TechSpot

Disconcerting Email - Suspect compromise/hack/malware

By drhodsdon
Oct 13, 2010
  1. B00kwyrm is here with me (visiting at my home), and has helped me run the 8 steps.
    The reason we decided to run them and post, is...
    I received an email, which had attached - pix and notes I had composed / taken - but not sent out.
    The email had an address I knew (a friend from my address book) as it origin (but they denied sending me the note)
    The email headers had another address that I did not know. I deleted the email before realizing I might need the information.

    My Computer is a Gateway Laptop, runing XP Media Edition, SP3.
    The Hard drive has a large boot-partition and a small "recovery partition".
    I have been using ZoneAlarm as my firewall. I did not have an active AV.
    The computer came with McAffee, but has not been used since the "trial" period ran out.


    Summary of the 8 steps...
    • Avira updated and ran without recongizing problems. Log will be posted.
    • TFC ran without problems... cleaning up a lot of temp files.
    • MBAM updated and ran finding two registry keys that were suspect... Initially we did not repair; then we reran and we allowed repair. Log will be posted. When MBAM ran, Avira generated a pop-up alert that it had blocked Autorun of D:\autorun.inf. The D: partition is a recovery partition on my main drive.
    • GMER ran, but refused to save the results (seeming to freeze after naming the file to save as). We tried several times, including disasabling FW and Avira, same results. We tried unchecked "drivers", to no avail. Finally ran it in safe mode, with success in saving.Log will be posted.
    • DDS ran and logs will be posted.

    Your Assistance in evaluating my situation will be much appreciated.
    B00kwyrm says hi.

    Avira Log


    Avira AntiVir Personal
    Report file date: Monday, October 11, 2010 22:46

    Scanning for 1990003 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : Owner
    Computer name : YOUR-A0281B86C4

    Version information:
    BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
    AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 17:37:38
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 17:57:04
    LUKE.DLL : 10.0.2.3 104296 Bytes 3/7/2010 23:33:04
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 04:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 14:05:36
    VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 00:27:49
    VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 22:37:42
    VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 21:37:42
    VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 16:29:03
    VBASE005.VDF : 7.10.4.204 2048 Bytes 3/5/2010 16:29:03
    VBASE006.VDF : 7.10.4.205 2048 Bytes 3/5/2010 16:29:03
    VBASE007.VDF : 7.10.4.206 2048 Bytes 3/5/2010 16:29:03
    VBASE008.VDF : 7.10.4.207 2048 Bytes 3/5/2010 16:29:03
    VBASE009.VDF : 7.10.4.208 2048 Bytes 3/5/2010 16:29:03
    VBASE010.VDF : 7.10.4.209 2048 Bytes 3/5/2010 16:29:03
    VBASE011.VDF : 7.10.4.210 2048 Bytes 3/5/2010 16:29:03
    VBASE012.VDF : 7.10.4.211 2048 Bytes 3/5/2010 16:29:03
    VBASE013.VDF : 7.10.4.242 153088 Bytes 3/8/2010 20:43:21
    VBASE014.VDF : 7.10.5.17 99328 Bytes 3/10/2010 20:24:21
    VBASE015.VDF : 7.10.5.44 107008 Bytes 3/11/2010 22:41:40
    VBASE016.VDF : 7.10.5.69 92672 Bytes 3/12/2010 14:25:53
    VBASE017.VDF : 7.10.5.91 119808 Bytes 3/15/2010 14:39:58
    VBASE018.VDF : 7.10.5.121 112640 Bytes 3/18/2010 18:01:24
    VBASE019.VDF : 7.10.5.138 139776 Bytes 3/18/2010 15:24:56
    VBASE020.VDF : 7.10.5.164 113152 Bytes 3/22/2010 12:04:23
    VBASE021.VDF : 7.10.5.182 108032 Bytes 3/23/2010 14:23:02
    VBASE022.VDF : 7.10.5.199 123904 Bytes 3/24/2010 22:47:50
    VBASE023.VDF : 7.10.5.217 279552 Bytes 3/25/2010 00:11:22
    VBASE024.VDF : 7.10.5.234 202240 Bytes 3/26/2010 22:53:48
    VBASE025.VDF : 7.10.5.254 187904 Bytes 3/30/2010 18:56:47
    VBASE026.VDF : 7.10.6.18 130560 Bytes 4/1/2010 10:56:20
    VBASE027.VDF : 7.10.6.34 136192 Bytes 4/6/2010 14:43:55
    VBASE028.VDF : 7.10.6.44 232448 Bytes 4/7/2010 14:59:22
    VBASE029.VDF : 7.10.6.60 124416 Bytes 4/12/2010 17:43:17
    VBASE030.VDF : 7.10.6.61 2048 Bytes 4/12/2010 17:43:17
    VBASE031.VDF : 7.10.6.62 17408 Bytes 4/12/2010 17:43:17
    Engineversion : 8.2.1.210
    AEVDF.DLL : 8.1.1.3 106868 Bytes 2/13/2010 17:16:21
    AESCRIPT.DLL : 8.1.3.24 1282425 Bytes 4/1/2010 21:05:26
    AESCN.DLL : 8.1.5.0 127347 Bytes 2/25/2010 23:38:41
    AESBX.DLL : 8.1.2.1 254323 Bytes 3/17/2010 16:09:47
    AERDL.DLL : 8.1.4.3 541043 Bytes 3/17/2010 16:09:47
    AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 17:34:51
    AEOFFICE.DLL : 8.1.0.41 201083 Bytes 3/17/2010 16:09:46
    AEHEUR.DLL : 8.1.1.16 2503031 Bytes 3/26/2010 23:43:13
    AEHELP.DLL : 8.1.11.3 242039 Bytes 4/1/2010 21:05:25
    AEGEN.DLL : 8.1.3.6 373108 Bytes 4/1/2010 21:05:25
    AEEMU.DLL : 8.1.1.0 393587 Bytes 11/10/2009 14:04:22
    AECORE.DLL : 8.1.13.1 188790 Bytes 4/1/2010 21:05:25
    AEBB.DLL : 8.1.0.3 53618 Bytes 9/10/2009 17:15:06
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 17:03:38
    AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 17:03:35
    AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 21:47:40
    AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 17:35:46
    AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 17:39:51
    AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 17:22:13
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 14:53:30
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 17:57:58
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 20:38:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 19:41:00
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 18:10:20
    RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 19:14:29

    Configuration settings for the scan:
    Jobname.............................: Short system scan after installation
    Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Monday, October 11, 2010 22:46

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'avconfig.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
    Scan process 'setup.exe' - '1' Module(s) have been scanned
    Scan process 'msiexec.exe' - '1' Module(s) have been scanned
    Scan process 'presetup.exe' - '1' Module(s) have been scanned
    Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'BrMfcWnd.exe' - '1' Module(s) have been scanned
    Scan process 'bigfix.exe' - '1' Module(s) have been scanned
    Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'lxdiamon.exe' - '1' Module(s) have been scanned
    Scan process 'lxdimon.exe' - '1' Module(s) have been scanned
    Scan process 'AOLSoftware.exe' - '1' Module(s) have been scanned
    Scan process 'pptd40nt.exe' - '1' Module(s) have been scanned
    Scan process 'lxbfbmon.exe' - '1' Module(s) have been scanned
    Scan process 'lxbfbmgr.exe' - '1' Module(s) have been scanned
    Scan process 'qttask.exe' - '1' Module(s) have been scanned
    Scan process 'point32.exe' - '1' Module(s) have been scanned
    Scan process 'ifrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
    Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
    Scan process 'stsystra.exe' - '1' Module(s) have been scanned
    Scan process 'iaanotif.exe' - '1' Module(s) have been scanned
    Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'ehtray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'dllhost.exe' - '1' Module(s) have been scanned
    Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'PRISMXL.SYS' - '1' Module(s) have been scanned
    Scan process 'lxdicoms.exe' - '1' Module(s) have been scanned
    Scan process 'iaantmon.exe' - '1' Module(s) have been scanned
    Scan process 'ehSched.exe' - '1' Module(s) have been scanned
    Scan process 'cisvc.exe' - '1' Module(s) have been scanned
    Scan process 'AOLacsd.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'LEXPPS.EXE' - '1' Module(s) have been scanned
    Scan process 'LEXBCES.EXE' - '1' Module(s) have been scanned
    Scan process 'brss01a.exe' - '1' Module(s) have been scanned
    Scan process 'brsvc01a.exe' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:

    Starting to scan executable files (registry).
    The registry was scanned ( '491' files ).



    End of the scan: Monday, October 11, 2010 22:47
    Used time: 00:38 Minute(s)

    The scan has been done completely.

    0 Scanned directories
    994 Files were scanned
    0 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    0 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    994 Files not concerned
    3 Archives were scanned
    0 Warnings
    0 Notes
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Welcome aboard [​IMG]

    I still need those other logs....
     
  3. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    aMBAM Log
    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4806

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    10/12/2010 7:29:48 PM
    mbam-log-2010-10-12 (19-29-48).txt

    Scan type: Quick scan
    Objects scanned: 155759
    Time elapsed: 8 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Valueas Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    NOTE: We re-ran and allowed repair

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4806

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 7.0.5730.13

    10/12/2010 7:29:56 PM
    mbam-log-2010-10-12 (19-29-56).txt

    Scan type: Quick scan
    Objects scanned: 155759
    Time elapsed: 8 minute(s), 5 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 2
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)



    GMER Log
    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-10-13 10:10:43
    Windows 5.1.2600 Service Pack 3
    Running: vehc9mzl.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\kwxyqpog.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    ---- EOF - GMER 1.0.15 ----


    DDS Log
    DDS (Ver_10-10-10.03) - NTFSx86
    Run by Owner at 10:19:14.81 on Wed 10/13/2010
    Internet Explorer: 7.0.5730.13
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1499 [GMT -4:00]

    AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\system32\lxdicoms.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    C:\Program Files\Common Files\AOL\1236780990\ee\AOLSoftware.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\BigFix\bigfix.exe
    C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6931
    uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6931
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6931
    BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: ZoneAlarm Spy Blocker BHO: {f0d4b231-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - c:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
    TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [Power2GoExpress] NA
    uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
    mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
    mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
    mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
    mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\iaanotif.exe"
    mRun: [SigmatelSysTrayApp] stsystra.exe
    mRun: [SMSERIAL] "c:\program files\motorola\smserial\sm56hlpr.exe"
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Lexmark X6100 Series] "c:\program files\lexmark x6100 series\lxbfbmgr.exe"
    mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
    mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
    mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
    mRun: [ControlCenter2.0] "c:\program files\brother\controlcenter2\brctrcen.exe" /autorun
    mRun: [SetDefPrt] "c:\program files\brother\brmfl04b\BrStDvPt.exe"
    mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
    mRun: [HostManager] c:\program files\common files\aol\1236780990\ee\AOLSoftware.exe
    mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
    mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
    mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\status~1.lnk - c:\program files\brother\brmfcmon\BrMfcWnd.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    Notify: igfxcui - igfxdev.dll
    Notify: WRNotifier - WRLogonNTF.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\owner~1.you\applic~1\mozilla\firefox\profiles\we4m7u5w.default\
    FF - plugin: c:\documents and settings\owner.your-a0281b86c4\application data\mozilla\firefox\profiles\we4m7u5w.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\owner.your-a0281b86c4\application data\mozilla\firefox\profiles\we4m7u5w.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre1.5.0_02\bin\NPJPI150_02.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\NPZoneSB.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

    ============= SERVICES / DRIVERS ===============

    R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2010-10-11 11608]
    R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-12-6 532224]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-10-11 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-10-11 267432]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-10-11 60936]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-1 135664]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2010-6-14 99248]

    =============== Created Last 30 ================

    2010-10-12 03:19:47 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Avira
    2010-10-12 02:59:43 -------- d-----w- c:\docume~1\owner~1.you\applic~1\Malwarebytes
    2010-10-12 02:59:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-12 02:59:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-12 02:59:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-12 02:59:27 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-10-12 02:45:02 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-12 02:45:01 -------- d-----w- c:\program files\Avira
    2010-10-12 02:45:01 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
    2010-09-22 22:10:52 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-08-23 11:53:38 409277 ----a-w- c:\documents and settings\all users\SPL39.tmp
    2010-08-23 11:49:57 225161 ----a-w- c:\documents and settings\all users\SPL38.tmp
    2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-07-22 15:49:15 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll

    ============= FINISH: 10:21:10.89 ===============

    NOTE; The Events listed from 10/11 through 10/13 were from disabling processes with Windows Task Manager. B00kwyrm did this in an effort to slim down what was running and hopefully allow GMER to run without going to SafeMode.
    DDS - Attach Log

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-10-10.03)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/29/2006 4:06:18 PM
    System Uptime: 10/13/2010 10:11:34 AM (0 hours ago)

    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz | uFCPGA2 | 1663/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 142 GiB total, 110.027 GiB free.
    D: is FIXED (FAT32) - 7 GiB total, 4.64 GiB free.
    E: is CDROM (CDFS)

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
    Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_0366107B&REV_14\4&9EE4DCE&0&00E0
    Manufacturer: Marvell
    Name: Marvell Yukon 88E8038 PCI-E Fast Ethernet Controller
    PNP Device ID: PCI\VEN_11AB&DEV_4352&SUBSYS_0366107B&REV_14\4&9EE4DCE&0&00E0
    Service: yukonwxp

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Intel(R) PRO/Wireless 3945ABG Network Connection
    Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10008086&REV_02\4&115ADF0F&0&00E1
    Manufacturer: Intel Corporation
    Name: Intel(R) PRO/Wireless 3945ABG Network Connection
    PNP Device ID: PCI\VEN_8086&DEV_4222&SUBSYS_10008086&REV_02\4&115ADF0F&0&00E1
    Service: w39n51

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\660317D3E0B803
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\660317D3E0B803
    Service: NIC1394

    ==== System Restore Points ===================

    RP838: 7/15/2010 8:18:41 AM - System Checkpoint
    RP839: 7/15/2010 8:18:17 PM - Installed Adobe Reader 9.3.3.
    RP840: 7/17/2010 8:32:43 AM - System Checkpoint
    RP841: 7/18/2010 1:16:24 PM - System Checkpoint
    RP842: 7/20/2010 9:05:11 AM - System Checkpoint
    RP843: 7/21/2010 1:55:15 PM - System Checkpoint
    RP844: 7/22/2010 3:31:40 PM - System Checkpoint
    RP845: 7/23/2010 5:22:53 PM - System Checkpoint
    RP846: 7/25/2010 3:12:58 PM - System Checkpoint
    RP847: 7/26/2010 4:20:41 PM - System Checkpoint
    RP848: 7/27/2010 6:57:47 PM - System Checkpoint
    RP849: 7/29/2010 12:24:06 PM - System Checkpoint
    RP850: 7/30/2010 2:13:57 PM - System Checkpoint
    RP851: 8/1/2010 5:54:24 AM - System Checkpoint
    RP852: 8/2/2010 6:01:02 PM - System Checkpoint
    RP853: 8/3/2010 6:58:30 AM - Software Distribution Service 3.0
    RP854: 8/5/2010 10:40:27 AM - System Checkpoint
    RP855: 8/6/2010 1:27:08 PM - System Checkpoint
    RP856: 8/8/2010 5:43:48 AM - System Checkpoint
    RP857: 8/9/2010 5:07:29 PM - System Checkpoint
    RP858: 8/11/2010 8:59:18 PM - System Checkpoint
    RP859: 8/12/2010 5:35:30 AM - Software Distribution Service 3.0
    RP860: 8/13/2010 10:28:53 AM - System Checkpoint
    RP861: 8/15/2010 8:00:42 PM - System Checkpoint
    RP862: 8/17/2010 10:15:38 AM - System Checkpoint
    RP863: 8/18/2010 1:44:52 PM - System Checkpoint
    RP864: 8/19/2010 2:11:00 PM - System Checkpoint
    RP865: 8/20/2010 5:48:50 PM - System Checkpoint
    RP866: 8/23/2010 7:36:24 AM - System Checkpoint
    RP867: 8/25/2010 8:08:09 AM - System Checkpoint
    RP868: 8/27/2010 7:38:36 PM - System Checkpoint
    RP869: 8/29/2010 2:37:20 PM - System Checkpoint
    RP870: 8/31/2010 3:27:13 PM - System Checkpoint
    RP871: 9/1/2010 5:35:01 PM - System Checkpoint
    RP872: 9/2/2010 7:21:50 PM - System Checkpoint
    RP873: 9/5/2010 7:58:21 AM - System Checkpoint
    RP874: 9/6/2010 10:55:01 AM - System Checkpoint
    RP875: 9/7/2010 1:11:43 PM - System Checkpoint
    RP876: 9/9/2010 7:40:58 AM - System Checkpoint
    RP877: 9/12/2010 12:55:05 PM - System Checkpoint
    RP878: 9/13/2010 3:52:47 PM - System Checkpoint
    RP879: 9/15/2010 6:31:42 AM - System Checkpoint
    RP880: 9/16/2010 7:07:33 AM - Software Distribution Service 3.0
    RP881: 9/17/2010 10:57:30 AM - System Checkpoint
    RP882: 9/18/2010 7:49:16 PM - System Checkpoint
    RP883: 9/20/2010 9:16:51 AM - System Checkpoint
    RP884: 9/21/2010 1:44:12 PM - System Checkpoint
    RP885: 9/22/2010 1:59:39 PM - System Checkpoint
    RP886: 9/23/2010 3:25:35 PM - System Checkpoint
    RP887: 9/24/2010 5:55:34 PM - System Checkpoint
    RP888: 9/26/2010 2:59:15 PM - System Checkpoint
    RP889: 9/28/2010 4:17:31 PM - System Checkpoint
    RP890: 9/29/2010 7:38:46 AM - Software Distribution Service 3.0
    RP891: 9/30/2010 5:39:51 PM - System Checkpoint
    RP892: 10/1/2010 7:23:22 PM - System Checkpoint
    RP893: 10/2/2010 7:24:17 PM - System Checkpoint
    RP894: 10/6/2010 1:24:39 PM - System Checkpoint
    RP895: 10/9/2010 5:36:45 PM - Software Distribution Service 3.0
    RP896: 10/11/2010 9:20:14 PM - System Checkpoint
    RP897: 10/11/2010 10:35:00 PM - Removed Trend Micro Antivirus

    =====continued next post=====
     
  4. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    ==== Installed Programs ======================

    ABBYY FineReader 5.0 Sprint Plus
    ABBYY FineReader 6.0 Sprint
    Adobe Download Manager
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    AOL Registration
    AOL Uninstaller (Choose which Products to Remove)
    ArcSoft Camera Suite
    Avira AntiVir Personal - Free Antivirus
    BigFix
    Brother MFL-Pro Suite
    Camera Window
    Canon Camera Window for ZoomBrowser EX
    Canon PhotoRecord
    Canon Utilities File Viewer Utility 1.3
    Canon Utilities PhotoStitch 3.1
    Canon Utilities RemoteCapture 2.7
    Canon Utilities ZoomBrowser EX
    Critical Update for Windows Media Player 11 (KB959772)
    DeLorme Street Atlas USA 2007
    DeLorme Street Atlas USA 2007 Service Pack 3
    DeLorme Street Atlas USA 2010 Plus
    DeLorme Topo USA 6
    DeLorme Topo USA 6.0 DVD Data
    DeLorme Topo USA 6.0 PN Merge Modules
    DVD Solution
    Earthmate Image Tagger
    Family Tree Maker 7.0
    File Viewer Utility 1.3
    Garmin USB Drivers
    Garmin WebUpdater
    Google Earth
    Google Update Helper
    gtw_logo
    High Definition Audio Driver Package - KB888111
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    Intel Matrix Storage Manager
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    J2SE Runtime Environment 5.0 Update 2
    Learn2 Player (Uninstall Only)
    Lexmark 3500-4500 Series
    Lexmark Fax Solutions
    Lexmark Toolbar
    Lexmark X6100 Series
    Lotus SmartSuite - English
    Malwarebytes' Anti-Malware
    mCore
    mDriver
    mDrWiFi
    mHelp
    Microsoft .NET Framework 1.0 Hotfix (KB953295)
    Microsoft .NET Framework 1.0 Hotfix (KB979904)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Starter Edition 2006
    Microsoft Digital Image Starter Edition 2006 Editor
    Microsoft Digital Image Starter Edition 2006 Library
    Microsoft IntelliPoint 5.3
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Money 2006
    Microsoft National Language Support Downlevel APIs
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    mIWA
    mLogView
    mMHouse
    Motorola SM56 Data Fax Modem
    Mozilla Firefox (3.6.10)
    mPfMgr
    mPfWiz
    mProSafe
    MSN
    mWlsSafe
    mXML
    mZConfig
    Napster Burn Engine
    PaperPort
    PhotoStitch
    Power2Go 4.0
    PowerDVD
    Print Artist Craft & Party Maker
    Print to Fax
    QuickTime
    RealPlayer Basic
    Recovery Software Suite Gateway
    RemoteCapture 2.7.3
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Security Update for Windows XP (KB982802)
    SigmaTel Audio
    Sonic Encoders
    Synaptics Pointing Device Driver
    Texas Instruments PCIxx21/x515/xx12 drivers.
    TIPCI
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Media Player 10 (KB910393)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VC 9.0 Runtime
    Viewpoint Media Player
    WebFldrs XP
    Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool
    Windows Internet Explorer 7
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Media Player Firefox Plugin
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Media Center Edition 2005 KB973768
    Windows XP Service Pack 3
    ZoneAlarm
    ZoneAlarm Spy Blocker

    ==== Event Viewer Messages From Past Week ========

    10/9/2010 7:20:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/9/2010 6:20:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/9/2010 5:50:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/9/2010 5:35:48 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    10/6/2010 1:09:06 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    10/6/2010 1:09:04 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService service to connect.
    10/6/2010 1:09:04 PM, error: Service Control Manager [7000] - The lxdiCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/13/2010 9:02:53 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    10/13/2010 8:55:41 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss ssmdrv Tcpip vsdatant
    10/13/2010 8:55:41 AM, error: Service Control Manager [7001] - The TrueVector Internet Monitor service depends on the vsdatant service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2010 8:55:41 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2010 8:55:41 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2010 8:55:41 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2010 8:55:41 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    10/13/2010 8:54:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    10/13/2010 8:54:56 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/13/2010 3:11:08 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/13/2010 3:10:21 AM, error: Service Control Manager [7031] - The Media Center Extender Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
    10/13/2010 3:09:59 AM, error: Service Control Manager [7034] - The Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s).
    10/12/2010 8:11:16 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the AntiVirSchedulerService service.
    10/12/2010 12:48:24 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the PolicyAgent service.
    10/11/2010 11:53:43 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service ntmssvc with arguments "-Service" in order to run the server: {D61A27C6-8F53-11D0-BFA0-00A024151983}
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The PrismXL service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The lxdi_device service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Service service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The Intel(R) PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The Intel(R) Matrix Storage Event Monitor service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The BrSplService service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:49:16 PM, error: Service Control Manager [7034] - The AOL Connectivity Service service terminated unexpectedly. It has done this 1 time(s).
    10/11/2010 10:43:47 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    10/11/2010 10:43:47 PM, error: SideBySide [59] - Generate Activation Context failed for C:\DOCUME~1\OWNER~1.YOU\LOCALS~1\Temp\RarSFX0\redist.dll. Reference error message: The operation completed successfully. .
    10/11/2010 10:43:47 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

    ==== End Of File ===========================
     
  5. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    Thanks for your help Broni.
    I had to wait to add the rest until the first post was approved by the moderator.
    We were away, sight seeing today, and just got back.
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.


    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    Okay, Broni... the first mbrcheck log is on my machine.
    I am logged on from another, as I just got a BSOD from combofix...
    0xD1 (0xE47C0000, etc)
    mbr.sys - address 9982d41d base at 9982c000 datestamp 4add63e5

    I have not yet closed the blue screen or tried to reboot.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Reboot manually.
    If still same problem, Combofix can be run from Safe Mode.
     
  9. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    mbrcheck

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows XP Professional
    Windows Information: Service Pack 3 (build 2600)
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 177):
    0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
    0x806E4000 \WINDOWS\system32\hal.dll
    0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
    0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
    0xB9F79000 ACPI.sys
    0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
    0xB9F68000 pci.sys
    0xBA0A8000 isapnp.sys
    0xBA0B8000 ohci1394.sys
    0xBA0C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
    0xBA4BC000 compbatt.sys
    0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
    0xBA670000 pciide.sys
    0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
    0xBA5AC000 aliide.sys
    0xBA5AE000 intelide.sys
    0xBA5B0000 toside.sys
    0xBA5B2000 viaide.sys
    0xBA5B4000 cmdide.sys
    0xB9F4A000 pcmcia.sys
    0xBA0D8000 MountMgr.sys
    0xB9F2B000 ftdisk.sys
    0xBA5B6000 dmload.sys
    0xB9F05000 dmio.sys
    0xBA4C4000 ACPIEC.sys
    0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
    0xBA330000 PartMgr.sys
    0xBA0E8000 VolSnap.sys
    0xBA4C8000 cpqarray.sys
    0xB9EED000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
    0xB9E17000 IASTOR.SYS
    0xB9DFF000 atapi.sys
    0xBA4CC000 aha154x.sys
    0xBA338000 sparrow.sys
    0xBA4D0000 symc810.sys
    0xBA0F8000 aic78xx.sys
    0xBA4D4000 dac960nt.sys
    0xBA108000 ql10wnt.sys
    0xBA4D8000 amsint.sys
    0xBA340000 asc.sys
    0xBA4DC000 asc3550.sys
    0xBA348000 mraid35x.sys
    0xBA350000 i2omp.sys
    0xBA4E0000 ini910u.sys
    0xBA118000 ql1240.sys
    0xBA128000 aic78u2.sys
    0xBA358000 symc8xx.sys
    0xBA360000 sym_hi.sys
    0xBA368000 sym_u3.sys
    0xBA370000 ABP480N5.SYS
    0xBA378000 asc3350p.sys
    0xBA5B8000 cd20xrnt.sys
    0xBA138000 ultra.sys
    0xB9DE6000 adpu160m.sys
    0xBA380000 dpti2o.sys
    0xBA148000 ql1080.sys
    0xBA158000 ql1280.sys
    0xBA168000 ql12160.sys
    0xBA388000 perc2.sys
    0xBA5BA000 perc2hib.sys
    0xBA390000 hpn.sys
    0xBA4E4000 cbidf2k.sys
    0xB9DBA000 dac2w2k.sys
    0xBA178000 disk.sys
    0xBA188000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
    0xB9D9A000 fltmgr.sys
    0xB9D88000 sr.sys
    0xBA398000 PxHelp20.sys
    0xB9D71000 KSecDD.sys
    0xB9CE4000 Ntfs.sys
    0xB9CB7000 NDIS.sys
    0xBA198000 viaagp.sys
    0xBA1A8000 sisagp.sys
    0xB9C9D000 Mup.sys
    0xBA1B8000 alim1541.sys
    0xBA1C8000 amdagp.sys
    0xBA1D8000 agp440.sys
    0xBA1E8000 agpCPQ.sys
    0xB9C1D000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0xBA59C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0xB8F82000 \SystemRoot\system32\DRIVERS\ialmnt5.sys
    0xB8EC7000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
    0xB8E39000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0xB8BA2000 \SystemRoot\system32\DRIVERS\w39n51.sys
    0xBA448000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0xB8465000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0xBA3D8000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0xB826F000 \SystemRoot\system32\drivers\tifm21.sys
    0xBA2A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0xBA4A8000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0xB8116000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0xBA5D2000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0xBA468000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0xBA2C8000 \SystemRoot\system32\DRIVERS\imapi.sys
    0xB9688000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
    0xB9668000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0xB9658000 \SystemRoot\system32\DRIVERS\redbook.sys
    0xB7B27000 \SystemRoot\system32\DRIVERS\ks.sys
    0xBA3C8000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xBA5DA000 \SystemRoot\system32\DRIVERS\serscan.sys
    0xBA745000 \SystemRoot\system32\DRIVERS\audstub.sys
    0xB9638000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0xB9B80000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0xB7768000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0xB9628000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0xB9618000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0xBA3E0000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0xB7589000 \SystemRoot\system32\DRIVERS\psched.sys
    0xB95F8000 \SystemRoot\system32\DRIVERS\msgpc.sys
    0xBA3F0000 \SystemRoot\system32\DRIVERS\ptilink.sys
    0xBA428000 \SystemRoot\system32\DRIVERS\raspti.sys
    0xBA410000 \SystemRoot\system32\DRIVERS\wanatw4.sys
    0xB7463000 \SystemRoot\system32\DRIVERS\rdpdr.sys
    0xBA308000 \SystemRoot\system32\DRIVERS\termdd.sys
    0xBA5E2000 \SystemRoot\system32\DRIVERS\swenum.sys
    0xB72F4000 \SystemRoot\system32\DRIVERS\update.sys
    0xBA580000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0xB9C6D000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xA6751000 \SystemRoot\system32\drivers\sthda.sys
    0xA672D000 \SystemRoot\system32\drivers\portcls.sys
    0xBA318000 \SystemRoot\system32\drivers\drmk.sys
    0xA6652000 \SystemRoot\system32\DRIVERS\smserial.sys
    0xBA3E8000 \SystemRoot\System32\Drivers\Modem.SYS
    0xA6E3C000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0xB9B38000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0xA54EC000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0xBA3C0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0xB9B34000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0xA6B3B000 \SystemRoot\System32\Drivers\i2omgmt.SYS
    0xBA638000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xBA6EB000 \SystemRoot\System32\Drivers\Null.SYS
    0xBA63A000 \SystemRoot\System32\Drivers\Beep.SYS
    0xBA480000 \SystemRoot\System32\drivers\vga.sys
    0xBA63C000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBA63E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0xBA488000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xBA490000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xA6B33000 \SystemRoot\system32\DRIVERS\rasacd.sys
    0xA2A40000 \SystemRoot\system32\DRIVERS\ipsec.sys
    0xA29E7000 \SystemRoot\system32\DRIVERS\tcpip.sys
    0xA29BF000 \SystemRoot\system32\DRIVERS\netbt.sys
    0xA2999000 \SystemRoot\system32\DRIVERS\ipnat.sys
    0xA54DC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0xA28F0000 \SystemRoot\System32\vsdatant.sys
    0xA194F000 \SystemRoot\System32\drivers\afd.sys
    0xA4BA9000 \SystemRoot\system32\DRIVERS\netbios.sys
    0xBA450000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0xA1924000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0xA188C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0xA2B03000 \SystemRoot\System32\Drivers\Fips.SYS
    0xA186A000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0xBA5DE000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    0x98B20000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0x99E85000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0x98A4A000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0xBF800000 \SystemRoot\System32\win32k.sys
    0xA2985000 \SystemRoot\System32\drivers\Dxapi.sys
    0x98ECF000 \SystemRoot\System32\watchdog.sys
    0xBF000000 \SystemRoot\System32\drivers\dxg.sys
    0x99518000 \SystemRoot\System32\drivers\dxgthk.sys
    0xBF021000 \SystemRoot\System32\ialmdnt5.dll
    0xBF012000 \SystemRoot\System32\ialmrnt5.dll
    0xBF043000 \SystemRoot\System32\ialmdev5.DLL
    0xBF07E000 \SystemRoot\System32\ialmdd5.DLL
    0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
    0x98A35000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0xA6B03000 \SystemRoot\system32\DRIVERS\AegisP.sys
    0x98DFE000 \SystemRoot\system32\DRIVERS\s24trans.sys
    0xA6B37000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x988B8000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBA278000 \SystemRoot\system32\drivers\sysaudio.sys
    0x9883D000 \SystemRoot\system32\DRIVERS\mrxdav.sys
    0xBA602000 \SystemRoot\System32\Drivers\ASCTRM.SYS
    0x98614000 \SystemRoot\System32\Drivers\HTTP.sys
    0x9856D000 \SystemRoot\system32\DRIVERS\srv.sys
    0xBA5F2000 \??\C:\WINDOWS\system32\drivers\pmemnt.sys
    0x7C900000 \WINDOWS\system32\ntdll.dll

    Processes (total 70):
    0 System Idle Process
    4 System
    608 C:\WINDOWS\system32\smss.exe
    664 csrss.exe
    688 C:\WINDOWS\system32\winlogon.exe
    732 C:\WINDOWS\system32\services.exe
    744 C:\WINDOWS\system32\lsass.exe
    916 C:\WINDOWS\system32\svchost.exe
    980 svchost.exe
    1020 C:\WINDOWS\system32\svchost.exe
    1076 C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    1104 C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    1164 svchost.exe
    1240 svchost.exe
    1348 C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    1676 C:\WINDOWS\explorer.exe
    1300 C:\WINDOWS\system32\brsvc01a.exe
    1312 C:\WINDOWS\system32\LEXBCES.EXE
    1328 C:\WINDOWS\system32\brss01a.exe
    1380 C:\WINDOWS\system32\LEXPPS.EXE
    1388 C:\WINDOWS\system32\spoolsv.exe
    1440 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1776 svchost.exe
    192 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    196 C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
    220 C:\WINDOWS\system32\cisvc.exe
    272 C:\WINDOWS\ehome\ehSched.exe
    460 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    504 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1652 C:\WINDOWS\system32\lxdicoms.exe
    2056 C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    2104 C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    2196 svchost.exe
    2232 C:\WINDOWS\system32\svchost.exe
    2352 mcrdsvc.exe
    2804 C:\WINDOWS\system32\dllhost.exe
    3140 alg.exe
    3740 C:\WINDOWS\ehome\ehtray.exe
    3772 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    3792 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    3860 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    3880 C:\WINDOWS\ehome\ehmsas.exe
    3956 C:\WINDOWS\stsystra.exe
    4044 C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    2040 C:\WINDOWS\system32\hkcmd.exe
    176 C:\WINDOWS\system32\igfxpers.exe
    2000 C:\WINDOWS\system32\svchost.exe
    1976 C:\WINDOWS\system32\igfxsrvc.exe
    1932 C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    2028 C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    2256 C:\Program Files\Microsoft IntelliPoint\point32.exe
    2288 C:\Program Files\QuickTime\qttask.exe
    2320 C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    2388 C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    2620 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    2912 C:\Program Files\Common Files\AOL\1236780990\ee\aolsoftware.exe
    3020 C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    3024 C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    3064 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    2504 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    3736 C:\WINDOWS\system32\ctfmon.exe
    3752 C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    924 C:\Program Files\Messenger\msmsgs.exe
    2412 C:\Program Files\BigFix\bigfix.exe
    1252 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    1160 C:\WINDOWS\system32\wuauclt.exe
    548 C:\Program Files\Mozilla Firefox\firefox.exe
    1656 C:\Program Files\Mozilla Firefox\plugin-container.exe
    3380 C:\WINDOWS\system32\cidaemon.exe
    1596 C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`b5ce7a00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: HitachiHTS541616J9SA00, Rev: SB4OC70P

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Done!
     
  10. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    combofix log

    ComboFix 10-10-12.03 - Owner 10/13/2010 23:07:57.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1407 [GMT -4:00]
    Running from: c:\documents and settings\Owner.YOUR-A0281B86C4\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    D:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-14 to 2010-10-14 )))))))))))))))))))))))))))))))
    .

    2010-10-13 01:57 . 2010-10-13 01:58 -------- d-----w- c:\program files\Common Files\Adobe
    2010-10-12 03:19 . 2010-10-12 03:19 -------- d-----w- c:\documents and settings\Owner.YOUR-A0281B86C4\Application Data\Avira
    2010-10-12 02:59 . 2010-10-12 02:59 -------- d-----w- c:\documents and settings\Owner.YOUR-A0281B86C4\Application Data\Malwarebytes
    2010-10-12 02:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-12 02:59 . 2010-10-12 02:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-12 02:59 . 2010-10-12 02:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-10-12 02:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-12 02:45 . 2010-03-01 14:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-10-12 02:45 . 2010-02-16 18:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-10-12 02:45 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-10-12 02:45 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\program files\Avira
    2010-10-12 02:45 . 2010-10-12 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
    2010-09-22 22:10 . 2010-09-22 22:10 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Power2GoExpress"="NA" [X]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-11-05 98394]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-11-05 688218]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-10-12 139264]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-12-27 413696]
    "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-05-24 573440]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
    "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 667718]
    "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 602182]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-11 98304]
    "Lexmark X6100 Series"="c:\program files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-04-21 57344]
    "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
    "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
    "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
    "ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2004-07-20 851968]
    "SetDefPrt"="c:\program files\Brother\Brmfl04b\BrStDvPt.exe" [2004-05-25 49152]
    "FaxCenterServer"="c:\program files\\Lexmark Fax Solutions\fm3032.exe" [2007-05-07 312240]
    "HostManager"="c:\program files\Common Files\AOL\1236780990\ee\AOLSoftware.exe" [2008-06-24 41824]
    "lxdimon.exe"="c:\program files\Lexmark 3500-4500 Series\lxdimon.exe" [2007-05-07 435120]
    "lxdiamon"="c:\program files\Lexmark 3500-4500 Series\lxdiamon.exe" [2007-03-05 20480]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-23 1043968]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    BigFix.lnk - c:\program files\BigFix\bigfix.exe [2006-9-11 2168360]
    Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [2002-8-8 32768]
    Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-10-1 819200]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\WINDOWS\\system32\\lxdicoms.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdiamon.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\App4r.exe"=
    "c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\scan\\scanman6.exe"=
    "c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\Wireless\\lxdiwpss.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdiwbgw.exe"=
    "c:\\Program Files\\AOL\\RC\\regclient.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1236780990\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Lexmark 3500-4500 Series\\lxdimon.exe"=
    "c:\\WINDOWS\\system32\\lxdicfg.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdipswx.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxditime.exe"=
    "c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdijswx.exe"=
    "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/11/2010 10:45 PM 135336]
    R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/1/2010 2:55 PM 135664]
    S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [6/14/2010 4:10 PM 99248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 18:55]

    2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-01 18:55]

    2006-11-29 c:\windows\Tasks\ISP signup reminder 1.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

    2006-11-29 c:\windows\Tasks\ISP signup reminder 2.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]

    2006-11-29 c:\windows\Tasks\ISP signup reminder 3.job
    - c:\windows\system32\OOBE\oobebaln.exe [2006-06-17 00:12]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6931
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    FF - ProfilePath - c:\documents and settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\
    FF - plugin: c:\documents and settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
    FF - plugin: c:\documents and settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    MSConfigStartUp-msci - c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\2006112916925_mcinfo.exe


    .
    Completion time: 2010-10-13 23:18:27
    ComboFix-quarantined-files.txt 2010-10-14 03:18

    Pre-Run: 117,758,656,512 bytes free
    Post-Run: 117,652,803,584 bytes free

    - - End Of File - - C4D7DC588A99DFF05384540FA44302E5
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Both logs look good :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl.txt part1

    OTL logfile created on: 10/13/2010 11:43:41 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.20 Gb Total Space | 109.59 Gb Free Space | 77.07% Space Free | Partition Type: NTFS
    Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.96% Space Free | Partition Type: FAT32
    Drive E: | 49.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: YOUR-A0281B86C4 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/10/13 23:39:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\OTL.exe
    PRC - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    PRC - [2010/06/23 13:51:30 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2008/06/24 14:34:50 | 000,041,824 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1236780990\ee\aolsoftware.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2007/05/07 14:07:08 | 000,435,120 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
    PRC - [2007/04/26 11:38:38 | 000,517,040 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdicoms.exe
    PRC - [2007/03/05 08:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
    PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
    PRC - [2006/09/11 01:56:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    PRC - [2006/05/23 22:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
    PRC - [2005/12/28 14:56:16 | 000,602,182 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    PRC - [2005/12/28 14:55:40 | 000,667,718 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
    PRC - [2005/12/28 14:52:32 | 000,397,381 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    PRC - [2005/12/28 14:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    PRC - [2005/12/28 14:45:02 | 000,114,753 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    PRC - [2005/12/28 14:44:24 | 000,217,164 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    PRC - [2005/12/27 13:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
    PRC - [2005/10/12 15:30:42 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    PRC - [2005/10/11 15:47:58 | 002,168,360 | ---- | M] (BigFix Inc.) -- C:\Program Files\BigFix\bigfix.exe
    PRC - [2004/11/05 10:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    PRC - [2004/04/14 14:46:50 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
    PRC - [2004/03/26 19:30:12 | 000,819,200 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
    PRC - [2003/04/21 02:00:22 | 000,049,152 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
    PRC - [2003/04/21 01:38:12 | 000,057,344 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
    PRC - [2001/12/12 20:01:00 | 000,045,056 | ---- | M] (brother Industries Ltd) -- C:\WINDOWS\system32\brss01a.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/10/13 23:39:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\OTL.exe
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2004/11/05 10:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/06/23 13:52:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
    SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2007/04/26 11:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdicoms.exe -- (lxdi_device)
    SRV - [2007/04/26 11:38:21 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
    SRV - [2006/09/11 01:56:35 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
    SRV - [2005/12/28 14:47:10 | 000,540,745 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor) Intel(R)
    SRV - [2005/12/28 14:45:02 | 000,114,753 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
    SRV - [2005/12/28 14:44:24 | 000,217,164 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
    SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
    SRV - [2005/10/12 15:30:24 | 000,086,140 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMon) Intel(R)
    SRV - [2002/04/11 20:00:00 | 000,057,344 | ---- | M] (brother Industries Ltd) [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\ZoneLabs\srescan.sys -- (srescan)
    DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
    DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
    DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2006/09/11 01:54:50 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
    DRV - [2006/06/15 18:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
    DRV - [2006/05/23 22:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
    DRV - [2006/01/22 20:50:00 | 000,244,480 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
    DRV - [2005/12/28 16:22:08 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2005/12/05 03:55:30 | 001,428,096 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/10/12 15:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS -- (iaStor)
    DRV - [2005/09/21 03:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
    DRV - [2004/11/10 20:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2004/11/10 20:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2004/11/05 10:47:00 | 000,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2001/08/18 00:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/18 00:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/18 00:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/18 00:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/18 00:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 23:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 23:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 23:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 23:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 23:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 23:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 23:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 23:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 23:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 23:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [1999/03/08 08:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6931
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\CNNSI, = search.sportsillustrated.cnn.com/pages/search.jsp?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Dictionary, = dictionary.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Google, = google.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleGroups, = groups-beta.google.com/groups?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleImages, = images.google.com/images?hl=en&lr=&q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\GoogleNews, = news.google.com/news?tab=gn&hl=en&ie=UTF-8&q=%s&btnG=Search+News
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KB, = support.microsoft.com/search/default.aspx?query=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\KBDLL, = support.microsoft.com/dllhelp/default.aspx?dlltype=file&l=55&alpha=%s&S=1
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Movies, = fandango.com/my_box_office.asp?searchby=2&txtCityZip=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\MSN, = search.msn.com/results.asp?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Thesaurus, = thesaurus.reference.com/search?q=%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Weather, = weather.com/weather/local/%s
    IE - HKCU\Software\Microsoft\Internet Explorer\SearchURL\Yahoo, = search.yahoo.com/search?p=%s
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.63

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/20 09:42:57 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/12 21:58:17 | 000,000,000 | ---D | M]

    [2009/01/14 10:06:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Extensions
    [2010/10/13 10:39:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\extensions
    [2010/05/09 14:30:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
    [2010/06/27 16:55:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Mozilla\Firefox\Profiles\we4m7u5w.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2009/01/14 10:06:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2008/06/19 14:47:45 | 000,024,673 | ---- | M] (Check Point Software Technologies Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll
     
  13. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl -part 2

    O1 HOSTS File: ([2010/10/13 23:16:21 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O2 - BHO: (ZoneAlarm Spy Blocker BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKLM\..\Toolbar: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O3 - HKCU\..\Toolbar\WebBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
    O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Spy Blocker) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL (ZoneAlarm)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
    O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1236780990\ee\aolsoftware.exe (AOL LLC)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
    O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
    O4 - HKLM..\Run: [Lexmark X6100 Series] C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe (Lexmark International, Inc.)
    O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
    O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
    O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
    O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
    O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04b\BrStDvPt.exe (Brother Industories, Ltd.)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
    O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.)
    O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
    O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [Power2GoExpress] File not found
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab (Java Plug-in 1.5.0_02)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.255.252.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
    O24 - Desktop WallPaper: C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (16902109354000384)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/10/13 23:39:26 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\OTL.exe
    [2010/10/13 23:01:27 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/10/13 22:46:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/10/13 22:45:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/10/13 22:45:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/10/13 22:45:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/10/13 22:45:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/10/13 22:44:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/10/13 22:44:21 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/12 21:57:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
    [2010/10/12 21:57:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2010/10/11 23:19:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Avira
    [2010/10/11 22:59:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Malwarebytes
    [2010/10/11 22:59:29 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/10/11 22:59:27 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/10/11 22:59:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/10/11 22:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/10/11 22:45:05 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
    [2010/10/11 22:45:02 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
    [2010/10/11 22:45:02 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
    [2010/10/11 22:45:02 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
    [2010/10/11 22:45:02 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
    [2010/10/11 22:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2010/10/11 22:45:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
    [2010/10/11 22:42:59 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\TFC.exe
    [2010/10/11 22:42:55 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbam-setup-1.46.exe
    [2010/08/25 11:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\Mike and Anna Trip to Maine August 2010
    [2010/07/22 13:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
    [2010/07/22 13:29:13 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
    [2010/06/14 16:07:46 | 001,187,840 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiserv.dll
    [2010/06/14 16:07:46 | 000,942,080 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiusb1.dll
    [2010/06/14 16:07:46 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiinpa.dll
    [2010/06/14 16:07:46 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiiesc.dll
    [2010/06/14 16:07:46 | 000,311,296 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihcp.dll
    [2010/06/14 16:07:45 | 000,614,400 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipmui.dll
    [2010/06/14 16:07:45 | 000,532,480 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdilmpm.dll
    [2010/06/14 16:07:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdiprox.dll
    [2010/06/14 16:07:45 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdipplc.dll
    [2010/06/14 16:07:44 | 000,671,744 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdihbn3.dll
    [2010/06/14 16:07:43 | 000,765,952 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomc.dll
    [2010/06/14 16:07:43 | 000,360,448 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdicomm.dll
    [16 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/10/13 23:39:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\OTL.exe
    [2010/10/13 23:16:21 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/10/13 22:59:09 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/10/13 22:58:12 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/10/13 22:57:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/10/13 22:57:55 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
    [2010/10/13 22:47:01 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2010/10/13 22:35:49 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\ComboFix.exe
    [2010/10/13 22:34:38 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck(2).exe
    [2010/10/13 22:34:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck.exe
    [2010/10/13 22:14:11 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/10/12 22:58:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\vehc9mzl.exe
    [2010/10/12 21:58:18 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/11 22:59:32 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/11 22:45:23 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/11 22:25:20 | 000,544,768 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\dds.scr
    [2010/10/11 22:24:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbzz3pgm.exe
    [2010/10/11 22:23:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbam-setup-1.46.exe
    [2010/10/11 22:21:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\TFC.exe
    [2010/10/11 22:21:18 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\avira_antivir_personal_en.exe
    [2010/10/09 18:04:35 | 000,006,144 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/09 17:42:49 | 000,442,114 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/10/09 17:42:49 | 000,071,884 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/09/24 13:18:43 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/09/22 12:44:22 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\ZoomBrowser EX.lnk
    [2010/09/16 07:11:35 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/09/13 12:45:30 | 000,002,373 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Street Atlas USA 2010 Plus.lnk
    [2010/08/29 20:20:02 | 000,024,814 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
    [2010/08/12 06:01:37 | 000,255,864 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/07/21 21:32:00 | 000,000,082 | ---- | M] () -- C:\WINDOWS\MPLAYER.INI
    [16 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
     
  14. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl -part3

    ========== Files Created - No Company Name ==========

    [2010/10/13 22:47:01 | 000,000,209 | ---- | C] () -- C:\Boot.bak
    [2010/10/13 22:46:58 | 000,260,272 | RHS- | C] () -- C:\cmldr
    [2010/10/13 22:45:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/10/13 22:45:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/10/13 22:45:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/10/13 22:45:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/10/13 22:45:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/10/13 22:35:19 | 003,878,092 | R--- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\ComboFix.exe
    [2010/10/13 22:34:38 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck(2).exe
    [2010/10/13 22:34:23 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck.exe
    [2010/10/13 10:12:04 | 2137,182,208 | -HS- | C] () -- C:\hiberfil.sys
    [2010/10/12 22:58:21 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\vehc9mzl.exe
    [2010/10/12 21:58:17 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/10/11 22:59:32 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/10/11 22:45:23 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
    [2010/10/11 22:42:58 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbzz3pgm.exe
    [2010/10/11 22:42:55 | 000,544,768 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\dds.scr
    [2010/10/11 22:42:31 | 044,089,904 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\avira_antivir_personal_en.exe
    [2010/09/24 13:18:43 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
    [2010/06/14 16:10:15 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdivs.dll
    [2010/06/14 16:10:13 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\lxdicoin.dll
    [2010/06/14 16:09:56 | 000,692,224 | ---- | C] () -- C:\WINDOWS\System32\lxdidrs.dll
    [2010/06/14 16:09:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\lxdicaps.dll
    [2010/06/14 16:09:55 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\lxdicnv4.dll
    [2010/06/14 16:08:00 | 000,000,060 | -H-- | C] () -- C:\WINDOWS\System32\lxdirwrd.ini
    [2010/06/14 16:07:46 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxdiinst.dll
    [2010/06/14 16:07:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdigrd.dll
    [2008/06/22 20:45:23 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Application Data\fusioncache.dat
    [2008/04/29 19:41:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
    [2008/03/17 18:31:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\APPROACH.INI
    [2007/12/06 22:31:11 | 000,796,048 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
    [2007/10/27 11:16:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMON.DLL
    [2007/10/27 11:16:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxf3oem.dll
    [2007/10/27 11:16:13 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXF3FXPU.DLL
    [2007/10/27 11:16:13 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\LXF3PMRC.DLL
    [2007/10/01 19:54:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
    [2007/10/01 19:53:36 | 000,000,419 | ---- | C] () -- C:\WINDOWS\brwmark.ini
    [2007/10/01 19:53:36 | 000,000,238 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
    [2007/10/01 19:53:36 | 000,000,092 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
    [2007/10/01 19:53:36 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
    [2007/10/01 19:53:01 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
    [2007/10/01 19:50:12 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
    [2007/09/24 08:58:10 | 000,006,144 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/08/16 17:22:51 | 000,000,412 | ---- | C] () -- C:\WINDOWS\lexstat.ini
    [2006/12/31 15:32:59 | 000,000,082 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
    [2006/12/31 15:31:16 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\lffpx7.dll
    [2006/12/31 15:31:16 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
    [2006/12/28 20:03:54 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
    [2006/12/28 20:03:25 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CS_setup.ini
    [2006/12/28 19:53:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI
    [2006/11/30 11:01:29 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\wklnhst.dat
    [2006/11/29 17:27:12 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
    [2006/11/29 17:10:33 | 000,000,006 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/09/11 02:01:59 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
    [2006/09/11 01:49:32 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2006/06/21 05:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2006/06/17 05:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2006/06/17 05:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
    [2006/06/16 22:31:45 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2004/01/14 12:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
    [2003/04/21 01:36:01 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
    [2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
    [2002/09/04 10:42:38 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
    [2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
    [1999/03/09 20:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
    [1998/01/13 08:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
    [1997/11/13 20:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
    [1994/07/24 20:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
    [1994/04/06 20:23:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini

    ========== LOP Check ==========

    [2007/08/16 17:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
    [2009/12/20 08:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
    [2007/12/06 22:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
    [2006/11/29 17:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
    [2007/10/01 19:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2007/12/06 21:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2006/09/11 01:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2006/11/29 17:12:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
    [2010/07/02 19:03:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\CheckPoint
    [2009/12/20 08:42:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\DeLorme
    [2010/05/09 14:37:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\GARMIN
    [2010/06/14 16:14:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Lexmark Productivity Studio
    [2009/10/31 15:02:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\MSNInstaller
    [2007/12/06 21:46:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\PCToolsFirewallPlus
    [2006/09/11 01:56:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\SampleView
    [2006/11/30 11:02:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Template
    [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
    [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
    [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job
    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/03/10 07:28:16 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2009/03/10 07:28:16 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2006/09/11 01:47:32 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
    [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2006/11/29 17:06:14 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2010/10/13 22:47:01 | 000,000,325 | RHS- | M] () -- C:\boot.ini
    [2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
    [2010/10/13 23:18:28 | 000,010,458 | ---- | M] () -- C:\ComboFix.txt
    [2006/06/17 05:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/10/13 22:57:55 | 2137,182,208 | -HS- | M] () -- C:\hiberfil.sys
    [2008/02/27 11:51:16 | 000,000,248 | ---- | M] () -- C:\INSTALL.LOG
    [2006/06/17 05:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/12/06 21:49:54 | 000,000,087 | ---- | M] () -- C:\lxdi.log
    [2006/06/17 05:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 15:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2009/02/14 12:31:09 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/10/13 22:57:54 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
    [2006/09/11 01:48:23 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
    [2006/09/11 01:56:14 | 000,000,186 | ---- | M] () -- C:\RaidApp.log
    [2007/02/27 10:02:05 | 000,458,694 | ---- | M] () -- C:\Topo6MM.log
    [2006/09/11 01:49:51 | 000,000,191 | ---- | M] () -- C:\touchpad.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/06/17 05:40:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2004/02/08 20:00:00 | 000,026,285 | ---- | M] (Brother Industries ,Ltd ) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\brmfpp1.dll
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2003/04/16 10:36:54 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBFPP5C.DLL
    [2007/03/15 23:08:11 | 000,113,664 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxdidrpp.dll
    [2003/01/16 19:37:14 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxprint2000.dll
    [2004/03/22 18:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
    [2001/11/20 14:37:28 | 000,047,616 | R--- | M] (Black Ice Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ppbiPr.dll
    [2008/07/06 06:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/06/16 22:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2006/06/16 22:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2006/06/16 22:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/02/14 12:39:46 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/05/17 08:05:29 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2006/06/17 05:46:25 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/10/11 22:21:18 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\avira_antivir_personal_en.exe
    [2010/10/13 22:35:49 | 003,878,092 | R--- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\ComboFix.exe
    [2009/12/24 12:31:12 | 002,685,028 | ---- | M] (XYStudio(www.xydownload.com) ) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\easycapture_setup.exe
    [2010/10/11 22:23:14 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbam-setup-1.46.exe
    [2010/10/13 22:34:38 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck(2).exe
    [2010/10/13 22:34:24 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\MBRCheck.exe
    [2010/10/11 22:24:29 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\mbzz3pgm.exe
    [2010/10/13 23:39:26 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\OTL.exe
    [2010/10/11 22:21:44 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\TFC.exe
    [2010/10/12 22:58:23 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop\vehc9mzl.exe
     
  15. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl-part 4

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2006/11/29 17:06:42 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/08/29 20:20:02 | 000,024,814 | ---- | M] () -- C:\Documents and Settings\All Users\lxdi
    [16 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/10/13 23:24:01 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Owner.YOUR-A0281B86C4\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >
    [2005/12/28 17:21:06 | 000,552,960 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2008/04/13 20:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 11:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 11:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 10:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2008/04/13 13:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2008/04/13 20:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
    [2004/08/04 11:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/04 11:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/04 11:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2008/11/09 22:20:35 | 000,009,216 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
    [2004/08/04 11:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 11:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

    < End of report >
     
  16. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl-extras -start

    OTL Extras logfile created on: 10/13/2010 11:43:41 PM - Run 1
    OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Owner.YOUR-A0281B86C4\Desktop
    Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.5730.13)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
    Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 142.20 Gb Total Space | 109.59 Gb Free Space | 77.07% Space Free | Partition Type: NTFS
    Drive D: | 6.83 Gb Total Space | 4.64 Gb Free Space | 67.96% Space Free | Partition Type: FAT32
    Drive E: | 49.22 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

    Computer Name: YOUR-A0281B86C4 | User Name: Owner | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- Reg Error: Key error.
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring" = 1

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\Lexmark 3500-4500 Series\app4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4R.exe:*:Enabled:Lexmark Imaging Studio -- ()
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AMERIC~1.0 -- File not found

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\WINDOWS\system32\lxdicoms.exe" = C:\WINDOWS\system32\lxdicoms.exe:*:Enabled:Lexmark Communications System -- ( )
    "C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe:*:Enabled:Lexmark Device Monitor -- (Lexmark)
    "C:\Program Files\Lexmark 3500-4500 Series\App4r.exe" = C:\Program Files\Lexmark 3500-4500 Series\App4r.exe:*:Enabled:Lexmark Imaging Studio -- ()
    "C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\scan\scanman6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
    "C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe" = C:\Program Files\Lexmark Fax Solutions\FaxCtr.exe:*:Enabled:Fax software -- ()
    "C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe" = C:\Program Files\Lexmark 3500-4500 Series\Wireless\lxdiwpss.exe:*:Enabled: -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdiwbgw.exe:*:Enabled:Lexmark Web Gateway -- ()
    "C:\Program Files\AOL\RC\regclient.exe" = C:\Program Files\AOL\RC\regclient.exe:*:Enabled:AOL -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\1236780990\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1236780990\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
    "C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe" = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe:*:Enabled:Device Monitor -- ()
    "C:\WINDOWS\system32\lxdicfg.exe" = C:\WINDOWS\system32\lxdicfg.exe:*:Enabled:printer Communication System -- ( )
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdipswx.exe:*:Enabled:printer Status Window Interface -- ()
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxditime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
    "C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdijswx.exe:*:Enabled:Job Status Window Interface -- ()
    "C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:vsmon -- (Check Point Software Technologies LTD)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
    "{0BA9CAC3-5131-4E59-B2AB-B765E876AAA2}" = Brother MFL-Pro Suite
    "{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
    "{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
    "{12B09031-A7E1-43B1-AC8C-A202B676B556}" = RemoteCapture 2.7.3
    "{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
    "{1DF502B6-3FAA-48CB-922F-1E0BFDEE5707}" = Earthmate Image Tagger
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
    "{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
    "{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
    "{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
    "{45DFE7E0-5B85-4E01-986E-6A48420B8FD0}" = DeLorme Topo USA 6.0 PN Merge Modules
    "{4677AAF8-8D7A-4EE2-BCE4-0068BB052353}" = ArcSoft Camera Suite
    "{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
    "{5A188269-989A-4D12-B38B-07850FE52AD2}" = DeLorme Street Atlas USA 2007
    "{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
    "{5BF2B19D-9C79-492A-8969-F059F06A627F}" = Print to Fax
    "{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
    "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
    "{6661C844-F72D-44ED-823A-24862F2D1650}" = Print Artist Craft & Party Maker
    "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
    "{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
    "{7995DBBB-EDE0-4C1A-99D7-5C36538B486B}" = DeLorme Street Atlas USA 2007 Service Pack 3
    "{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
    "{8C6BB412-D3A8-4AAE-A01B-35B681789D68}" = mHelp
    "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
    "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
    "{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
    "{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = File Viewer Utility 1.3
    "{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
    "{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
    "{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
    "{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
    "{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
    "{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
    "{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Camera Window
    "{A9273349-F9D0-4454-8054-8657156BBDAC}" = DeLorme Topo USA 6.0 DVD Data
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
    "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon Utilities ZoomBrowser EX
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
    "{D17111CB-C992-42A9-9D56-C19395102AAA}" = Garmin WebUpdater
    "{D9741853-B432-4F74-8241-DD0125C0692C}" = DeLorme Topo USA 6
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
    "{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
    "{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = PhotoStitch
    "{F3561AD8-BDB2-467F-BB03-69B3890BEC36}" = DeLorme Street Atlas USA 2010 Plus
    "{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
    "{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
    "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "AOL Regclient" = AOL Registration
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BigFix" = BigFix
    "Family Tree Maker" = Family Tree Maker 7.0
    "gtw_logo" = gtw_logo
    "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
    "ie7" = Windows Internet Explorer 7
    "InstallShield_{12B09031-A7E1-43B1-AC8C-A202B676B556}" = Canon Utilities RemoteCapture 2.7
    "InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
    "InstallShield_{97DED0D8-B530-4137-8AD0-F3978F6EFA8E}" = Canon Utilities File Viewer Utility 1.3
    "InstallShield_{A833A505-4D7A-41F5-9362-A2F8DFFE6E9B}" = Canon Camera Window for ZoomBrowser EX
    "InstallShield_{F11A403B-0DE9-4953-B790-7A2F014FBB2B}" = Canon Utilities PhotoStitch 3.1
    "Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
    "Lexmark Fax Solutions" = Lexmark Fax Solutions
    "Lexmark X6100 Series" = Lexmark X6100 Series
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Money2006b" = Microsoft Money 2006
    "Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "MSNINST" = MSN
    "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
    "PhotoRecord" = Canon PhotoRecord
    "PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
    "ProInst" = Intel(R) PROSet/Wireless Software
    "QuickTime" = QuickTime
    "RealPlayer 6.0" = RealPlayer Basic
    "SMSERIAL" = Motorola SM56 Data Fax Modem
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WGA" = Windows Genuine Advantage Validation Tool
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "Windows XP Service Pack" = Windows XP Service Pack 3
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "ZoneAlarm" = ZoneAlarm
    "ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
     
  17. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    otl-extras-part2

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/13/2010 2:53:44 AM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/13/2010 3:01:06 AM | Computer Name = YOUR-A0281B86C4 | Source = Ci | ID = 4126
    Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
    Index will be automatically restored by refiltering all documents.

    Error - 10/13/2010 3:03:26 AM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/13/2010 10:12:16 AM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/13/2010 10:14:05 AM | Computer Name = YOUR-A0281B86C4 | Source = Google Update | ID = 20
    Description =

    Error - 10/13/2010 10:19:37 AM | Computer Name = YOUR-A0281B86C4 | Source = Ci | ID = 4126
    Description = Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci.
    Index will be automatically restored by refiltering all documents.

    Error - 10/13/2010 12:03:36 PM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/13/2010 12:12:00 PM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: The server name or address could not be resolved

    Error - 10/13/2010 10:13:23 PM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    Error - 10/13/2010 10:58:25 PM | Computer Name = YOUR-A0281B86C4 | Source = crypt32 | ID = 131080
    Description = Failed auto update retrieval of third-party root list sequence number
    from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
    with error: This operation returned because the timeout period expired.

    [ System Events ]
    Error - 10/13/2010 12:03:39 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7000
    Description = The lxdiCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 10/13/2010 12:12:01 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
    service to connect.

    Error - 10/13/2010 12:12:01 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7000
    Description = The lxdiCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 10/13/2010 10:13:18 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
    service to connect.

    Error - 10/13/2010 10:13:18 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7000
    Description = The lxdiCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 10/13/2010 10:58:20 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7023
    Description = The HID Input Service service terminated with the following error:
    %%126

    Error - 10/13/2010 10:58:20 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the lxdiCATSCustConnectService
    service to connect.

    Error - 10/13/2010 10:58:20 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7000
    Description = The lxdiCATSCustConnectService service failed to start due to the
    following error: %%1053

    Error - 10/13/2010 10:59:34 PM | Computer Name = YOUR-A0281B86C4 | Source = System Error | ID = 1003
    Description = Error code 100000d1, parameter1 e47c0000, parameter2 0000001c, parameter3
    00000001, parameter4 9982d41d.

    Error - 10/13/2010 11:08:17 PM | Computer Name = YOUR-A0281B86C4 | Source = Service Control Manager | ID = 7016
    Description = The BrSplService service has reported an invalid current state 0.


    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O4 - HKCU..\Run: [Power2GoExpress] File not found
      O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk = C:\Program Files\BigFix\bigfix.exe (BigFix Inc.)
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...nt/swflash.cab (Reg Error: Key error.)
      O20 - Winlogon\Notify\WRNotifier: DllName - WRLogonNTF.dll - File not found
      [16 C:\Documents and Settings\All Users\*.tmp files -> C:\Documents and Settings\All Users\*.tmp -> ]
      [2006/09/11 01:54:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 1.job
      [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 2.job
      [2006/11/29 17:06:14 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\ISP signup reminder 3.job 
      @Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
      
      
      :Services
      
      :Reg
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
      "DisableMonitoring" =-
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  19. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    After updating JAVA and running JAVARA I had an alert but did not yet install the new udpdate.
    Also had alerts for ie8, but do not use ie and we were in process here...

    Logs below...


    Security Check
    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 3
    Internet Explorer 7 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    ZoneAlarm
    ZoneAlarm Spy Blocker
    Antivirus up to date!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 20
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 9.4.0
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    Zone Labs ZoneAlarm zlclient.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

    ``````````End of Log````````````




    ESETScan
    C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application
    C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application
    C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL a variant of Win32/Toolbar.MyWebSearch application
    Operating memory a variant of Win32/Toolbar.MyWebSearch application
     
  20. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Java is currently at Update 22, so please download and install the newest version.

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll 
      C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL 
      C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
     
  21. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    Could you help me understand what you have helped me to repair, what my infection(s) was(were), and the implications.
    Specifically, does what you found on my system relate to my odd email experience?
    If not, then what may account for it?
    If so, then what other vulnerabilities exist?
    I will complete these steps and get back to you.
    Thank you very much for your help.

    Getting ready to run OTL cleanup. Here are the logs to this point...

    ---fix---
    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll moved successfully.
    C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL moved successfully.
    C:\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    User: Owner.YOUR-A0281B86C4
    ->Temp folder emptied: 7226203 bytes
    ->Temporary Internet Files folder emptied: 17737393 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 30848689 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: OWNER~1~YOU

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 920 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 53.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    User: Owner.YOUR-A0281B86C4
    ->Flash cache emptied: 0 bytes

    User: OWNER~1~YOU

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.15.2 log created on 10142010_201359

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Temp\~DF57C9.tmp moved successfully.
    File\Folder C:\WINDOWS\temp\ZLT07537.TMP not found!

    Registry entries deleted on Reboot...



    ---reset system restore---

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->FireFox cache emptied: 0 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Owner

    User: Owner.YOUR-A0281B86C4
    ->Temp folder emptied: 312462 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3944812 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 456 bytes

    User: OWNER~1~YOU

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 920 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: LocalService

    User: NetworkService

    User: Owner

    User: Owner.YOUR-A0281B86C4
    ->Flash cache emptied: 0 bytes

    User: OWNER~1~YOU

    Total Flash Files Cleaned = 0.00 mb

    Restore points cleared and new OTL Restore Point set!

    OTL by OldTimer - Version 3.2.15.2 log created on 10142010_202012

    Files\Folders moved on Reboot...
    C:\Documents and Settings\Owner.YOUR-A0281B86C4\Local Settings\Temp\~DFD1A8.tmp moved successfully.
    File\Folder C:\WINDOWS\temp\ZLT0372c.TMP not found!

    Registry entries deleted on Reboot...
     
  22. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    Ran OTL Cleanup and deleted logs.
    Ran MS Updates for software (Win and Office)
    Uncertain about "Trojan" question. Please see my questions above.
    Installed
    • WOT
    • McAfee Site Advisor (recommended by B00kwyrm as an additional)
    • Dr. Web Link Checker (recommended by B00kwyrm as an additional)
    Have tools for weekly use.
    Will read Bleeping's article.

    The only symptom I had noticed that caused concern was that disconcerting email.
    If it is not malware related, I have yet to figure out how someone obtained these files.

    If I notice anything else, may I reopen this thread? Or should I start another?
    B00kwyrm has helped me to run your tools and follow your directions.
    If he hadn't been here, I wouldn't have been able to figure out where to start. (I have a love/hate relationship with my computer).
    But he is leaving in a couple days and so I will be on my own again.

    Again, I appreciate your help, and if you could address my questions, from the previous note, it would ease my mind and help me understand what further steps I should take.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're very welcome :)

    Your computer was NOT infected.
    We simply ran some maintenance on it, cleaned some garbage, updated it.
    So, from point of view, your computer is clean as a whistle.

    If you still have some other problems, you may want to start a new topic in appropriate forum.

    Good luck and stay safe.
     
  24. drhodsdon

    drhodsdon TS Rookie Topic Starter Posts: 18

    Thanks again! :wave:
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You're very welcome [​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...