TechSpot

Redirect when clicking on links. 8 steps completed

By pmalanos
Aug 3, 2010
  1. As the title says. I am having a problem with being redirected when I click on google search results ever since accidentally visiting a .com site instead of .org. I believe the issue has been resolved after having completed some things on my own and also completing the 8 steps. I would still appreciate any advice that can be gleaned from the logs I am attaching. I read all the advice stickies and am concerned that I should not use this computer for any sensitive information because of the risk of someone stealing my info. Is this legitimate still even after completing the steps and is the only way to be perfectly safe to reformat the entire computer? Thanks so much for your help!

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4382

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 6.0.2900.2180

    8/2/2010 6:22:38 PM
    mbam-log-2010-08-02 (18-22-38).txt

    Scan type: Quick scan
    Objects scanned: 129330
    Time elapsed: 7 minute(s), 55 second(s)

    Memory Processes Infected: 1
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 1
    Registry Data Items Infected: 2
    Folders Infected: 4
    Files Infected: 4

    Memory Processes Infected:
    C:\Documents and Settings\Peter Malanos\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

    Folders Infected:
    C:\Documents and Settings\Peter Malanos\Application Data\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D} (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content (Worm.Prolaco.M) -> Quarantined and deleted successfully.

    Files Infected:
    C:\Documents and Settings\Peter Malanos\Application Data\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome.manifest (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\install.rdf (Worm.Prolaco.M) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\extensions\{9CE11043-9A15-4207-A565-0C94C42D590D}\chrome\content\timer.xul (Worm.Prolaco.M) -> Quarantined and deleted successfully.
     

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    If you intend to reformat/reinstall, there is no point in going through the cleaning. IF, on the other hand, you just want to know if it's the best thing to do, I would have to say it will depend on what the malware is and how successful we are with the cleaning.

    Give me a bit to check the logs and I'll have a better idea. While I'm doing that, you can go ahead and run the following:

    Please download ComboFix from Here and save to your Desktop.

    • [1]. Do NOT rename Combofix unless instructed.
      [2].Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3].Close any open browsers.
      [4]. Double click combofix.exe & follow the prompts to run.
    • NOTE: Combofix will disconnect your machine from the Internet as soon as it starts. The connection is automatically restored before CF completes its run. If it does not, restart your computer to restore your connection.
      [5]. If Combofix asks you to install Recovery Console, please allow it.
      [6]. If Combofix asks you to update the program, always allow.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      [7]. A report will be generated after the scan. Please post the C:\ComboFix.txt in next reply.
    Note: Do not mouseclick combofix's window while it's running. That may cause it to stall.
    Note: Make sure you re-enable your security programs, when you're done with Combofix..
    Re-enable your Antivirus software.
    =====================================

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Re-enable your Antivirus software.
    10. A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.
     
  3. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    ComboFix 10-08-02.03 - Peter Malanos 08/03/2010 11:43:30.1.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2294.1752 [GMT -4:00]
    Running from: c:\documents and settings\Peter Malanos\Desktop\ComboFix.exe
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\a3kebook.ini
    c:\windows\akebook.ini
    c:\windows\ANS2000.INI
    c:\windows\system32\bszip.dll
    c:\windows\system32\pwdmon.dll

    .
    ((((((((((((((((((((((((( Files Created from 2010-07-03 to 2010-08-03 )))))))))))))))))))))))))))))))
    .

    2010-08-03 12:11 . 2010-08-03 12:11 503808 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2680374b-n\msvcp71.dll
    2010-08-03 12:11 . 2010-08-03 12:11 499712 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2680374b-n\jmc.dll
    2010-08-03 12:11 . 2010-08-03 12:11 348160 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-2680374b-n\msvcr71.dll
    2010-08-03 12:11 . 2010-08-03 12:11 61440 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b614ea6-n\decora-sse.dll
    2010-08-03 12:11 . 2010-08-03 12:11 12800 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-7b614ea6-n\decora-d3d.dll
    2010-08-03 12:11 . 2010-08-03 12:10 423656 ----a-w- c:\windows\system32\deployJava1.dll
    2010-08-02 22:35 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-02 22:35 . 2010-08-02 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
    2010-08-02 22:13 . 2010-08-02 22:13 -------- d-----w- c:\documents and settings\Peter Malanos\Application Data\Malwarebytes
    2010-08-02 22:12 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-08-02 22:12 . 2010-08-02 22:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-08-02 22:12 . 2010-08-02 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-08-02 22:12 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-07-16 12:03 . 2010-07-16 12:03 26641904 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\rp\RealPlayerSPGold.exe
    2010-07-16 12:03 . 2010-07-16 12:03 220272 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\gtb\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
    2010-07-16 12:03 . 2010-07-16 12:03 149000 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\chr_helper\LaunchHelper.exe
    2010-07-16 12:03 . 2010-07-16 12:03 13407072 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\chr\ChromeInstaller.exe
    2010-07-16 12:02 . 2010-07-16 12:02 79368 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\RUP\vista.exe
    2010-07-16 12:02 . 2010-07-16 12:02 73344 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi_v6.dll
    2010-07-16 12:02 . 2010-07-16 12:02 64000 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\RUP\inst_config\gcapi_dll.dll
    2010-07-16 12:02 . 2010-07-16 12:02 52288 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\RUP\inst_config\gtapi.dll
    2010-07-16 12:02 . 2010-07-16 12:02 122880 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\RUP\inst_config\compat.dll
    2010-07-15 20:19 . 2010-07-28 20:19 452104 ----a-w- c:\documents and settings\Peter Malanos\Application Data\Real\Update\setup3.12\setup.exe
    2010-07-15 20:15 . 2010-06-14 14:30 743936 ------w- c:\windows\system32\dllcache\helpsvc.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-03 15:35 . 2008-08-08 22:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-08-03 12:16 . 2006-01-01 22:42 -------- d-----w- c:\program files\Common Files\Adobe
    2010-08-03 12:11 . 2006-05-16 03:11 -------- d-----w- c:\program files\Common Files\Java
    2010-08-03 12:10 . 2006-05-16 03:12 -------- d-----w- c:\program files\Java
    2010-08-02 22:39 . 2006-12-20 17:11 -------- d-----w- c:\program files\Alwil Software
    2010-08-02 21:59 . 2009-12-17 16:30 -------- d-----w- c:\program files\All_To_PDF
    2010-06-28 20:57 . 2006-12-20 17:11 165032 ----a-w- c:\windows\system32\aswBoot.exe
    2010-06-28 20:37 . 2006-12-20 17:11 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-06-28 20:37 . 2008-06-23 01:57 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-06-28 20:33 . 2006-12-20 17:11 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-06-28 20:32 . 2006-12-20 17:11 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-06-28 20:32 . 2006-12-20 17:11 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-06-28 20:32 . 2008-06-23 01:57 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-06-28 20:32 . 2006-12-20 17:11 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2010-06-14 14:30 . 2004-08-09 21:24 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
    2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11606\AdobeARM.exe
    2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11606\AdobeExtractFiles.dll
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11606\ReaderUpdater.exe
    2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\11606\AcrobatUpdater.exe
    2008-04-23 12:19 . 2008-04-23 13:22 240427 ----a-w- c:\program files\YzShadow.zip
    2007-08-19 01:17 . 2007-08-19 01:17 1460 ----a-w- c:\program files\DivX Movies.lnk
    2005-12-01 02:56 . 2005-12-01 02:55 22 ----a-w- c:\program files\comdlg32.zip
    2005-12-01 02:50 . 2005-12-01 02:50 272208 ----a-w- c:\program files\sharepod.zip
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VirtualExpanderFile.1]
    @="{E4000AC4-5E5F-4956-807A-C5854405D64F}"
    [HKEY_CLASSES_ROOT\CLSID\{E4000AC4-5E5F-4956-807A-C5854405D64F}]
    2006-09-01 13:22 73728 ----a-w- c:\windows\system32\VirtualExpander\VEShellExt.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-12-11 446464]
    "Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2007-12-30 1365504]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-23 155648]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-23 126976]
    "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544]
    "UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-07-15 36864]
    "ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-12-11 446464]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
    "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
    "IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-12-16 90112]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-10-31 185896]
    "HostManager"="c:\program files\Common Files\AOL\1182363942\ee\AOLSoftware.exe" [2006-09-26 50736]
    "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 57344]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

    c:\documents and settings\Peter Malanos\Start Menu\Programs\Startup\
    VirtualExpander.lnk - c:\windows\system32\VirtualExpander\VirtualExpander.exe [2006-9-1 430080]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
    QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-10-26 811008]

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
    "c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
    "c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Common Files\\AOL\\acs\\AOLDial.exe"=
    "c:\\Program Files\\Common Files\\AOL\\acs\\AOLacsd.exe"=
    "c:\\Program Files\\Common Files\\AOL\\1182363942\\ee\\aolsoftware.exe"=
    "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
    "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
    "c:\\Program Files\\AOL 9.0\\waol.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2006\\QBDBMgrN.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/22/2008 9:57 PM 165456]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/22/2008 9:57 PM 17744]
    S0 tclondrv;tclondrv;c:\windows\system32\DRIVERS\tclondrv.sys --> c:\windows\system32\DRIVERS\tclondrv.sys [?]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/6/2009 4:49 PM 133104]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]

    2010-08-03 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-08 11:47]

    2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:48]

    2010-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-06 20:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.comcast.net/
    mStart Page = hxxp://www.comcast.net/
    mWindow Title = Windows Internet Explorer provided by Comcast
    uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
    FF - ProfilePath - c:\documents and settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.weather.com/weather/local/29401?lswe=29401&lwsa=WeatherLocalUndeclared&from=whatwhere|http://autopia.org/forum/index.php?
    FF - component: c:\documents and settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
    FF - plugin: c:\documents and settings\Peter Malanos\Application Data\Move Networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true.
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
    HKLM-Run-UC_SMB - (no file)
    HKLM-Run-Mouse Suite 98 Daemon - ICO.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-08-03 11:51
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2888)
    c:\windows\system32\VirtualExpander\VEShellExt.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\HPZipm12.exe
    c:\program files\Analog Devices\SoundMAX\SMAgent.exe
    c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\program files\iPod\bin\iPodService.exe
    .
    **************************************************************************
    .
    Completion time: 2010-08-03 11:56:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-08-03 15:56

    Pre-Run: 39,419,670,528 bytes free
    Post-Run: 39,442,317,312 bytes free

    WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Home Edition" /fastdetect

    - - End Of File - - 728D5CE02F9DF876C736129DB95B9346
     
  4. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=038a1bd4e531714cb03f2736e91128cd
    # end=finished
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2010-08-04 02:11:07
    # local_time=2010-08-03 10:11:07 (-0500, Eastern Daylight Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 2
    # compatibility_mode=768 16777215 100 0 10520 10520 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # scanned=73315
    # found=0
    # cleaned=0
    # scan_time=2201




    Thanks for your help!
     
  5. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    I know yall have plenty of people to help and I really appreciate you doing so, but is there any update on my situation? Thanks again!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Message from Bobbye:

    ========================================================================

    How is redirection issue?
     
  7. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    the redirection issue is solved. What I need to know now is whether it is safe to resume accessing things like my bank account online and also purchasing with credit card numbers and the like. Thanks for your help! I know you must be very busy.
     
  8. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Your computer was infected with all kind of trojans and we're not done with checking, yet, so...

    1. Using another healthy computer, change all your sensitive passwords, immediately. Phone call to your bank would be a good idea too.
    2. Do NOT use this computer for any sensitive operations, yet.

    ========================================================================

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    ================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    Thanks guys, sorry I was a away for a bit. Still want to get this figured out. I am also having some mouse troubles, it will not click or double clicks when it is unwanted. I don't know if this is related or not but thought I would mention it.

    OTL logfile created on: 8/18/2010 8:28:28 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Peter Malanos\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 372 744 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.07 Gb Total Space | 37.97 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PETER
    Current User Name: Peter Malanos
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/08/18 08:25:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\OTL.exe
    PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
    PRC - [2008/04/24 14:25:22 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
    PRC - [2007/12/30 06:23:34 | 001,365,504 | ---- | M] () -- C:\Program Files\Rainlendar2\Rainlendar2.exe
    PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2006/10/31 17:38:22 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    PRC - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
    PRC - [2006/09/25 20:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1182363942\ee\aolsoftware.exe
    PRC - [2005/10/26 04:09:52 | 000,811,008 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    PRC - [2005/03/31 14:32:22 | 000,430,080 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
    PRC - [2004/12/16 08:49:44 | 000,385,024 | ---- | M] () -- c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
    PRC - [2004/12/16 07:41:56 | 000,090,112 | ---- | M] (IBM Corp.) -- C:\IBMTOOLS\utils\ibmprc.exe
    PRC - [2004/12/11 01:03:00 | 000,446,464 | ---- | M] (IBM) -- C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
    PRC - [2004/07/27 17:48:04 | 001,388,544 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    PRC - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    PRC - [1998/09/04 03:09:08 | 000,119,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MDM.EXE


    ========== Modules (SafeList) ==========

    MOD - [2010/08/18 08:25:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\OTL.exe
    MOD - [2007/04/19 15:21:40 | 000,116,264 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprthook.dll
    MOD - [2006/09/01 09:22:54 | 000,073,728 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\VirtualExpander\VEShellExt.dll
    MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
    MOD - [2004/08/04 09:00:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2004/08/04 09:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\PsaSrv.exe -- (PsaSrv)
    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2008/04/24 14:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2004/12/16 08:49:44 | 000,385,024 | ---- | M] () [Auto | Running] -- c:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe -- (IBM Rapid Restore Ultra Service)
    SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\tclondrv.sys -- (tclondrv)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2006/12/26 08:54:35 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV - [2006/12/26 08:54:34 | 000,015,440 | ---- | M] (Elaborate Bytes AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV - [2005/11/02 13:54:04 | 000,013,184 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
    DRV - [2005/02/05 07:51:00 | 000,392,832 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
    DRV - [2005/02/01 21:00:42 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
    DRV - [2004/12/16 08:12:20 | 000,063,616 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
    DRV - [2004/12/06 21:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
    DRV - [2004/09/02 05:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
    DRV - [2004/09/02 05:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
    DRV - [2004/09/02 05:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
    DRV - [2004/09/02 05:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
    DRV - [2004/09/02 05:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
    DRV - [2004/09/02 05:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
    DRV - [2004/09/02 05:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
    DRV - [2004/09/02 05:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
    DRV - [2004/09/02 05:05:00 | 000,002,239 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
    DRV - [2004/08/17 07:21:00 | 000,087,168 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
    DRV - [2004/08/04 03:07:44 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
    DRV - [2004/08/04 03:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
    DRV - [2004/08/04 02:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2004/07/14 15:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
    DRV - [2004/07/14 15:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
    DRV - [2004/07/14 06:56:00 | 000,040,448 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
    DRV - [2004/02/25 06:22:00 | 000,212,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
    DRV - [2004/02/25 06:20:22 | 000,682,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2004/02/25 06:18:46 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
    DRV - [2003/01/10 17:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2002/09/20 14:53:34 | 000,235,100 | ---- | M] (Analog Devices Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MidiSyn.sys -- (MidiSyn)
    DRV - [2001/08/17 18:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
    DRV - [2001/08/17 18:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
    DRV - [2001/08/17 18:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
    DRV - [2001/08/17 18:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
    DRV - [2001/08/17 18:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
    DRV - [2001/08/17 17:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
    DRV - [2001/08/17 17:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
    DRV - [2001/08/17 17:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
    DRV - [2001/08/17 17:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
    DRV - [2001/08/17 17:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
    DRV - [2001/08/17 17:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
    DRV - [2001/08/17 17:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
    DRV - [2001/08/17 17:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
    DRV - [2001/08/17 17:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
    DRV - [2001/08/17 17:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)
    DRV - [2001/08/17 16:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM)
    DRV - [2001/08/17 14:53:32 | 000,003,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\qv2kux.sys -- (QV2KUX)
    DRV - [2001/08/17 13:58:00 | 000,019,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hidbatt.sys -- (HidBatt)
    DRV - [2000/06/01 00:29:54 | 000,007,012 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PMEMNT.SYS -- (PMEM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.weather.com/weather/local/29401?lswe=29401&lwsa=WeatherLocalUndeclared&from=whatwhere|http://autopia.org/forum/index.php?"
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20090123.1
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
    FF - prefs.js..extensions.enabledItems: {5F590AA2-1221-4113-A6F4-A4BB62414FAC}:0.44.18.20090408.3
    FF - prefs.js..extensions.enabledItems: yetanothersmoothscrolling@kataho:2.0.20
    FF - prefs.js..extensions.enabledItems: {7ef7f4d6-947d-11dc-8314-0800200c9a66}:3.0.1
    FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.0.4
    FF - prefs.js..extensions.enabledItems: redshift_V2@shift-themes.com:2.95


    FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2010/08/03 08:16:15 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2009/12/19 11:55:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/13 07:37:01 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/03 08:16:16 | 000,000,000 | ---D | M]

    [2009/04/28 09:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Extensions
    [2010/08/18 08:11:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions
    [2008/04/22 12:46:14 | 000,000,000 | ---D | M] (Simple Green) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{13b4437e-b706-11dc-8314-0800200c9a66}
    [2009/09/02 08:28:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2009/04/29 09:01:37 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
    [2009/04/29 09:01:36 | 000,000,000 | ---D | M] (SmoothWheel (mozdev.org)) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{5F590AA2-1221-4113-A6F4-A4BB62414FAC}
    [2010/08/03 11:31:41 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2009/04/28 09:43:36 | 000,000,000 | ---D | M] (Abstract Zune) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{7ef7f4d6-947d-11dc-8314-0800200c9a66}
    [2008/04/22 12:44:46 | 000,000,000 | ---D | M] (azureFox) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{800e72c4-0a2c-4bc5-a10a-1ee66dfd762a}
    [2009/04/28 09:43:11 | 000,000,000 | ---D | M] (PitchDark) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
    [2009/02/18 22:59:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents
     
  10. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    [2009/02/18 22:59:30 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2009/04/28 09:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\redshift_V2@shift-themes.com
    [2009/04/29 09:01:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Mozilla\Firefox\Profiles\jna38tb1.default\extensions\yetanothersmoothscrolling@kataho
    [2010/08/18 08:11:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/08/03 08:11:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2010/08/03 08:10:44 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2006/12/05 19:54:48 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2008/09/15 11:52:06 | 000,376,832 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

    O1 HOSTS File: ([2010/08/03 11:50:13 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CloneCDTray] C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
    O4 - HKLM..\Run: [ddoctorv2] C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1182363942\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
    O4 - HKLM..\Run: [IBMPRC] c:\IBMTOOLS\utils\ibmprc.exe (IBM Corp.)
    O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe (Analog Devices, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
    O4 - HKLM..\Run: [UpdateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
    O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
    O4 - HKCU..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe ()
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
    O4 - Startup: C:\Documents and Settings\Peter Malanos\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (Sony Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Java Plug-in 1.4.2)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.68.166 68.87.74.166
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Peter Malanos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Peter Malanos\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/11/27 02:35:23 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Irmon - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found

    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: VIDC.MP42 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: VIDC.MPG4 - C:\WINDOWS\System32\MPG4C32.DLL (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
    Unable to start service SrService!

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/08/18 08:25:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\OTL.exe
    [2010/08/10 15:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\My Documents\F
    [2010/08/10 15:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\My Documents\Recipes
    [2010/08/10 15:39:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\My Documents\quickbooks backups
    [2010/08/10 15:20:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\My Documents\Arcadia Construction LLC
    [2010/08/05 17:55:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\Desktop\trying to cover this gigantic pale back
    [2010/08/05 12:38:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
    [2010/08/03 21:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2010/08/03 11:42:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/08/03 11:39:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/08/03 08:11:57 | 027,386,256 | ---- | C] ( ) -- C:\Documents and Settings\Peter Malanos\Desktop\AdbeRdr930_en_US.exe
    [2010/08/03 08:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/08/02 18:35:44 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/08/02 18:35:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/08/02 18:13:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Malanos\Application Data\Malwarebytes
    [2010/08/02 18:12:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/08/02 18:12:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/08/02 18:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2010/08/02 18:12:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    [2010/08/02 18:08:17 | 006,153,376 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Malanos\Desktop\mbam-setup-1.46.exe
    [2010/08/02 17:47:49 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\TFC.exe
    [4 C:\Documents and Settings\Peter Malanos\My Documents\*.tmp files -> C:\Documents and Settings\Peter Malanos\My Documents\*.tmp -> ]

    ========== Files - Modified Within 90 Days ==========

    [2010/08/18 08:25:14 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\OTL.exe
    [2010/08/18 08:14:21 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
    [2010/08/18 08:14:00 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    [2010/08/18 08:02:22 | 000,067,404 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\My Documents\Lot 20 Charlestown.pdf
    [2010/08/16 08:53:36 | 000,059,682 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\My Documents\Kendall Awning Quote.pdf
    [2010/08/16 08:14:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/08/16 08:13:54 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    [2010/08/16 08:13:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/08/16 08:13:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/08/16 08:13:27 | 2406,010,880 | -HS- | M] () -- C:\hiberfil.sys
    [2010/08/16 08:12:13 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Peter Malanos\NTUSER.DAT
    [2010/08/16 08:12:13 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Peter Malanos\ntuser.ini
    [2010/08/13 23:34:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
    [2010/08/13 15:03:30 | 009,454,592 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\My Documents\Monarch 2010 Thermal TEst Results.xls
    [2010/08/13 15:03:30 | 009,454,592 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\Monarch 2010 Thermal TEst Results.xls
    [2010/08/12 08:16:03 | 000,094,598 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\20100811133627045.pdf
    [2010/08/11 19:14:42 | 000,001,824 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    [2010/08/10 20:10:05 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/08/10 16:06:40 | 000,019,456 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\My Documents\codes.doc
    [2010/08/10 15:58:24 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\Shortcut (2) to Rainlendar-Lite-2.3.lnk
    [2010/08/10 15:55:20 | 000,000,634 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\Shortcut to Rainlendar-Lite-2.3.lnk
    [2010/08/10 14:56:24 | 000,068,276 | ---- | M] () -- C:\WINDOWS\hpoins05.dat
    [2010/08/10 14:44:08 | 000,068,276 | ---- | M] () -- C:\WINDOWS\hpoins05.dat.temp
    [2010/08/09 12:33:14 | 062,435,312 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\drv_rub_w01_ENU_NB.exe
    [2010/08/03 21:30:28 | 002,672,312 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\esetsmartinstaller_enu.exe
    [2010/08/03 11:50:47 | 000,000,284 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/08/03 11:50:13 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/08/03 11:42:25 | 000,000,254 | RHS- | M] () -- C:\BOOT.INI
    [2010/08/03 11:27:09 | 000,372,191 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\20100802144157514.pdf
    [2010/08/03 08:16:16 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/03 08:12:19 | 027,386,256 | ---- | M] ( ) -- C:\Documents and Settings\Peter Malanos\Desktop\AdbeRdr930_en_US.exe
    [2010/08/02 21:42:40 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\n0tr6363.exe
    [2010/08/02 18:36:04 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/08/02 18:36:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/08/02 18:32:09 | 054,835,272 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Desktop\setup_av_free.exe
    [2010/08/02 18:12:55 | 000,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/08/02 18:09:01 | 006,153,376 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Peter Malanos\Desktop\mbam-setup-1.46.exe
    [2010/08/02 17:47:50 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Peter Malanos\Desktop\TFC.exe
    [2010/07/26 23:14:54 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Peter Malanos\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
    [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/23 03:03:27 | 000,501,604 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/06/23 03:03:27 | 000,441,454 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/06/23 03:03:27 | 000,071,264 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/06/10 03:28:33 | 000,154,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/10 03:12:01 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [4 C:\Documents and Settings\Peter Malanos\My Documents\*.tmp files -> C:\Documents and Settings\Peter Malanos\My Documents\*.tmp -> ]
     
  11. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    ========== Files Created - No Company Name ==========

    [2010/08/18 08:20:51 | 009,454,592 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\My Documents\Monarch 2010 Thermal TEst Results.xls
    [2010/08/18 08:20:29 | 000,067,404 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\My Documents\Lot 20 Charlestown.pdf
    [2010/08/16 08:53:34 | 000,059,682 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\My Documents\Kendall Awning Quote.pdf
    [2010/08/13 15:03:23 | 009,454,592 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\Monarch 2010 Thermal TEst Results.xls
    [2010/08/12 08:16:03 | 000,094,598 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\20100811133627045.pdf
    [2010/08/10 15:58:24 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\Shortcut (2) to Rainlendar-Lite-2.3.lnk
    [2010/08/10 15:55:20 | 000,000,634 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\Shortcut to Rainlendar-Lite-2.3.lnk
    [2010/08/10 14:38:38 | 000,068,276 | ---- | C] () -- C:\WINDOWS\hpoins05.dat.temp
    [2010/08/10 14:38:37 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat.temp
    [2010/08/09 12:32:09 | 062,435,312 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\drv_rub_w01_ENU_NB.exe
    [2010/08/03 21:30:19 | 002,672,312 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\esetsmartinstaller_enu.exe
    [2010/08/03 11:42:25 | 000,000,184 | ---- | C] () -- C:\Boot.bak
    [2010/08/03 11:42:22 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/08/03 11:27:08 | 000,372,191 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\20100802144157514.pdf
    [2010/08/03 08:16:16 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
    [2010/08/02 21:42:39 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\n0tr6363.exe
    [2010/08/02 18:36:04 | 000,001,711 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/08/02 18:31:07 | 054,835,272 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Desktop\setup_av_free.exe
    [2010/08/02 18:12:55 | 000,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/03/22 12:12:21 | 000,000,968 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Application Data\BBMS_EXCEPTION.txt
    [2009/12/17 12:30:43 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\Execute.dll
    [2009/12/17 12:30:42 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\utility3.dll
    [2009/02/04 13:09:03 | 000,001,139 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2008/04/23 09:22:05 | 000,240,427 | ---- | C] () -- C:\Program Files\YzShadow.zip
    [2007/09/08 11:50:24 | 000,000,041 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\.zreglib
    [2007/08/18 21:17:30 | 000,001,460 | ---- | C] () -- C:\Program Files\DivX Movies.lnk
    [2006/11/29 17:33:01 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
    [2006/10/31 17:41:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
    [2006/05/02 18:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
    [2006/04/04 11:59:36 | 000,013,824 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2006/02/02 18:57:27 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
    [2006/01/17 18:30:56 | 000,002,199 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
    [2005/11/30 22:55:27 | 000,000,022 | ---- | C] () -- C:\Program Files\comdlg32.zip
    [2005/11/30 22:50:54 | 000,272,208 | ---- | C] () -- C:\Program Files\sharepod.zip
    [2005/11/27 03:38:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2005/11/27 03:38:07 | 000,000,122 | ---- | C] () -- C:\WINDOWS\mdm.ini
    [2005/11/27 03:38:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
    [2005/11/27 02:35:16 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Peter Malanos\Local Settings\Application Data\fusioncache.dat
    [2005/11/14 20:57:41 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
    [2005/11/14 20:57:41 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
    [2005/11/14 20:57:41 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
    [2005/11/14 20:57:40 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
    [2005/11/14 20:57:40 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
    [2005/11/14 20:57:39 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
    [2005/11/02 14:30:26 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
    [2005/11/02 14:00:30 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2005/11/02 13:59:46 | 000,005,126 | ---- | C] () -- C:\WINDOWS\System32\Setup2k.ini
    [2005/11/02 13:59:46 | 000,000,296 | ---- | C] () -- C:\WINDOWS\System32\presetup.ini
    [2005/11/02 13:59:44 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\FSRremoC.DLL
    [2005/11/02 13:48:39 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
    [2005/02/01 21:00:46 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
    [2005/02/01 21:00:44 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
    [2004/12/16 07:41:58 | 000,019,853 | ---- | C] () -- C:\WINDOWS\ibmprc.ini
    [2004/11/08 21:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2004/08/09 17:34:32 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
    [2004/01/09 10:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
    [2003/04/10 19:04:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
    [1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

    ========== LOP Check ==========

    [2010/08/02 18:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2005/11/02 13:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ibm
    [2010/03/22 12:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Research In Motion
    [2010/02/11 13:41:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
    [2009/01/03 14:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2005/11/27 19:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
    [2009/03/21 07:17:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
    [2009/12/19 11:58:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2006/02/02 19:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\acccore
    [2007/02/18 00:27:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Flock
    [2005/11/02 13:49:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\IBM
    [2005/11/27 04:59:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\InterVideo
    [2006/11/09 20:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Opera
    [2010/03/22 12:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Research in Motion
    [2006/06/12 22:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Malanos\Application Data\Snapfish

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2005/12/07 16:42:23 | 000,010,920 | ---- | M] () -- C:\aolconnfix.exe
    [2005/12/07 16:42:23 | 000,001,039 | ---- | M] () -- C:\aolconnfix.txt
    [2005/11/27 02:35:23 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2005/11/27 02:34:54 | 000,000,184 | ---- | M] () -- C:\Boot.bak
    [2010/08/03 11:42:25 | 000,000,254 | RHS- | M] () -- C:\BOOT.INI
    [2005/11/14 20:59:06 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.PRV
    [2005/11/27 02:24:52 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT
    [2004/08/09 17:07:56 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS
    [2005/11/02 13:54:12 | 000,000,308 | ---- | M] () -- C:\ccrrec.ver
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/08/03 11:56:20 | 000,015,366 | ---- | M] () -- C:\ComboFix.txt
    [2005/11/27 02:35:23 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2005/11/02 13:48:40 | 000,000,035 | ---- | M] () -- C:\DLA.TAG
    [2005/11/14 20:57:24 | 000,001,831 | ---- | M] () -- C:\drivez.log
    [2010/03/31 16:38:01 | 000,000,640 | ---- | M] () -- C:\engine.log
    [2010/08/16 08:13:27 | 2406,010,880 | -HS- | M] () -- C:\hiberfil.sys
    [2005/11/27 02:35:23 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
    [2005/11/02 13:47:04 | 000,000,164 | ---- | M] () -- C:\LOGFILE.txt
    [2006/11/09 15:00:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/02/11 13:36:43 | 000,001,050 | ---- | M] () -- C:\net_save.dna
    [2004/08/04 09:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/04 09:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/08/16 08:13:24 | 390,070,272 | -HS- | M] () -- C:\pagefile.sys
    [2005/05/24 15:07:50 | 006,126,164 | ---- | M] () -- C:\R. Kelly - The R. In R&B Collection Vol. 1 - Bump N Grind.mp3
    [2007/11/14 17:57:19 | 000,000,625 | ---- | M] () -- C:\SharePod_iTunes_Import.xml
    [2005/11/14 20:53:58 | 000,000,736 | ---- | M] () -- C:\SYSLEVEL.IBM
    [2005/11/27 02:24:52 | 000,262,144 | ---- | M] () -- C:\TAILFILE.TXT
    [2005/11/02 14:30:18 | 000,000,044 | ---- | M] () -- C:\TCPACHIP.LOG
    [2008/08/21 19:26:50 | 000,000,028 | ---- | M] () -- C:\wizard.txt

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/09 17:17:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/09 17:17:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/09 17:17:00 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2007/03/08 11:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2004/08/04 09:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=2ED0B7F12A60F90092081C50FA0EC2B2 -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2004/08/04 09:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9BEACB911CA61E5881102188AB7FB431 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
    < End of report >
     
  12. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    OTL Extras logfile created on: 8/18/2010 8:28:28 AM - Run 1
    OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Peter Malanos\Desktop
    Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
    Paging file location(s): C:\pagefile.sys 372 744 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 71.07 Gb Total Space | 37.97 Gb Free Space | 53.43% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: PETER
    Current User Name: Peter Malanos
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0
    "DoNotAllowExceptions" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "1900:UDP" = 1900:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22007
    "2869:TCP" = 2869:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22008
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
    "10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
    "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
    "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\IBM\Updater\jre\bin\java.exe" = C:\Program Files\IBM\Updater\jre\bin\java.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\jre\bin\javaw.exe" = C:\Program Files\IBM\Updater\jre\bin\javaw.exe:*:Enabled:IBM Update Connector -- (IBM)
    "C:\Program Files\IBM\Updater\ucsmb.exe" = C:\Program Files\IBM\Updater\ucsmb.exe:*:Enabled:IBM Update Connector -- (IBM Corporation, Inc.)
    "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\1182363942\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1182363942\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (America Online, Inc.)
    "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
    "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
    "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.)
    "C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2006\QBDBMgrN.exe:*:Enabled:QuickBooks 2006 Data Manager -- (Intuit, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
     
  13. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{11783F13-C3A9-44A8-929B-21A476F65272}" = IBM Rescue and Recovery with Rapid Restore
    "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = IBM DLA
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
    "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
    "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{40A594D0-1490-4979-9382-D2B764F949C6}" = BlackBerry® Media Sync
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5469D537-9B44-4c78-BF2D-5F9807564F74}" = HP PSC & OfficeJet 4.7
    "{642C6F12-88B6-45A1-89A9-CB1BC791F48E}" = Hyland Web ActiveX Controls
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69B02159-7622-4DBB-B9EE-F933039830AD}" = QuickBooks Pro 2006
    "{6CE96A14-61E2-48CC-837E-22710A953ADE}" = IBM Themes
    "{7E20EFE6-E604-48C6-8B39-BA4742F2CDB4}" = Zune Desktop Theme
    "{86725988-9085-485C-B277-2D3D0C3D57E0}" = YP-F2J
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver
    "{8D815BF3-2399-459C-B121-49373FEFB9E8}" = IBM Update Connector
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
    "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = IBM RecordNow!
    "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
    "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
    "{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
    "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
    "{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
    "{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
    "{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
    "{F386C340-DF4B-4BBA-9503-420FB7EDB395}" = Wallpapers
    "{F413B3A4-EE5D-457C-BAE5-6E58D9589ED5}" = Access IBM Message Center
    "{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
    "Ad-Aware SE Personal" = Ad-Aware SE Personal
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "All To PDF" = All To PDF
    "AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
    "avast5" = avast! Free Antivirus
    "CloneCD" = CloneCD
    "CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200214F1" = Conexant SoftK56 Data Fax
    "ComcastHSI" = Comcast High-Speed Internet Install Wizard
    "ESET Online Scanner" = ESET Online Scanner v3
    "Flock" = Flock (Photobucket Edition) 0.7
    "FoxyTunesForFirefox" = FoxyTunes for Firefox
    "Google Chrome" = Google Chrome
    "Google Updater" = Google Updater
    "HP Photo & Imaging" = HP Image Zone 4.7
    "InstallShield_{19C989C4-50AE-43A4-B06E-8C70FFFF852F}" = PC-Doctor for Windows
    "InstallShield_{D43E1D3F-CC1F-4E41-80F5-9C1D28187DE9}" = iPod Updater 2004-08-06
    "InstallShield_{E922961C-6DB6-41DE-9FEA-426DF3E9F81C}" = IBM 32-bit Runtime Environment for Java 2, v1.4.2
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "MouseSuite98" = Mouse Suite
    "Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
    "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
    "Rainlendar2" = Rainlendar2 (remove only)
    "RealPlayer 6.0" = RealPlayer
    "Redirection Port Monitor" = RedMon - Redirection Port Monitor
    "ShockwaveFlash" = Adobe Flash Player 9 ActiveX
    "Snood 4_is1" = Snood 4
    "ST6UNST #1" = Envelope Printer Manager Pro - by: Vsisystems.com
    "StreetPlugin" = Learn2 Player (Uninstall Only)
    "ViewpointMediaPlayer" = Viewpoint Media Player
    "WIC" = Windows Imaging Component
    "Windows Media Format Runtime" = Windows Media Format 11 runtime
    "Windows Media Player" = Windows Media Player 11
    "WinRAR archiver" = WinRAR archiver
    "WMFDist11" = Windows Media Format 11 runtime
    "wmp11" = Windows Media Player 11
    "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
    "Yahoo! Companion" = Yahoo! Toolbar
    "Yahoo! Toolbar" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Move Media Player" = Move Media Player

    ========== Last 10 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 9/8/2007 11:19:28 AM | Computer Name = PETER | Source = avast! | ID = 33554522
    Description =

    Error - 9/8/2007 11:55:44 AM | Computer Name = PETER | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 8/6/2010 9:16:35 AM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 10:16:37 AM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 11:16:38 AM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 12:16:37 PM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 1:14:05 PM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 2:14:05 PM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/6/2010 3:14:05 PM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/9/2010 9:14:05 AM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/9/2010 10:14:05 AM | Computer Name = PETER | Source = Google Update | ID = 20
    Description =

    Error - 8/10/2010 7:34:28 PM | Computer Name = PETER | Source = Application Hang | ID = 1002
    Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module
    hungapp, version 0.0.0.0, hang address 0x00000000.

    [ System Events ]
    Error - 8/3/2010 8:10:14 AM | Computer Name = PETER | Source = Windows Update Agent | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Internet Explorer 8 for Windows XP.

    Error - 8/3/2010 11:41:20 AM | Computer Name = PETER | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/3/2010 11:43:00 AM | Computer Name = PETER | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/3/2010 11:45:31 AM | Computer Name = PETER | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/3/2010 11:46:13 AM | Computer Name = PETER | Source = Service Control Manager | ID = 7031
    Description = The Windows Media Player Network Sharing Service service terminated
    unexpectedly. It has done this 1 time(s). The following corrective action will
    be taken in 30000 milliseconds: Restart the service.

    Error - 8/4/2010 8:03:52 AM | Computer Name = PETER | Source = Disk | ID = 262155
    Description = The driver detected a controller error on \Device\Harddisk1\D.

    Error - 8/8/2010 9:47:20 PM | Computer Name = PETER | Source = Windows Update Agent | ID = 16
    Description = Unable to Connect: Windows is unable to connect to the automatic updates
    service and therefore cannot download and install updates according to the set
    schedule. Windows will continue to try to establish a connection.

    Error - 8/18/2010 8:00:43 AM | Computer Name = PETER | Source = Dhcp | ID = 1000
    Description = Your computer has lost the lease to its IP address 192.168.1.100 on
    the Network Card with network address 001125B81299.

    Error - 8/18/2010 8:28:55 AM | Computer Name = PETER | Source = SRService | ID = 104
    Description = The System Restore initialization process failed.

    Error - 8/18/2010 8:28:55 AM | Computer Name = PETER | Source = Service Control Manager | ID = 7023
    Description = The System Restore Service service terminated with the following error:
    %%2


    < End of report >
     
  14. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    The first post I made today got held up. It said a moderator would have to approve it. Let me know if I need to repost the beginning of the otl report. Thanks again.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    You did fine :)

    Step 1 - try another mouse :)

    =======================================================================

    We need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    =======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      [4 C:\Documents and Settings\Peter Malanos\My Documents\*.tmp files -> C:\Documents and Settings\Peter Malanos\My Documents\*.tmp -> ]
      [2005/11/27 19:54:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
      @Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Go to Kaspersky website and perform an online antivirus scan.

    • Disable your active antivirus program.
    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      • Spyware, Adware, Dialers, and other potentially dangerous programs
      • Archives
      • Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
     
  16. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    I AM working on these just don't have a lot of time. Please don't lock.
     
  17. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    Ran Javara and also otl with the fix.

    when computer restarted there was a notice. Spooler sub system app has encountered a problem and must close. Here is the log.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
    C:\Documents and Settings\Peter Malanos\My Documents\~WRL0670.tmp deleted successfully.
    C:\Documents and Settings\Peter Malanos\My Documents\~WRL2025.tmp deleted successfully.
    C:\Documents and Settings\Peter Malanos\My Documents\~WRL2784.tmp deleted successfully.
    C:\Documents and Settings\Peter Malanos\My Documents\~WRL3280.tmp deleted successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
    ADS C:\Documents and Settings\All Users\Application Data\TEMP:0B174FAE deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 65716 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Peter Malanos
    ->Temp folder emptied: 232880160 bytes
    ->Temporary Internet Files folder emptied: 1014708 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 74656854 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4515 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1537416 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 67404 bytes

    Total Files Cleaned = 296.00 mb


    [EMPTYFLASH]

    User: All Users
    ->Flash cache emptied: 0 bytes

    User: Default User
     
  18. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    Results of screen317's Security Check version 0.99.5
    Windows XP Service Pack 2
    Out of date service pack!!
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    ESET Online Scanner v3
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Ad-Aware
    Malwarebytes' Anti-Malware
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Java(TM) 6 Update 21
    IBM 32-bit Runtime Environment for Java 2, v1.4.2
    Adobe Flash Player 9 (Out of date Flash Player installed!)
    Adobe Flash Player 10.0.32.18
    Adobe Reader 9.3
    Mozilla Firefox (3.0.19) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Ad-Aware AAWService.exe is disabled!
    Ad-Aware AAWTray.exe is disabled!
    Peter Malanos Desktop SecurityCheck.exe
    Alwil Software Avast5 AvastSvc.exe
    ALWILS~1 Avast5 avastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    When Kaspersky comes up clean, we need to remember to install SP3.

    Update your Firefox.

    Go to Add\Remove and uninstall:
    - IBM 32-bit Runtime Environment for Java 2, v1.4.2
     
  20. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    I haven't run kaspersky yet. Just tried to and it says java is not enabled but as far as I can tell it is. What should I do. Also my print spooler isn't running as I mentioned so I can't print anything. Is this because of something we did?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Sometimes a combination of an infection and cleaning tools may corrupt some files.
    I suggest, you reinstall your printer.

    Instead of Kaspersky...

    Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • IMPORTANT! UN-check Remove found threats
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Push Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
     
  22. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    The eset scanner never gave me a list of found threats to select. It just said it was finished.
     
  23. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    That's normal, if nothing found :)

    OTL Clean-Up
    Clean up with OTL:

    * Double-click OTL.exe to start the program.
    * Close all other programs apart from OTL as this step will require a reboot
    * On the OTL main screen, press the CLEANUP button
    * Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point.

    Turn off System Restore:

    - Windows XP:
    1. Click Start.
    2. Right-click the My Computer icon, and then click Properties.
    3. Click the System Restore tab.
    4. Check "Turn off System Restore".
    5. Click Apply.
    6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
    7. Click OK.
    - Windows Vista and 7:
    1. Click Start.
    2. Right-click the Computer icon, and then click Properties.
    3. Click on System Protection under the Tasks column on the left side
    4. Click on Continue on the "User Account Control" window that pops up
    5. Under the System Protection tab, find Available Disks
    6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
    7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
    8. Click OK

    2. Restart computer.

    3. Turn System Restore on.

    4. Make sure, Windows Updates are current.

    5. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. Run defrag at your convenience.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
     
  24. pmalanos

    pmalanos TS Rookie Topic Starter Posts: 19

    Computer will not remove the java you recommended. It says "Error 1603 fatal error during installconsult windows installer help0 (msi.chn) for more information.
     
  25. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Leave Java alone then.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...