = IBM ThinkPad Configuration
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"ThinkPadSoftwareInstaller" = ThinkPad Software Installer
"Update Service" = Update Service
"ViewpointMediaPlayer" = Viewpoint Media Player
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2469697218-1065626186-3247022264-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 3/1/2010 9:55:35 AM | Computer Name = XXXX| Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00054E41ADC1. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.

Error - 3/1/2010 10:17:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 3/1/2010 10:17:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 3/1/2010 10:18:25 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7003
Description = The SAVRT service depends on the following nonexistent service: SAVRTPEL

Error - 3/1/2010 10:18:28 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7003
Description = The SAVRT service depends on the following nonexistent service: SAVRTPEL

Error - 3/1/2010 10:18:58 AM | Computer Name = XXXX | Source = System Error | ID = 1003
Description = Error code 00000024, parameter1 001902fe, parameter2 a8e3182c, parameter3
a8e31528, parameter4 f7991a3e.

Error - 3/1/2010 10:30:10 AM | Computer Name = XXXX | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 3/1/2010 10:30:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = The Simple Mail Transfer Protocol (SMTP) service depends on the IIS
Admin service which failed to start because of the following error: %%1068

Error - 3/1/2010 10:30:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7001
Description = The World Wide Web Publishing service depends on the IIS Admin service
which failed to start because of the following error: %%1068

Error - 3/1/2010 10:30:56 AM | Computer Name = XXXX | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ANC eeCtrl Fips IBMTPCHK intelppm Smapint SPBBCDrv SYMTDI TDSMAPI TPHKDRV TPPWR TSMAPIP


< End of report >


#4 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 March 2010 - 11:29 AM

GMER is taking a little longer than I thought. I'll check back and post that within a couple hours.

#5 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 01 March 2010 - 02:05 PM

GMER:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-01 14:04:25
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Me\LOCALS~1\Temp\pxrorpob.sys


---- System - GMER 1.0.15 ----

Code F79D1EB5 ZwCallbackReturn
Code F79D1979 ZwEnumerateKey
Code F79D196F ZwSaveKey
Code F79D1974 ZwSaveKeyEx
Code F79D1BD2 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 mouclass.sys (Mouse Class Driver/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\4DW4R3sVTvtNwkOR.sys (*** hidden *** ) [SYSTEM] 4DW4R3 <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3sVTvtNwkOR.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\connections
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3sVTvtNwkOR.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3XsQmwOJjyo.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e049be3e
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0020e049be3e@001963dcf58a 0x82 0x60 0x73 0xA8 ...
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@ImagePath \systemroot\system32\drivers\4DW4R3sVTvtNwkOR.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@Start 1
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\connections (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\connections@5bf3bc6c
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\injector@* 4DW4R3c
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules@4DW4R3 \\?\globalroot\systemroot\system32\drivers\4DW4R3sVTvtNwkOR.sys
Reg HKLM\SYSTEM\ControlSet002\Services\4DW4R3\modules@4DW4R3c \\?\globalroot\systemroot\system32\4DW4R3XsQmwOJjyo.dll
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e049be3e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0020e049be3e@001963dcf58a 0x82 0x60 0x73 0xA8 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\4DW4R3BwkDrjYIcp.dll 28160 bytes executable
File C:\WINDOWS\system32\4DW4R3c.dll 28160 bytes executable
File C:\WINDOWS\system32\4DW4R3erXhMYkWcW.dll 28160 bytes executable
File C:\WINDOWS\system32\drivers\4DW4R3.sys 46592 bytes executable
File C:\WINDOWS\system32\drivers\4DW4R3KBwvimBVLv.sys 46592 bytes executable
File C:\WINDOWS\system32\drivers\4DW4R3OSlcqkpjLi.sys 46592 bytes executable
File C:\WINDOWS\system32\drivers\4DW4R3sVTvtNwkOR.sys 46592 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\drivers\4DW4R3xBgaKiMrtB.sys 46592 bytes executable
File C:\WINDOWS\system32\lowsec 0 bytes
File C:\WINDOWS\system32\lowsec\local.ds 34886 bytes
File C:\WINDOWS\system32\lowsec\user.ds 0 bytes
File C:\WINDOWS\system32\4DW4R3ScENPUXNQo.dll 28160 bytes executable
File C:\WINDOWS\system32\sdra64.exe 201728 bytes executable
File C:\WINDOWS\system32\4DW4R3sv.dat 53 bytes
File C:\WINDOWS\system32\4DW4R3XsQmwOJjyo.dll 28160 bytes executable
File C:\WINDOWS\Temp\4DW4R3176ac0 53 bytes
File C:\WINDOWS\Temp\4DW4R32e5f2b 53 bytes
File C:\WINDOWS\Temp\4DW4R34556ea 53 bytes
File C:\WINDOWS\Temp\4DW4R35c4fdf 53 bytes
File C:\WINDOWS\Temp\4DW4R3733b72 53 bytes
File C:\WINDOWS\Temp\4DW4R38a23a9 53 bytes

---- EOF - GMER 1.0.15 ----


#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 01 March 2010 - 06:49 PM

Hello, freakyness.
OK, you have a new variant of the TDL rootkit. Let's get to work.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as freakynessCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on freakynessCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 02 March 2010 - 09:55 AM

When running combo fix I got several pop-up errors every time it tried to connect to the internet. Luckily, however, the scan kept on trucking and seems to have worked. It required one reboot. Now I seem to be able to browse the Internet problem-free!! Are there more steps??

Thanks a ton, etavares.

<log attached>

Attached Files



#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 02 March 2010 - 10:50 PM

Hello, freakyness.
OK, a few more things to fix, then we can work on some security holes with your machine.



Step 1

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

You can find a complete guide to using the program here:
http://www.larshederer.homepage.t-online.de/erunt/erunt.txt

When we are finished with fixing your computer (I will make it clear when we are), you can uninstall ERUNT through Add/Remove Programs. The backups will be stored at C:\WINDOWS\erdnt, and will not be deleted when ERUNT is uninstalled.



Step 2

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\DOCUME~1\Me\LOCALS~1\Temp\0.10725813742607593.exe"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring" = 0
    :OTL
    O3 - HKU\S-1-5-21-2469697218-1065626186-3247022264-1005\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found
    :Commands
    [Reboot]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized




Step 3

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push



Step 4

In your reply, please post the two OTL logs from step 2; and the ESET results from Step 3. Any other issues you're noting? If not we can fix some holes in the next post.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 03 March 2010 - 08:44 AM

Ok... I didn't get an extras.log from OTL - not sure why, but I have everything else. (attached).

I haven't seen any other issues with the computer thus far. What's next?

Many Thanks

Attached Files



#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 03 March 2010 - 07:18 PM

Hello, freakyness.
OK, making great progress! thumbup.gif

Let's ensure Windows is up to date and update a few security holes.

Important: You have service pack 2. Updating to SP3 is tricky and your computer should be backed up. I do not recommend it at this time. Please install any OTHER critical updates except for SP3. I recommend you install SP3 at some point, however, but after we clean up the malware.

I see Viewpoint is installed on your machine. Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to the Control Panel, then Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.



Step 1

Now, we need to update Windows.

It is important that you visit Windows Update regularly. This will ensure your computer has always the latest security updates available installed on your computer.

Please check now and if there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Please let me know when you have done this.



Step 2

You are using and outdated version of Adobe Reader. Adobe has since been updated and the update closes many security holes and provides new features.

First, uninstall earlier versions of Adobe Reader.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all versions of Adobe Reader.
  • Check (highlight) any item with Adobe Reader in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Adobe Reader version.
Please download the latest version from:
http://get.adobe.com/reader/

And install it. Once installed, launch it, select Help --> Check for Updates and install any updates.


You may also try the free Foxit PDF reader if you prefer:
http://www.foxitsoftware.com/pdf/reader/



Step 3

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 18 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version.
Step 4

Please post an updated DDS log once you've done the above.

etavares

Edited by etavares, 03 March 2010 - 07:18 PM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 06 March 2010 - 05:03 PM

Hi...have you had a chance to complete the steps above?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 06 March 2010 - 10:44 PM

Sorry, I've been out of town for a few days. I'll be back early this coming week. Thanks for checking.

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 07 March 2010 - 07:59 AM

ok, thanks for the update.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 freakyness

freakyness
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:24 AM

Posted 08 March 2010 - 06:18 PM

Ok, I've done 1, 2 and 3. For #4 though, what is DDS?

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:24 AM

Posted 08 March 2010 - 10:50 PM

Ah, sorry...forgot you posted a GooredLog instead of a DDS log initially. My fault. Please post an OTL quick scan.



If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users