TechSpot

Search Engine Redirect

By ucwhatudid
Nov 14, 2010
  1. I have recently found my searches being redirected. I use Firefox 3.6.12 with Google as the default. Whenever I click a search result for the first time, I am redirected to some other lame search engine result page. If I go back and click the same search result again, it goes where it is supposed to go. Occasionally the redirected page will not let me return to the Google result page.

    I run AVG 8.5 which tells me all is fine. The log results requested in the 8-Step instructions are pasted below. Thanks in advance for the help.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5104

    Windows 5.0.2195 Service Pack 4
    Internet Explorer 6.0.2800.1106

    11/14/2010 1:20:22 PM
    mbam-log-2010-11-14 (13-20-22).txt

    Scan type: Quick scan
    Objects scanned: 115403
    Time elapsed: 21 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2010-11-14 15:45:17
    Windows 5.0.2195 Service Pack 4 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 FUJITSU_MHV2040AH rev.00000096
    Running: k4b7hlm4.exe; Driver: C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\agkyipob.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
    AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

    ---- EOF - GMER 1.0.15 ----

    DDS (Ver_10-11-10.01) - NTFSx86
    Run by Tom Burrows at 15:45:39.11 on Sun 11/14/2010
    Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_17
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.121 [GMT -6:00]


    ============== Running Processes ===============

    C:\WINNT\System32\SCardSvr.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\System32\S24EvMon.exe
    C:\WINNT\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINNT\system32\bgsvcgen.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\PROGRA~1\AVG\AVG8\avgam.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINNT\System32\RegSrvc.exe
    C:\WINNT\system32\regsvc.exe
    C:\WINNT\System32\RoamMgr.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
    C:\WINNT\system32\ZCfgSvc.exe
    C:\WINNT\system32\Ati2evxx.exe
    C:\WINNT\Explorer.EXE
    C:\WINNT\system32\MSTask.exe
    C:\WINNT\system32\stisvc.exe
    C:\WINNT\System32\WBEM\WinMgmt.exe
    C:\Program Files\Intel\Switching\User\RoamSvc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINNT\vsnpstd3.exe
    C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\WINNT\system32\ctfmon.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\FinePixViewer\QuickDCF2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Documents and Settings\Tom Burrows\Desktop\MalAdSpyVirTools\dds.scr

    ============== Pseudo HJT Report ===============

    uLocal Page =
    mLocal Page =
    uURLSearchHooks: H - No File
    mURLSearchHooks: H - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
    TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
    EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
    uRun: [ctfmon.exe] ctfmon.exe
    uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
    uRun: [Xsedadikujikapa] rundll32.exe "c:\winnt\wmf32408.dll",Startup
    mRun: [Synchronization Manager] mobsync.exe /logon
    mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
    mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
    mRun: [CreateCD50] "c:\program files\common files\adaptec shared\createcd\CreateCD50.exe" -r
    mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
    mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
    mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [snpstd3] c:\winnt\vsnpstd3.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Lholidohu] rundll32.exe "c:\winnt\ajonazob.dll",Startup
    dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
    StartupFolder: c:\docume~1\tombur~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ma003dmn.lnk - c:\program files\m-audio audiophile usb\dmn\ma003dmn.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    Trusted Zone: mercom.com \veri-scribe
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: Sebring - c:\winnt\system32\LgNotify.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\tombur~1\applic~1\mozilla\firefox\profiles\7bfanrhw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
    FF - HiddenExtension: XULRunner: {8186328A-3B9F-417C-AEBF-888717D18A4D} - c:\documents and settings\tom burrows\local settings\application data\{8186328A-3B9F-417C-AEBF-888717D18A4D}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2009-2-1 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-2-1 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2007-10-19 27784]
    R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-2-1 108552]
    R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [2002-12-17 363799]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 297752]
    R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-11-1 582992]
    R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [2002-11-22 48407]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [2005-4-21 92550]
    R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [2010-11-1 206608]
    R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-1-15 49776]
    R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [2007-10-9 2369664]
    S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [2008-1-10 3567]
    S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [2010-11-1 206608]

    =============== Created Last 30 ================

    2010-11-13 05:45:58 -------- d--h--w- c:\winnt\PIF
    2010-11-02 05:08:44 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
    2010-11-02 04:22:49 388096 ----a-r- c:\docume~1\tombur~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2010-10-29 15:08:47 28472 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\atgpcdec.dll
    2010-10-29 15:08:47 239496 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\atgpcext.dll
    2010-10-29 15:08:43 64392 ----a-w- c:\program files\mozilla firefox\plugins\npatgpc.dll

    ==================== Find3M ====================

    2010-09-26 16:46:30 145408 ----a-w- c:\winnt\system32\msconfig.exe
    2010-09-26 11:26:17 0 ----a-w- c:\winnt\Axabocovofa.bin

    ============= FINISH: 15:46:23.97 ===============

    DDS (Ver_10-11-10.01)

    Microsoft Windows 2000 Professional
    Boot Device: \Device\Harddisk1\Partition1
    Install Date:
    System Uptime: 11/14/2010 6:41:55 AM (9 hours ago)

    Motherboard: Dell Computer Corporation | |
    Processor: Intel(R) Pentium(R) M processor 1600MHz | Microprocessor | 1598/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 37 GiB total, 15.12 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    No restore point in system.

    ==== Installed Programs ======================

    23_24_2500Tour
    2400
    2400_2500Help
    2400_2500trb
    6300
    6300_Help
    6300Trb
    Ace CD Burner
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.2.3
    AiO_Scan
    AiO_Scan_CDA
    AiOSoftware
    AiOSoftwareNPI
    All4 CD Wav Ripple 1.2.4
    AnswerWorks 4.0 Runtime - English
    ATI Control Panel
    ATI Display Driver
    Audacity 1.2.6
    Audio Recording Studio v3.0
    Audiophile USB 1.5.4.15
    Avery Wizard 3.1
    AVG 8.5
    B57Inst
    BestOn Software
    BitTorrent
    Blaze Media Pro
    Broadcom Driver Installer
    BufferChm
    Citrix ICA Web Client
    Cogniview PDF2XL OCR Evaluation
    Compatibility Pack for the 2007 Office system
    Conexant D480 MDC V.92 Modem
    Copy
    CP_AtenaShokunin1Config
    CP_CalendarTemplates1
    cp_OnlineProjectsConfig
    CP_Package_Basic1
    CP_Package_Variety1
    CP_Package_Variety2
    CP_Package_Variety3
    CP_Panorama1Config
    cp_PosterPrintConfig
    CreativeProjects
    CreativeProjectsTemplates
    CueTour
    Dell ResourceCD
    DesignPro 5.4 Limited Edition
    Destinations
    DeviceFunctionQFolder
    DeviceManagementQFolder
    Digital Voice Recorder
    DocProc
    DocumentViewer
    DocumentViewerQFolder
    Easy CD Creator 5 Basic
    EasyZip
    eSupportQFolder
    Eusing Free Registry Cleaner
    Ezonics VGA camera
    Fax
    Fax_CDA
    FileZilla Client 3.3.1
    FinalBurner Free v2.3.0.135
    FinePix Studio
    FinePixViewer Resource
    FinePixViewer Ver.5.3
    FreeRIP v3.091
    FreeUndelete
    FUJIFILM USB Driver
    FullDPAppQFolder
    GIMP 2.4.2
    GoToMeeting/GoToWebinar 3.0.0.198
    HiJackThis
    HijackThis 2.0.2
    Hotfix for MDAC 2.80 (KB927779)
    Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
    HP Document Viewer 6.1
    HP Imaging Device Functions 6.1
    HP Photosmart Premier Software 6.1
    HP Product Assistant
    HP PSC & OfficeJet 4.2
    HP PSC & OfficeJet 6.1.A
    HP Software Update
    HP Solution Center and Imaging Support Tools 6.1
    HP Update
    HPProductAssistant
    HPSystemDiagnostics
    HTMLConverter
    ImageMixer VCD2 LE for FinePix
    InstantShare
    InstantShareDevices
    Intel(R) PROSet
    ItsDeductible Express
    Java(TM) 6 Update 16
    Java(TM) 6 Update 17
    Java(TM) 6 Update 3
    Java(TM) 6 Update 5
    Java(TM) 6 Update 7
    Kernel for Outlook Evaluation ver 7.05.01
    LADSPA_plugins-win-0.4.15
    LizardTech DjVu Control
    Malwarebytes' Anti-Malware
    Mathematica Player
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 1.1 Hotfix (KB947742)
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft IntelliPoint 5.2
    Microsoft Office Live Meeting 2005
    Microsoft Office Standard Edition 2003
    Microsoft Outlook Personal Folders Backup
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows Media Video 9 VCM
    Mozilla Firefox (3.6.12)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 6 Service Pack 2 (KB954459)
    NewCopy_CDA
    OpenOffice.org 3.1
    Overland
    PanoStandAlone
    Photo Explosion SE
    PhotoGallery
    Picasa 2
    PrintScreen
    ProductContext
    ProductContextNPI
    QuickProjects
    QuickTime
    RandMap
    Readme
    Scan
    ScannerCopy
    Security Update for DirectX 9 (KB941568)
    Security Update for DirectX 9 (KB951698)
    Security Update for DirectX 9.0 (KB971633)
    Security Update for Windows 2000 (KB904706)
    Security Update for Windows 2000 (KB923689)
    Security Update for Windows 2000 (KB941569)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows Media Player 6.4 (KB954600)
    Security Update for Windows Media Player 9 (KB936782)
    Security Update for Windows Media Player 9 (KB973540)
    Shipping Assistant 3.4
    SigmaTel AC97 Audio Drivers
    SkinsHP1
    Skype web features
    Skype™ 4.2
    Smart Defrag 1.20
    SolutionCenter
    Sonic_PrimoSDK
    Status
    Toolbox
    TotalImageConverter
    TrayApp
    Trend Micro RUBotted
    TurboTax Deluxe 2003
    TurboTax Deluxe 2004
    TurboTax Home & Business 2006
    TurboTax Home & Business 2007
    TurboTax ItsDeductible 2005
    TurboTax ItsDeductible 2006
    TurboTax Premier 2005
    Unload
    Update Rollup 1 for Windows 2000 SP4
    Veri-Scribe II
    Veri-Scribe II Public Player
    WebEx
    WebFldrs
    WebReg
    WebTable 1.9.47
    WexTech AnswerWorks
    Windows 2000 Hotfix - KB833407
    Windows 2000 Hotfix - KB842773
    Windows 2000 Hotfix - KB893756
    Windows 2000 Hotfix - KB896358
    Windows 2000 Hotfix - KB896422
    Windows 2000 Hotfix - KB896423
    Windows 2000 Hotfix - KB899587
    Windows 2000 Hotfix - KB899589
    Windows 2000 Hotfix - KB900725
    Windows 2000 Hotfix - KB901017
    Windows 2000 Hotfix - KB901214
    Windows 2000 Hotfix - KB905414
    Windows 2000 Hotfix - KB905495
    Windows 2000 Hotfix - KB905749
    Windows 2000 Hotfix - KB908519
    Windows 2000 Hotfix - KB908531
    Windows 2000 Hotfix - KB911280
    Windows 2000 Hotfix - KB913580
    Windows 2000 Hotfix - KB914388
    Windows 2000 Hotfix - KB914389
    Windows 2000 Hotfix - KB917008
    Windows 2000 Hotfix - KB917953
    Windows 2000 Hotfix - KB918118
    Windows 2000 Hotfix - KB920213
    Windows 2000 Hotfix - KB920670
    Windows 2000 Hotfix - KB920683
    Windows 2000 Hotfix - KB920685
    Windows 2000 Hotfix - KB921398
    Windows 2000 Hotfix - KB921503
    Windows 2000 Hotfix - KB922582
    Windows 2000 Hotfix - KB923191
    Windows 2000 Hotfix - KB923414
    Windows 2000 Hotfix - KB923561
    Windows 2000 Hotfix - KB923810
    Windows 2000 Hotfix - KB923980
    Windows 2000 Hotfix - KB924270
    Windows 2000 Hotfix - KB924667
    Windows 2000 Hotfix - KB925902
    Windows 2000 Hotfix - KB926122
    Windows 2000 Hotfix - KB926436
    Windows 2000 Hotfix - KB927891
    Windows 2000 Hotfix - KB928843
    Windows 2000 Hotfix - KB930178
    Windows 2000 Hotfix - KB931784
    Windows 2000 Hotfix - KB933729
    Windows 2000 Hotfix - KB935839
    Windows 2000 Hotfix - KB935840
    Windows 2000 Hotfix - KB936021
    Windows 2000 Hotfix - KB937894
    Windows 2000 Hotfix - KB938127
    Windows 2000 Hotfix - KB938464
    Windows 2000 Hotfix - KB938827
    Windows 2000 Hotfix - KB938829
    Windows 2000 Hotfix - KB939653
    Windows 2000 Hotfix - KB941202
    Windows 2000 Hotfix - KB941644
    Windows 2000 Hotfix - KB943055
    Windows 2000 Hotfix - KB943485
    Windows 2000 Hotfix - KB944338
    Windows 2000 Hotfix - KB944533
    Windows 2000 Hotfix - KB945553
    Windows 2000 Hotfix - KB948590
    Windows 2000 Hotfix - KB950749
    Windows 2000 Hotfix - KB950974
    Windows 2000 Hotfix - KB951066
    Windows 2000 Hotfix - KB951748
    Windows 2000 Hotfix - KB952004
    Windows 2000 Hotfix - KB952954
    Windows 2000 Hotfix - KB954211
    Windows 2000 Hotfix - KB955069
    Windows 2000 Hotfix - KB956390
    Windows 2000 Hotfix - KB956391
    Windows 2000 Hotfix - KB956802
    Windows 2000 Hotfix - KB957095
    Windows 2000 Hotfix - KB957097
    Windows 2000 Hotfix - KB958470
    Windows 2000 Hotfix - KB958644
    Windows 2000 Hotfix - KB958687
    Windows 2000 Hotfix - KB959426
    Windows 2000 Hotfix - KB960225
    Windows 2000 Hotfix - KB960803
    Windows 2000 Hotfix - KB960859
    Windows 2000 Hotfix - KB961371
    Windows 2000 Hotfix - KB961371-V2
    Windows 2000 Hotfix - KB961501
    Windows 2000 Hotfix - KB967715
    Windows 2000 Hotfix - KB968537
    Windows 2000 Hotfix - KB970238
    Windows 2000 Hotfix - KB971557
    Windows 2000 Hotfix - KB972260
    Windows 2000 Hotfix - KB973346
    Windows 2000 Hotfix - KB973354
    Windows 2000 Hotfix - KB973507
    Windows 2000 Hotfix - KB973869
    Windows 2000 Service Pack 4
    Windows Installer 3.1 (KB893803)
    Windows Media Player Hotfix [See Q828026 for more information]
    Windows Media Player system update (9 Series)
    WinRAR archiver
    WinZip 11.1
    XML Converter Standard Edition

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    ======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  3. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    I was uncertain whether you wanted me to run all the steps before posting the txt of the first step, so I'm taking this a step at a time. Below is the result requested. Should I continue with each of the next steps? Thanks in advance.

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 2000 Professional
    Windows Information: Service Pack 4 (build 2195)
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 126):
    0x80400000 \WINNT\System32\ntoskrnl.exe
    0x80062000 \WINNT\System32\hal.dll
    0xEB810000 \WINNT\System32\BOOTVID.dll
    0xBFFD8000 ACPI.sys
    0xEB9C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
    0xEB400000 pci.sys
    0xEB410000 isapnp.sys
    0xEB814000 compbatt.sys
    0xEB900000 \WINNT\System32\DRIVERS\BATTC.SYS
    0xEB9C9000 pciide.sys
    0xEB680000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
    0xBFFBD000 pcmcia.sys
    0xBFFA0000 ftdisk.sys
    0xEB902000 Diskperf.sys
    0xBFF7E000 dmio.sys
    0xEB818000 PartMgr.sys
    0xEB688000 MountMgr.sys
    0xBFF68000 atapi.sys
    0xEB690000 sparrow.sys
    0xBFF55000 \WINNT\System32\DRIVERS\SCSIPORT.SYS
    0xEB698000 disk.sys
    0xEB420000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
    0xBFF33000 fltmgr.sys
    0xEB430000 PxHelp20.sys
    0xBFF21000 KSecDD.sys
    0xBFEA3000 Ntfs.sys
    0xBFE79000 NDIS.sys
    0xBFE63000 Mup.sys
    0xEB904000 avgrkx86.sys
    0xEB6A0000 agp440.sys
    0xEB87C000 \SystemRoot\System32\DRIVERS\CmBatt.sys
    0xEB450000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
    0xBFCCC000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
    0xEB6D0000 \SystemRoot\System32\DRIVERS\USBD.SYS
    0xEB6B8000 \SystemRoot\System32\DRIVERS\uhcd.sys
    0xBFCAA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
    0xEB6E0000 \SystemRoot\System32\DRIVERS\usbehci.sys
    0xBFC91000 \SystemRoot\System32\DRIVERS\b57w2k.sys
    0xEB888000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
    0xBFC7A000 \SystemRoot\system32\DRIVERS\ozscr.sys
    0xBFA37000 \SystemRoot\System32\DRIVERS\w70n5.sys
    0xEB460000 \SystemRoot\System32\DRIVERS\i8042prt.sys
    0xEB6F8000 \SystemRoot\system32\DRIVERS\point32.sys
    0xEB708000 \SystemRoot\System32\DRIVERS\mouclass.sys
    0xEB718000 \SystemRoot\System32\DRIVERS\kbdclass.sys
    0xEB470000 \SystemRoot\System32\DRIVERS\serial.sys
    0xEB898000 \SystemRoot\System32\DRIVERS\serenum.sys
    0xEB730000 \SystemRoot\System32\DRIVERS\parport.sys
    0xEB9EB000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
    0xEB740000 \SystemRoot\System32\DRIVERS\cdrom.sys
    0xBFA17000 \SystemRoot\System32\DRIVERS\ks.sys
    0xEB480000 \SystemRoot\System32\DRIVERS\redbook.sys
    0xEB9F0000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
    0xBF9F8000 \SystemRoot\System32\Drivers\pwd_2k.SYS
    0xBF97B000 \SystemRoot\system32\drivers\portcls.sys
    0xBF9A0000 \SystemRoot\system32\drivers\STAC97.sys
    0xBF948000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
    0xBF84B000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
    0xBF79E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
    0xEB778000 \SystemRoot\System32\Drivers\Modem.SYS
    0xEB490000 \SystemRoot\System32\DRIVERS\mipmn2k.sys
    0xEB9FA000 \SystemRoot\System32\DRIVERS\audstub.sys
    0xEB4A0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
    0xEB8B4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
    0xBF787000 \SystemRoot\System32\DRIVERS\ndiswan.sys
    0xEB8C0000 \SystemRoot\System32\DRIVERS\TDI.SYS
    0xEB4B0000 \SystemRoot\System32\DRIVERS\raspptp.sys
    0xEB798000 \SystemRoot\System32\DRIVERS\ptilink.sys
    0xEB7A8000 \SystemRoot\System32\DRIVERS\raspti.sys
    0xEB4C0000 \SystemRoot\System32\DRIVERS\parallel.sys
    0xEBA04000 \SystemRoot\System32\DRIVERS\swenum.sys
    0xBF75C000 \SystemRoot\System32\DRIVERS\update.sys
    0xEB7C0000 \SystemRoot\System32\DRIVERS\omci.sys
    0xBF72B000 \SystemRoot\system32\DRIVERS\TMPassthru.sys
    0xEB4F0000 \SystemRoot\System32\DRIVERS\usbhub.sys
    0xEB500000 \SystemRoot\System32\DRIVERS\usbhub20.sys
    0xEB7E0000 \SystemRoot\System32\Drivers\mmc_2K.SYS
    0xEB7F8000 \SystemRoot\System32\Drivers\EFS.SYS
    0xEB520000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0xEB912000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
    0xEB9E6000 \SystemRoot\System32\Drivers\Null.SYS
    0xEB9E8000 \SystemRoot\System32\Drivers\Beep.SYS
    0xEB8F4000 \SystemRoot\System32\drivers\vga.sys
    0xEB9EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
    0xBD666000 \SystemRoot\System32\Drivers\cdudf.SYS
    0xEB6E8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0xEB530000 \SystemRoot\System32\Drivers\Npfs.SYS
    0xBD61F000 \SystemRoot\System32\Drivers\UdfReadr.SYS
    0xEB91A000 \SystemRoot\System32\DRIVERS\rasacd.sys
    0xBD5BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
    0xEB540000 \SystemRoot\System32\DRIVERS\msgpc.sys
    0xEB728000 \SystemRoot\System32\DRIVERS\wanarp.sys
    0xBD4DD000 \SystemRoot\System32\Drivers\avgtdix.sys
    0xBD4B2000 \SystemRoot\System32\DRIVERS\netbt.sys
    0xEB550000 \SystemRoot\System32\DRIVERS\netbios.sys
    0xBD488000 \SystemRoot\System32\DRIVERS\rdbss.sys
    0xBD410000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
    0xEB750000 \SystemRoot\System32\Drivers\avgmfx86.sys
    0xBD3BF000 \SystemRoot\System32\Drivers\avgldx86.sys
    0xEBA1F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
    0xBD3A9000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0xA0000000 \??\C:\WINNT\system32\win32k.sys
    0xBD33F000 \SystemRoot\System32\ati2dvag.dll
    0xBD305000 \SystemRoot\System32\ati2cqag.dll
    0xBD2CF000 \SystemRoot\System32\atikvmag.dll
    0xBB068000 \SystemRoot\System32\ati3duag.dll
    0xBAF5D000 \SystemRoot\System32\ativvaxx.dll
    0xBAF49000 \SystemRoot\System32\DRIVERS\s24trans.sys
    0xBADFF000 \SystemRoot\System32\drivers\afd.sys
    0xBAD25000 \SystemRoot\system32\drivers\wdmaud.sys
    0xBAF15000 \SystemRoot\system32\drivers\sysaudio.sys
    0xEB7A0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
    0xEB780000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
    0xEB95A000 \SystemRoot\System32\Drivers\ParVdm.SYS
    0xBADDF000 \SystemRoot\System32\Drivers\Fips.SYS
    0xBABAD000 \SystemRoot\System32\DRIVERS\srv.sys
    0xBAD09000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
    0xBA55B000 \SystemRoot\System32\DRIVERS\ipsec.sys
    0xBA34B000 \SystemRoot\System32\Drivers\Cdfs.SYS
    0xB9D6B000 \??\C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\agkyipob.sys
    0xEB6A8000 \??\C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\mbr.sys
    0xB9D48000 \SystemRoot\System32\Drivers\Fastfat.SYS
    0xB9CDB000 \SystemRoot\System32\ATMFD.DLL
    0xEB6B0000 \SystemRoot\System32\DRIVERS\asyncmac.sys
    0xB9CB6000 \SystemRoot\system32\drivers\kmixer.sys
    0x77F80000 \WINNT\system32\NTDLL.DLL

    Processes (total 52):
    0 System Idle Process
    8 System
    184 \SystemRoot\System32\smss.exe
    212 CSRSS.EXE
    236 \??\C:\WINNT\system32\winlogon.exe
    264 C:\WINNT\system32\services.exe
    276 C:\WINNT\system32\lsass.exe
    404 C:\WINNT\System32\SCardSvr.exe
    432 C:\WINNT\system32\Ati2evxx.exe
    468 C:\WINNT\System32\S24EvMon.exe
    540 C:\WINNT\system32\svchost.exe
    568 C:\WINNT\system32\spoolsv.exe
    608 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    628 C:\WINNT\system32\bgsvcgen.exe
    656 C:\WINNT\System32\svchost.exe
    680 C:\Program Files\Java\jre6\bin\jqs.exe
    716 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    828 C:\PROGRA~1\AVG\AVG8\avgam.exe
    840 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    892 C:\WINNT\System32\RegSrvc.exe
    920 C:\WINNT\system32\regsvc.exe
    932 C:\WINNT\System32\RoamMgr.exe
    996 C:\Program Files\AVG\AVG8\avgrsx.exe
    1096 C:\WINNT\system32\ZCfgSvc.exe
    1180 C:\WINNT\system32\Ati2evxx.exe
    1260 C:\WINNT\Explorer.EXE
    1172 C:\WINNT\system32\MSTask.exe
    1344 C:\WINNT\system32\stisvc.exe
    1392 C:\WINNT\System32\WBEM\WinMgmt.exe
    1408 C:\WINNT\system32\svchost.exe
    1448 C:\Program Files\Intel\Switching\User\RoamSvc.exe
    1656 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    1688 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    1720 C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    1676 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    1708 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    1732 C:\PROGRA~1\AVG\AVG8\avgtray.exe
    1744 C:\Program Files\Microsoft IntelliPoint\point32.exe
    1788 C:\Program Files\Java\jre6\bin\jusched.exe
    1704 C:\WINNT\vsnpstd3.exe
    1860 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    1880 C:\WINNT\system32\ctfmon.exe
    1944 C:\WINNT\system32\svchost.exe
    2056 C:\Program Files\FinePixViewer\QuickDCF2.exe
    2076 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    2116 C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
    876 c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    2256 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    2212 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    1648 C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe
    2372 C:\Program Files\Mozilla Firefox\firefox.exe
    2216 C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe

    WARNING: Unsupported Windows version! Results may not be accurate!
    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

    PhysicalDrive0 Model Number: FUJITSUMHV2040AH, Rev: 00000096

    Size Device Name MBR Status
    --------------------------------------------
    37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
    SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


    Done!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    That looks good :)
    Go on....
     
  5. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    ComboFix 10-11-14.01 - Tom Burrows 11/15/2010 0:12.2.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.95 [GMT -6:00]
    Running from: c:\documents and settings\Tom Burrows\Desktop\ComboFix.exe
    .
    /wow section - STAGE 10


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\documents and settings\Tom Burrows\g2mdlhlpx.exe
    c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}
    c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome.manifest
    c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome\content\_cfg.js
    c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome\content\overlay.xul
    c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\install.rdf
    c:\winnt\system32\Memman.vxd
    c:\winnt\system32\msconfig.exe
    c:\winnt\system32\skinboxer43.dll
    c:\winnt\Web\default.htt

    .
    ((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
    .

    2010-11-13 05:45 . 2010-11-13 05:45 -------- d--h--w- c:\winnt\PIF
    2010-11-02 05:08 . 2008-03-02 08:28 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
    2010-11-02 04:22 . 2010-11-02 04:22 388096 ----a-r- c:\documents and settings\Tom Burrows\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-29 15:08 . 2010-10-29 15:08 28472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcdec.dll
    2010-10-29 15:08 . 2010-10-29 15:08 239496 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcext.dll
    2010-10-29 15:08 . 2010-10-29 15:08 64392 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 15:09 . 2010-10-29 15:09 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    .

    ------- Sigcheck -------

    [-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

    [-] 2004-07-09 10:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-15_05.44.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-15 05:57 . 2010-11-15 05:57 16384 c:\winnt\system32\Perflib_Perfdata_5f4.dat
    + 2010-11-15 05:58 . 2010-11-15 05:58 16384 c:\winnt\system32\Perflib_Perfdata_580.dat
    + 2010-11-15 05:54 . 2010-11-15 05:54 16384 c:\winnt\system32\Perflib_Perfdata_2a4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
    "Xsedadikujikapa"="c:\winnt\wmf32408.dll" [BU]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
    "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
    "CreateCD50"="c:\program files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [2002-12-17 131157]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-25 98304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "snpstd3"="c:\winnt\vsnpstd3.exe" [2005-09-05 339968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
    "Lholidohu"="c:\winnt\ajonazob.dll" [BU]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    c:\documents and settings\Tom Burrows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-7 303104]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
    MA003DMN.LNK - c:\program files\M-Audio Audiophile USB\Dmn\ma003dmn.exe [2007-12-6 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-07-30 13:40 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2003-02-03 16:59 110592 ----a-w- c:\winnt\system32\LgNotify.dll

    R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2/1/2009 9:33 PM 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2/1/2009 9:33 PM 335240]
    R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2/1/2009 9:33 PM 108552]
    R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [12/17/2002 12:29 PM 363799]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 9:32 PM 297752]
    R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [11/1/2010 11:08 PM 582992]
    R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [11/22/2002 1:09 PM 48407]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [4/21/2005 8:58 PM 92550]
    R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]
    R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
    R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [10/9/2007 5:45 PM 2369664]
    S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [1/10/2008 10:18 AM 3567]
    S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IPNAT
    *NewlyCreated* - RASAUTO
    *NewlyCreated* - SHAREDACCESS
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page =
    mLocal Page =
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: %SystemRoot%\system32\msafd.dll
    Trusted Zone: mercom.com \veri-scribe
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-15 00:31
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(236)
    c:\winnt\system32\Ati2evxx.dll
    c:\winnt\System32\LgNotify.dll
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL

    - - - - - - - > 'explorer.exe'(1748)
    c:\winnt\AppPatch\AcLayers.DLL
    c:\winnt\system32\SHDOCVW.DLL
    c:\winnt\system32\gdiplus.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    Completion time: 2010-11-15 00:36:47
    ComboFix-quarantined-files.txt 2010-11-15 06:36
    ComboFix2.txt 2010-11-15 05:47

    Pre-Run: 16,064,946,176 bytes free
    Post-Run: 16,049,274,880 bytes free

    - - End Of File - - 8E93A6EFB3053D22230779077705DF8C
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    File::
    c:\winnt\wmf32408.dll
    c:\winnt\ajonazob.dll
    
    
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xsedadikujikapa"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Lholidohu"=-
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  7. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    I did as you instructed. However, when ComboFix ran, I was prompted that a newer version was available and do I want to update? I selected yes as prior instructions said always do so. Was I correct to do that?

    ComboFix 10-11-14.04 - Tom Burrows 11/15/2010 10:33:28.3.1 - x86
    Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.116 [GMT -6:00]
    Running from: c:\documents and settings\Tom Burrows\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Tom Burrows\Desktop\CFScript.txt

    FILE ::
    "c:\winnt\ajonazob.dll"
    "c:\winnt\wmf32408.dll"
    .
    /wow section - STAGE 10


    ((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
    .

    2010-11-13 05:45 . 2010-11-13 05:45 -------- d--h--w- c:\winnt\PIF
    2010-11-02 05:08 . 2008-03-02 08:28 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
    2010-11-02 04:22 . 2010-11-02 04:22 388096 ----a-r- c:\documents and settings\Tom Burrows\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-10-29 15:08 . 2010-10-29 15:08 28472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcdec.dll
    2010-10-29 15:08 . 2010-10-29 15:08 239496 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcext.dll
    2010-10-29 15:08 . 2010-10-29 15:08 64392 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-29 15:09 . 2010-10-29 15:09 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
    .

    ------- Sigcheck -------

    [-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

    [-] 2004-07-09 10:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2010-11-15_05.44.07 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2010-11-15 05:57 . 2010-11-15 05:57 16384 c:\winnt\system32\Perflib_Perfdata_5f4.dat
    + 2010-11-15 05:58 . 2010-11-15 05:58 16384 c:\winnt\system32\Perflib_Perfdata_580.dat
    + 2010-11-15 05:54 . 2010-11-15 05:54 16384 c:\winnt\system32\Perflib_Perfdata_2a4.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
    "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
    "PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
    "CreateCD50"="c:\program files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [2002-12-17 131157]
    "AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
    "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-25 98304]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
    "snpstd3"="c:\winnt\vsnpstd3.exe" [2005-09-05 339968]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
    "TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

    c:\documents and settings\Tom Burrows\Start Menu\Programs\Startup\
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-7 303104]
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
    HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
    MA003DMN.LNK - c:\program files\M-Audio Audiophile USB\Dmn\ma003dmn.exe [2007-12-6 53248]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-07-30 13:40 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
    2003-02-03 16:59 110592 ----a-w- c:\winnt\system32\LgNotify.dll

    R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2/1/2009 9:33 PM 12552]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2/1/2009 9:33 PM 335240]
    R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2/1/2009 9:33 PM 108552]
    R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [12/17/2002 12:29 PM 363799]
    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 9:32 PM 297752]
    R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [11/1/2010 11:08 PM 582992]
    R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [11/22/2002 1:09 PM 48407]
    R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [4/21/2005 8:58 PM 92550]
    R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]
    R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
    R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [10/9/2007 5:45 PM 2369664]
    S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [1/10/2008 10:18 AM 3567]
    S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - IPNAT
    *NewlyCreated* - RASAUTO
    *NewlyCreated* - SHAREDACCESS
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page =
    mLocal Page =
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
    LSP: %SystemRoot%\system32\msafd.dll
    Trusted Zone: mercom.com \veri-scribe
    Trusted Zone: turbotax.com
    DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
    DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
    FF - ProfilePath - c:\documents and settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - true
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-15 10:53
    Windows 5.0.2195 Service Pack 4 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(236)
    c:\winnt\system32\Ati2evxx.dll
    c:\winnt\System32\LgNotify.dll
    c:\winnt\system32\wzcdlg.dll
    c:\winnt\system32\WZCSAPI.DLL

    - - - - - - - > 'explorer.exe'(1364)
    c:\winnt\AppPatch\AcLayers.DLL
    c:\winnt\system32\SHDOCVW.DLL
    .
    Completion time: 2010-11-15 10:58:47
    ComboFix-quarantined-files.txt 2010-11-15 16:58
    ComboFix2.txt 2010-11-15 06:36
    ComboFix3.txt 2010-11-15 05:47

    Pre-Run: 16,055,181,312 bytes free
    Post-Run: 16,041,242,624 bytes free

    - - End Of File - - 9A87B5DE4B799D6144C23D5FFC083446
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Absolutely :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    OTL logfile created on: 11/15/2010 9:17:51 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom Burrows\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 14.94 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

    Computer Name: ICMG-3B7ABE9F5C | User Name: Tom Burrows | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
    PRC - [2010/07/08 08:42:37 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
    PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
    PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
    PRC - [2009/07/30 07:40:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
    PRC - [2009/07/30 07:39:26 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
    PRC - [2009/07/30 07:38:01 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
    PRC - [2009/07/30 07:33:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
    PRC - [2008/11/06 10:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
    PRC - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
    PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
    PRC - [2005/12/15 10:57:34 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINNT\system32\bgsvcgen.exe
    PRC - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
    PRC - [2003/06/19 13:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
    PRC - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
    PRC - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
    PRC - [2003/06/19 13:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
    PRC - [2003/02/03 10:58:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\RoamMgr.exe
    PRC - [2003/02/03 10:57:16 | 000,315,392 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\ZCfgSvc.exe
    PRC - [2003/01/12 16:09:46 | 000,299,075 | ---- | M] (Intel Corporation ) -- C:\WINNT\system32\S24EvMon.exe
    PRC - [2003/01/12 16:08:26 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\RegSrvc.exe
    PRC - [2003/01/10 13:36:46 | 000,409,600 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Switching\User\RoamSvc.exe
    PRC - [2002/12/17 13:14:14 | 000,131,157 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
    PRC - [2002/12/17 12:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
    MOD - [2003/06/19 13:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
    MOD - [2003/06/19 13:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
    MOD - [2002/08/09 10:12:56 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2009/07/30 07:33:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
    SRV - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
    SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
    SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINNT\system32\bgsvcgen.exe -- (bgsvcgen)
    SRV - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
    SRV - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
    SRV - [2003/06/19 13:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
    SRV - [2003/06/19 13:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
    SRV - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
    SRV - [2003/06/19 13:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
    SRV - [2003/06/19 13:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
    SRV - [2003/02/03 10:58:08 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\RoamMgr.exe -- (RoamMgr)
    SRV - [2003/01/12 16:09:46 | 000,299,075 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINNT\system32\S24EvMon.exe -- (S24EventMonitor)
    SRV - [2003/01/12 16:08:26 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\RegSrvc.exe -- (RegSrvc)
    SRV - [2003/01/10 13:36:46 | 000,409,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Switching\User\RoamSvc.exe -- (IntelRoam)
    SRV - [2002/11/26 10:27:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2009/07/30 07:40:40 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINNT\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
    DRV - [2009/07/30 07:40:37 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgldx86.sys -- (AvgLdx86)
    DRV - [2009/04/26 08:57:17 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINNT\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
    DRV - [2009/04/26 08:57:01 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgtdix.sys -- (AvgTdiX)
    DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
    DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TMPassthru.sys -- (TMPassthru)
    DRV - [2007/12/19 05:43:03 | 000,227,298 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
    DRV - [2007/12/19 05:43:03 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k)
    DRV - [2007/12/19 05:43:03 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K)
    DRV - [2007/12/19 05:43:03 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K)
    DRV - [2006/10/04 20:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2006/10/04 20:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
    DRV - [2006/01/02 17:05:24 | 008,702,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\snpstd3.sys -- (SNPSTD3)
    DRV - [2005/11/10 18:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
    DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
    DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
    DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/04/21 20:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ozscr.sys -- (OZSCR)
    DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
    DRV - [2003/06/19 13:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
    DRV - [2003/06/19 13:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
    DRV - [2003/06/19 13:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
    DRV - [2003/06/19 13:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
    DRV - [2003/06/19 13:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
    DRV - [2003/06/19 13:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
    DRV - [2003/06/19 13:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
    DRV - [2003/02/07 03:28:46 | 002,369,664 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\w70n5.sys -- (w70n5) Intel(R)
    DRV - [2003/01/15 10:46:02 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
    DRV - [2003/01/12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
    DRV - [2003/01/07 16:40:04 | 000,102,225 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57w2k.sys -- (b57w2k)
    DRV - [2002/12/17 12:29:38 | 000,363,799 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\cdudf.sys -- (cdudf)
    DRV - [2002/11/22 13:09:38 | 000,048,407 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mipmn2k.sys -- (MIPMN)
    DRV - [2002/11/11 16:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
    DRV - [2002/10/09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\omci.sys -- (OMCI)
    DRV - [2002/08/09 10:12:42 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
    DRV - [2002/08/09 10:08:29 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
    DRV - [2002/01/12 18:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\PortTalk.sys -- (PortTalk)
    DRV - [1999/10/12 15:57:12 | 000,068,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [1999/09/28 15:14:04 | 000,019,376 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\sparrow.sys -- (Sparrow)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"


    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 14:03:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/10 08:33:26 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 23:32:09 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 09:09:22 | 000,000,000 | ---D | M]

    [2008/09/23 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Mozilla\Extensions
    [2009/09/16 21:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\extensions
    [2010/11/14 20:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/10/29 09:09:00 | 000,101,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
    [2010/10/29 09:08:43 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
    [2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
    [2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
    [2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2010/11/14 23:43:57 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
    O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
    O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
    O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
    O4 - HKLM..\Run: [snpstd3] C:\WINNT\vsnpstd3.exe ()
    O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe (Nemesis)
    O4 - Startup: C:\Documents and Settings\Tom Burrows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
    O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
    O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
    O15 - HKCU\..Trusted Domains: mercom.com ([veri-scribe] ftp in Trusted sites)
    O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
    O18 - Protocol\Filter\application/octet-stream - No CLSID value found
    O18 - Protocol\Filter\application/x-complus - No CLSID value found
    O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
    O18 - Protocol\Filter\Class Install Handler - No CLSID value found
    O18 - Protocol\Filter\deflate - No CLSID value found
    O18 - Protocol\Filter\gzip - No CLSID value found
    O18 - Protocol\Filter\lzdhtml - No CLSID value found
    O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
    O18 - Protocol\Filter\text/xml - No CLSID value found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
    O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
    O20 - Winlogon\Notify\Sebring: DllName - C:\WINNT\System32\LgNotify.dll - C:\WINNT\system32\LgNotify.dll (Intel Corporation)
    O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: Nwsapagent - File not found

    Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
    Drivers32: aux2 - File not found
    Drivers32: aux3 - File not found
    Drivers32: aux4 - File not found
    Drivers32: aux5 - File not found
    Drivers32: aux6 - File not found
    Drivers32: aux7 - File not found
    Drivers32: aux8 - File not found
    Drivers32: aux9 - File not found
    Drivers32: midi2 - File not found
    Drivers32: midi3 - File not found
    Drivers32: midi4 - File not found
    Drivers32: midi5 - File not found
    Drivers32: midi6 - File not found
    Drivers32: midi7 - File not found
    Drivers32: midi8 - File not found
    Drivers32: midi9 - File not found
    Drivers32: mixer2 - File not found
    Drivers32: mixer3 - File not found
    Drivers32: mixer4 - File not found
    Drivers32: mixer5 - File not found
    Drivers32: mixer6 - File not found
    Drivers32: mixer7 - File not found
    Drivers32: mixer8 - File not found
    Drivers32: mixer9 - File not found
    Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINNT\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
    Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINNT\System32\iyuv_32.dll (Intel(R) Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
    Drivers32: vidc.XVID - C:\WINNT\System32\xvidvfw.dll ()
    Drivers32: VIDC.YVU9 - C:\WINNT\System32\tsbyuv.dll (Toshiba Corporation)
    Drivers32: wave2 - File not found
    Drivers32: wave3 - File not found
    Drivers32: wave4 - File not found
    Drivers32: wave5 - File not found
    Drivers32: wave6 - File not found
    Drivers32: wave7 - File not found
    Drivers32: wave8 - File not found
    Drivers32: wave9 - File not found
    SystemRestore not available.

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/15 18:37:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
    [2010/11/15 10:52:46 | 000,000,000 | ---D | C] -- C:\WINNT\temp
    [2010/11/15 10:30:54 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2010/11/14 23:24:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
    [2010/11/14 23:24:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
    [2010/11/14 23:24:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
    [2010/11/14 23:24:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
    [2010/11/14 23:24:20 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
    [2010/11/14 23:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/12 23:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Burrows\Desktop\MalAdSpyVirTools
    [2010/11/12 23:45:58 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF
    [2010/11/01 23:08:44 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\TMPassthru.sys
    [2010/10/29 09:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Burrows\Application Data\webex
    [2010/01/24 13:45:05 | 000,131,072 | ---- | C] ( ) -- C:\WINNT\System32\rsnpstd3.dll
    [2010/01/24 13:45:05 | 000,053,248 | ---- | C] ( ) -- C:\WINNT\System32\vsnpstd3.dll
    [2010/01/24 13:45:04 | 000,061,440 | ---- | C] ( ) -- C:\WINNT\System32\csnpstd3.dll

    ========== Files - Modified Within 30 Days ==========

    [2010/11/15 20:35:40 | 000,000,453 | ---- | M] () -- C:\WINNT\hpbafd.ini
    [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
    [2010/11/15 18:11:43 | 067,646,144 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
    [2010/11/15 15:01:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\Ageless Mailing label.doc
    [2010/11/15 10:28:41 | 003,909,976 | R--- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
    [2010/11/14 23:58:04 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_580.dat
    [2010/11/14 23:57:48 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f4.dat
    [2010/11/14 23:56:07 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK
    [2010/11/14 23:54:28 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
    [2010/11/14 23:43:57 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
    [2010/11/14 22:00:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
    [2010/11/13 02:58:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
    [2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINNT\MBR.exe
    [2010/11/04 02:04:23 | 000,039,666 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\Gm vs mu.pdf
    [2010/11/04 01:47:19 | 000,060,842 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\voa.pdf
    [2010/11/03 13:12:57 | 001,404,928 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\2010 Tube Lists.xls
    [2010/10/27 23:39:04 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/20 11:11:33 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
    [2010/10/20 11:08:22 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat
    [2010/10/19 13:30:48 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d4.dat

    ========== Files Created - No Company Name ==========

    [2010/11/14 23:58:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_580.dat
    [2010/11/14 23:57:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f4.dat
    [2010/11/14 23:54:28 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
    [2010/11/14 23:24:31 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
    [2010/11/14 23:24:31 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
    [2010/11/14 23:24:31 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
    [2010/11/14 23:24:31 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
    [2010/11/14 23:24:31 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
    [2010/11/14 23:19:20 | 003,909,976 | R--- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
    [2010/11/14 22:00:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
    [2010/11/13 10:01:40 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
    [2010/11/04 02:04:22 | 000,039,666 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\Gm vs mu.pdf
    [2010/11/04 01:47:16 | 000,060,842 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\voa.pdf
    [2010/11/01 22:20:31 | 001,404,928 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\2010 Tube Lists.xls
    [2010/10/20 11:11:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
    [2010/10/20 11:08:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat
    [2010/10/19 13:30:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d4.dat
    [2010/01/24 13:45:04 | 008,702,080 | ---- | C] () -- C:\WINNT\System32\drivers\snpstd3.sys
    [2010/01/24 13:45:04 | 000,015,498 | ---- | C] () -- C:\WINNT\snpstd3.ini
    [2010/01/24 13:44:14 | 000,000,831 | ---- | C] () -- C:\WINNT\EZLiveMonitor2.0.ini
    [2010/01/24 13:44:12 | 000,012,548 | ---- | C] () -- C:\WINNT\EZMediaBox2.ini
    [2010/01/24 13:43:20 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
    [2010/01/24 13:43:19 | 000,483,328 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
    [2010/01/24 13:43:19 | 000,000,744 | ---- | C] () -- C:\WINNT\EZVMail3.ini
    [2008/10/28 11:12:20 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
    [2008/10/14 04:58:21 | 000,000,073 | ---- | C] () -- C:\WINNT\cdplayer.ini
    [2008/10/07 07:51:06 | 000,000,000 | ---- | C] () -- C:\WINNT\Dvm.INI
    [2008/05/27 17:16:44 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\NormalizeDSP.dll
    [2008/02/08 06:50:06 | 000,129,024 | ---- | C] () -- C:\WINNT\System32\ZipDll.dll
    [2008/02/08 06:50:06 | 000,115,712 | ---- | C] () -- C:\WINNT\System32\UnzDll.dll
    [2008/02/08 06:50:05 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\UNRAR.DLL
    [2008/01/19 03:04:50 | 000,000,453 | ---- | C] () -- C:\WINNT\hpbafd.ini
    [2007/12/28 23:46:14 | 000,018,768 | ---- | C] () -- C:\WINNT\System32\drivers\SECDRV.SYS
    [2007/12/16 22:35:44 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/06 20:14:12 | 000,000,128 | ---- | C] () -- C:\WINNT\ars.INI
    [2007/10/15 13:43:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Local Settings\Application Data\fusioncache.dat
    [2007/10/15 13:33:06 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2007/10/15 13:24:51 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\hpzids01.dll
    [2007/10/09 22:01:31 | 000,000,701 | ---- | C] () -- C:\WINNT\ODBC.INI
    [2007/10/09 16:37:55 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
    [2007/10/09 11:15:01 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
    [2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
    [2006/11/05 22:30:38 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll
    [2006/10/21 11:59:59 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\Manipulate.dll
    [2006/09/24 19:53:56 | 000,268,242 | ---- | C] () -- C:\WINNT\System32\erdmpg-parse.dll
    [2006/09/24 19:53:44 | 002,518,779 | ---- | C] () -- C:\WINNT\System32\erdmpg-enc.dll
    [2006/09/24 19:52:06 | 000,030,693 | ---- | C] () -- C:\WINNT\System32\erdmpg-int.dll
    [2005/10/14 21:10:24 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\comLyricGetter.dll
    [2004/02/01 13:21:56 | 000,097,280 | ---- | C] () -- C:\WINNT\System32\Uncommon.dll
    [2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
    [2002/10/24 11:32:00 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\mipmnlog.dll
    [2002/08/09 10:18:21 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
    [2002/08/09 10:14:25 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
    [2002/08/09 10:09:09 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
    [2002/08/09 10:08:42 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
    [2002/08/09 10:08:35 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
    [2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
    [1999/09/25 04:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
    [1999/09/25 04:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

    ========== LOP Check ==========
     
  10. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    [2008/01/11 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
    [2009/06/10 08:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
    [2007/12/28 22:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
    [2008/10/14 04:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
    [2008/03/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
    [2009/03/08 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
    [2009/03/08 10:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
    [2007/11/24 11:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
    [2008/10/26 23:10:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
    [2009/02/01 21:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\AVGTOOLBAR
    [2009/09/04 07:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\BitTorrent
    [2007/12/28 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Cogniview
    [2008/01/23 17:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FileMaker
    [2010/02/07 12:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FileZilla
    [2008/10/26 22:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FinalBurner AudioCD Ripper
    [2007/11/07 09:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FUJIFILM
    [2007/12/16 23:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\gtk-2.0
    [2008/06/03 11:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\ICAClient
    [2009/08/10 16:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\IObit
    [2008/08/06 14:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Kernel for Outlook
    [2008/03/13 00:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Nova Development
    [2008/10/27 17:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\OfficeUpdate12
    [2010/01/05 21:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\OpenOffice.org
    [2008/08/12 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Softplicity
    [2010/10/29 09:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\webex

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2003/06/19 13:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
    [2003/06/19 13:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
    [2008/09/01 09:54:42 | 000,000,084 | ---- | M] () -- C:\ASIO_DLL_DEBUG.txt
    [2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
    [2010/09/26 15:28:44 | 000,000,192 | -HS- | M] () -- C:\boot.ini
    [2010/11/15 10:58:48 | 000,009,991 | ---- | M] () -- C:\ComboFix.txt
    [2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
    [2008/10/07 07:51:06 | 001,707,415 | ---- | M] () -- C:\D0000005.VOC
    [2008/10/14 05:37:58 | 000,004,386 | ---- | M] () -- C:\devicetable.log
    [2007/10/09 16:38:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/03/08 14:53:31 | 000,157,513 | ---- | M] () -- C:\log_fs.log
    [2007/10/09 16:38:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/08/09 10:13:20 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
    [2007/10/09 18:54:28 | 000,214,432 | RHS- | M] () -- C:\ntldr
    [2010/11/14 23:54:07 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
    [2008/06/18 10:36:03 | 000,000,028 | ---- | M] () -- C:\PLAYER_SERVICES_DEBUG.txt
    [2010/11/12 23:45:18 | 000,000,404 | ---- | M] () -- C:\rkill.log
    [2008/11/09 17:06:06 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
    [2008/09/01 09:56:37 | 000,001,258 | ---- | M] () -- C:\vsPlayerClient_DEBUG.txt
    [2009/03/08 12:42:28 | 000,015,870 | ---- | M] () -- C:\_00GVF5O.JPG
    [2009/03/08 12:42:26 | 000,031,787 | ---- | M] () -- C:\_06VIIEL.JPG
    [2009/03/08 12:42:28 | 000,015,547 | ---- | M] () -- C:\_0J1VHK5.JPG
    [2009/03/08 12:42:25 | 000,099,758 | ---- | M] () -- C:\_0S24J3H.JPG
    [2009/03/08 12:42:15 | 000,170,448 | ---- | M] () -- C:\_0SCQRM1.JPG
    [2009/03/08 12:42:32 | 000,045,348 | ---- | M] () -- C:\_19IFFEO.JPG
    [2009/03/08 12:42:39 | 000,016,142 | ---- | M] () -- C:\_1OPIDP7.JPG

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2007/10/09 16:38:07 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2005/10/14 21:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\hpzpp43a.dll
    [2007/08/21 13:55:54 | 000,028,504 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\lmdippr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
    [2003/06/19 13:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2007/10/09 16:37:55 | 000,000,271 | -H-- | M] () -- C:\Program Files\desktop.ini
    [2007/10/09 16:37:55 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/10/09 11:12:05 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
    [2007/10/09 11:12:05 | 000,532,480 | ---- | M] () -- C:\WINNT\system32\config\software.sav
    [2007/10/09 11:12:05 | 000,385,024 | ---- | M] () -- C:\WINNT\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2007/10/09 16:50:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2008/10/14 05:09:07 | 003,251,879 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\aceburn.exe
    [2008/10/14 05:06:24 | 000,587,706 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\all4cwr124.exe
    [2007/12/06 20:07:17 | 001,902,600 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\arssetup.exe
    [2008/01/11 13:37:11 | 035,378,168 | ---- | M] (Avery ) -- C:\Documents and Settings\Tom Burrows\Desktop\Avery_Wizard_Holiday.exe
    [2008/01/29 18:46:05 | 000,452,392 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Tom Burrows\Desktop\COL10862(2).exe
    [2008/01/29 18:12:17 | 000,452,392 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Tom Burrows\Desktop\COL10862.exe
    [2010/11/15 10:28:41 | 003,909,976 | R--- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
    [2008/01/11 13:24:25 | 085,901,040 | ---- | M] (Avery Dennison ) -- C:\Documents and Settings\Tom Burrows\Desktop\DesignPro5_4_Limited.exe
    [2009/03/08 10:02:39 | 003,916,984 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Tom Burrows\Desktop\DriverDetective.exe
    [2009/08/05 09:59:57 | 000,959,592 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\EFRCSetup.exe
    [2008/02/08 06:49:14 | 001,876,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ezip35.exe
    [2008/09/25 19:52:37 | 010,088,014 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\fb_free.exe
    [2008/10/15 21:58:07 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\FileFormatConverters.exe
    [2008/09/23 21:40:31 | 007,507,848 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\Desktop\Firefox Setup 3.0.2(2).exe
    [2008/09/23 21:27:16 | 007,507,848 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\Desktop\Firefox Setup 3.0.2.exe
    [2008/10/14 04:57:01 | 001,892,336 | ---- | M] (MGShareware ) -- C:\Documents and Settings\Tom Burrows\Desktop\freeripmp3.exe
    [2009/03/08 12:40:47 | 001,238,688 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\freeundelete.exe
    [2008/01/11 11:48:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\gc_w01_ENU.exe
    [2007/12/16 22:53:46 | 015,180,000 | ---- | M] ( ) -- C:\Documents and Settings\Tom Burrows\Desktop\gimp-2.4.2-i686-setup.exe
    [2010/09/26 10:17:58 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\iExplore.exe
    [2007/10/10 22:19:19 | 001,164,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Tom Burrows\Desktop\install_flash_player.exe
    [2009/06/11 21:53:08 | 007,183,768 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\IP5_2Eng.exe
    [2008/02/01 11:39:02 | 000,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\jre-6u3-windows-i586-p-iftw.exe
    [2010/11/13 02:58:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
    [2008/04/13 22:11:29 | 017,779,321 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\lilypond-2.10.33-1.mingw.exe
    [2008/09/03 23:20:10 | 085,182,928 | ---- | M] (Wolfram Research ) -- C:\Documents and Settings\Tom Burrows\Desktop\MathematicaPlayer.EXE
    [2010/11/14 22:00:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
    [2008/04/07 21:36:57 | 005,556,616 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\MDAC_TYP.EXE
    [2009/03/21 00:42:57 | 000,438,592 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\msgr9us.exe
    [2007/12/06 20:04:00 | 001,182,843 | ---- | M] (Marshall Electronics, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\MXLUSBRecorderSetup.exe
    [2008/04/07 20:27:36 | 047,400,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\NetFx64.exe
    [2008/10/09 17:56:47 | 000,473,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\OGAPluginInstall.exe
    [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
    [2007/12/28 22:52:55 | 028,644,998 | ---- | M] (Cogniview ) -- C:\Documents and Settings\Tom Burrows\Desktop\PDF2XL_OCR-_Convert_PDF_to_Excel_56301.exe
    [2008/10/09 17:59:20 | 000,163,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\pfbackup.exe
    [2007/12/16 22:32:47 | 006,219,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\picasaweb-current-setup.exe
    [2007/10/21 22:20:56 | 020,256,064 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\QuickTimeInstaller.exe
    [2008/08/06 13:15:18 | 002,279,687 | ---- | M] (Nucleus Data Recovery .com ) -- C:\Documents and Settings\Tom Burrows\Desktop\Repair-PST-Setup.exe
    [2008/02/01 11:58:32 | 006,909,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\setup(2).exe
    [2008/07/17 10:25:41 | 007,260,192 | ---- | M] (United States Postal Service ) -- C:\Documents and Settings\Tom Burrows\Desktop\setup(3).exe
    [2008/02/01 11:31:10 | 006,909,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\setup.exe
    [2008/10/18 11:39:27 | 027,462,344 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\setupeng.exe
    [2008/01/23 17:33:16 | 005,253,694 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SETUPEX.EXE
    [2008/04/07 22:01:50 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SetupWebTable(2).exe
    [2008/04/07 22:00:03 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SetupWebTable.exe
    [2008/10/26 23:01:05 | 020,234,544 | ---- | M] (Mystik Media ) -- C:\Documents and Settings\Tom Burrows\Desktop\setup_blazemp.exe
    [2008/08/26 15:16:00 | 005,253,694 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\spp.exe
    [2008/03/06 21:25:29 | 000,872,104 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\Support-LogMeInRescue(2).exe
    [2007/10/17 09:44:18 | 000,825,512 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\Support-LogMeInRescue.exe
    [2008/03/25 23:32:55 | 004,497,552 | ---- | M] (Helmsman, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\TotalHTMLConverter.exe
    [2008/08/12 00:12:37 | 006,458,016 | ---- | M] (Helmsman, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\TotalImageConverter.exe
    [2008/01/18 10:59:40 | 143,298,856 | ---- | M] (Acronis) -- C:\Documents and Settings\Tom Burrows\Desktop\TrueImage11_s_en.exe
    [2007/10/19 21:32:59 | 000,188,406 | ---- | M] (Roxio) -- C:\Documents and Settings\Tom Burrows\Desktop\updatecdr4_53_71.exe
    [2008/04/07 21:35:55 | 000,895,016 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\WGAPluginInstall.exe
    [2007/11/24 11:34:07 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\winzip111(2).exe
    [2007/11/24 11:34:05 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\winzip111.exe
    [2009/02/05 20:02:13 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\wrar371.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2004/02/27 17:36:18 | 000,013,023 | ---- | M] () -- C:\WINNT\snpstd3.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >
    [2007/10/09 21:45:52 | 019,755,376 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\aaw2007.exe
    [2007/10/19 21:17:37 | 054,486,288 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\avg75f_488a1157.exe
    [2009/02/01 17:58:20 | 077,680,744 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Tom Burrows\My Documents\avg_ipw_stf_all_8_233a1415.exe
    [2007/10/10 22:05:07 | 006,016,952 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\My Documents\Firefox Setup 2.0.0.7.exe
    [2008/01/19 02:43:32 | 017,792,232 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\HPUPD41PCL532.exe
    [2008/06/03 11:11:12 | 002,307,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\Tom Burrows\My Documents\ica32t.exe
    [2007/10/09 17:58:00 | 000,491,768 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\ie6setup.exe
    [2008/01/03 14:14:06 | 032,600,454 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\IM3_HDDcam.exe
    [2008/01/19 03:02:15 | 004,960,412 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\lj1038en.exe
    [2008/04/07 20:28:41 | 047,400,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\NetFx64.exe
    [2008/04/07 22:02:44 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\SetupWebTable.exe
    [2007/10/15 11:13:02 | 082,603,072 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\Tom Burrows\My Documents\w_turbotax_1040_hab_2006_09.exe

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2002/08/09 10:08:42 | 000,000,777 | ---- | M] () -- C:\WINNT\addins\faxext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >
    [2002/08/09 10:08:52 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf
    [2002/08/09 10:09:03 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf
    [2002/08/09 10:11:47 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2007/10/09 16:50:56 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Tom Burrows\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2007/10/09 18:57:55 | 000,002,362 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/15 21:32:57 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2002/12/11 14:08:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINNT\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/11/01 23:09:19 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\诐
    [2010/11/01 23:09:19 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\诐

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 8368 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7932 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7772 bytes -> C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7224 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 6764 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 6460 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5968 bytes -> C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5904 bytes -> C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5832 bytes -> C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5740 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5532 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5508 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5360 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 4888 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 3864 bytes -> C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 3840 bytes -> C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 2980 bytes -> C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 2384 bytes -> C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 18700 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 18636 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 1256 bytes -> C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 11808 bytes -> C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc

    < End of report >
     
  11. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    OTL Extras logfile created on: 11/15/2010 9:17:51 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom Burrows\Desktop
    Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2800.1106)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    511.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
    1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
    Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
    Drive C: | 37.26 Gb Total Space | 14.94 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

    Computer Name: ICMG-3B7ABE9F5C | User Name: Tom Burrows | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- %1
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00212357-3B02-4C78-BCCB-45F635DABAC3}" = Microsoft Office Live Meeting 2005
    "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
    "{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
    "{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
    "{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
    "{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.4
    "{193DD0DC-004A-4545-A301-E4A7335C8E41}" = 2400
    "{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.3.0.135
    "{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
    "{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
    "{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
    "{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
    "{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
    "{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
    "{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
    "{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
    "{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
    "{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
    "{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
    "{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
    "{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
    "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
    "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
    "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
    "{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
    "{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
    "{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
    "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
    "{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
    "{3c2754c6-efa1-4069-9191-1b0b4d2b45d5}" = BestOn Software
    "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
    "{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
    "{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
    "{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
    "{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
    "{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
    "{4BE1E10B-4580-41BE-899F-60B5DC1DB2EA}" = Cogniview PDF2XL OCR Evaluation
    "{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
    "{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
    "{515ECD73-3CD2-4BE4-9C06-02A985D9F962}" = Veri-Scribe II
    "{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
    "{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
    "{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
    "{5BC304B7-84B4-43B3-8A62-EB9BC2051544}" = Photo Explosion SE
    "{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
    "{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
    "{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
    "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
    "{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
    "{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
    "{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
    "{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
    "{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
    "{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
    "{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
    "{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
    "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
    "{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
    "{7F373956-6960-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
    "{80EFBB50-5B6C-4A9D-AFBC-C7664AFF252F}" = Digital Voice Recorder
    "{8552A53D-5226-462B-8E7C-B3174C04E7BD}" = Intel(R) PROSet
    "{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
    "{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
    "{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
    "{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
    "{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
    "{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
    "{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
    "{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
    "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
    "{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
    "{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
    "{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
    "{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
    "{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
    "{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
    "{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
    "{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
    "{B7147127-69CC-4A5A-9ED3-92859E87B9DE}" = Veri-Scribe II Public Player
    "{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player
    "{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
    "{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
    "{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
    "{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
    "{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
    "{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
    "{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
    "{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
    "{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
    "{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
    "{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
    "{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
    "{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
    "{E2EA5233-8AC4-4A59-A521-FBD1A0778A06}" = XML Converter Standard Edition
    "{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
    "{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
    "{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
    "{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
    "{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
    "{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
    "{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
    "{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
    "{F999C60C-0DB8-4563-A54B-ABB97560CF65}" = Ezonics VGA camera
    "{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
    "{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
    "Ace CD Burner" = Ace CD Burner
    "ActiveTouchMeetingClient" = WebEx
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "All4 CD Wav Ripple_is1" = All4 CD Wav Ripple 1.2.4
    "ATI Display Driver" = ATI Display Driver
    "Audacity_is1" = Audacity 1.2.6
    "Audio Recording Studio_is1" = Audio Recording Studio v3.0
    "AVG8Uninstall" = AVG 8.5
    "Blaze Media Pro" = Blaze Media Pro
    "Citrix ICA Web Client" = Citrix ICA Web Client
    "CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
    "EasyZip" = EasyZip
    "Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
    "FileZilla Client" = FileZilla Client 3.3.1
    "FreeUndelete" = FreeUndelete
    "HijackThis" = HijackThis 2.0.2
    "HP Document Viewer" = HP Document Viewer 6.1
    "HP Imaging Device Functions" = HP Imaging Device Functions 6.1
    "HP Photo & Imaging" = HP Photosmart Premier Software 6.1
    "HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
    "InstallShield_{4BE1E10B-4580-41BE-899F-60B5DC1DB2EA}" = Cogniview PDF2XL OCR Evaluation
    "InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
    "InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player
    "InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
    "InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
    "Kernel for Outlook Evaluation ver 7.05.01_is1" = Kernel for Outlook Evaluation ver 7.05.01
    "LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Picasa2" = Picasa 2
    "Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
    "QuickTime" = QuickTime
    "Smart Defrag_is1" = Smart Defrag 1.20
    "ST6UNST #1" = WebTable 1.9.47
    "Total HTML Converter_is1" = HTMLConverter
    "Total Image Converter_is1" = TotalImageConverter
    "TurboTax Deluxe 2003" = TurboTax Deluxe 2003
    "TurboTax Deluxe 2004" = TurboTax Deluxe 2004
    "TurboTax Home & Business 2006" = TurboTax Home & Business 2006
    "TurboTax Home & Business 2007" = TurboTax Home & Business 2007
    "TurboTax Premier 2005" = TurboTax Premier 2005
    "Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
    "USBAudiophile" = Audiophile USB 1.5.4.15
    "Windows 2000 Service Pack" = Windows 2000 Service Pack 4
    "WinGimp-2.0_is1" = GIMP 2.4.2
    "WinRAR archiver" = WinRAR archiver
    "WMP7" = Windows Media Player system update (9 Series)
    "WMV9_VCM" = Microsoft Windows Media Video 9 VCM

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "BitTorrent" = BitTorrent
    "GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/8/2010 7:18:28 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Microsoft Office 11 | ID = 1000
    Description = Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9,
    faulting module pstprx32.dll, version 11.0.8200.0, stamp 472f9439, debug? 0, fault
    address 0x00024022.

    Error - 11/13/2010 3:26:45 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 2002
    Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
    has taken longer than the established wait time to complete. There may be a problem
    with this extensible counter or the service it is collecting data from or the system
    may have been very busy when this call was attempted.

    Error - 11/13/2010 3:34:02 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 1010
    Description = The Collect Procedure for the "PerfDisk" service in DLL "C:\WINNT\system32\perfdisk.dll"
    generated an exception or returned an invalid status. Performance data returned
    by counter DLL will be not be returned in Perf Data Block. Exception or status
    code returned is data DWORD 0.

    Error - 11/15/2010 8:55:06 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 1015
    Description = The timeout waiting for the performance data collection function "PerfDisk"
    in
    the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
    a problem with this extensible counter or the service it is collecting data from
    or the system may have been very busy when this call was attempted.

    [ System Events ]
    Error - 11/14/2010 2:40:28 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Java Quick Starter service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    No action.

    Error - 11/14/2010 2:40:29 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The AVG8 WatchDog service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
    the service.

    Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 0 milliseconds: No action.

    Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The RoamMgr service terminated unexpectedly. It has done this 1 time(s).
    The following corrective action will be taken in 0 milliseconds: No action.

    Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Remote Registry Service service terminated unexpectedly. It has
    done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
    Restart the service.

    Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Trend Micro RUBotted Service service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 0
    milliseconds: No action.

    Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Still Image Service service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    No action.

    Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Task Scheduler service terminated unexpectedly. It has done this
    1 time(s). The following corrective action will be taken in 0 milliseconds: No
    action.

    Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Windows Management Instrumentation service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in
    60000 milliseconds: Restart the service.

    Error - 11/14/2010 2:40:32 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
    Description = The Adapter Switching service terminated unexpectedly. It has done
    this 1 time(s). The following corrective action will be taken in 0 milliseconds:
    No action.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
      O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
      O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
      O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
      O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
      O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
      @Alternate Data Stream - 8368 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 7932 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 7772 bytes -> C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 7224 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 6764 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 6460 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5968 bytes -> C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5904 bytes -> C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5832 bytes -> C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5740 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5532 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5508 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 5360 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 4888 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 3864 bytes -> C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 3840 bytes -> C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 2980 bytes -> C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 2384 bytes -> C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 18700 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 18636 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 1256 bytes -> C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
      @Alternate Data Stream - 11808 bytes -> C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, read my last reply.
     
  14. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    Okay, right now I cannot seem to get Java to run anymore. When I run the diagnostic to determine version, it won't run correctly. If I try and open the Jave control panel I get an error message. If I try to manually download and install Java, nothing changes.

    Ideas?
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Proceed with next steps for now.
     
  16. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    Okay, I have run JavaRa to remove old versions, rerun OTL, run Security Check, TFC and ESET. Logs for OTL, Security Check and ESET below. Redirection is no longer a problem, however Java is still not running correctly.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
    C:\WINNT\Downloaded Program Files\wvc1dmo.inf moved successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
    File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
    Starting removal of ActiveX control DirectAnimation Java Classes
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
    File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
    Starting removal of ActiveX control Microsoft XML Parser for Java
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ADS C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Tom Burrows
    ->Temp folder emptied: 18938242 bytes
    ->Temporary Internet Files folder emptied: 318405 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 103439703 bytes
    ->Flash cache emptied: 16114 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: shell32.dll unable to determine bytes removed.

    Total Files Cleaned = 117.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Tom Burrows
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11202010_005928

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.5
    Windows 2000 Service Pack 4
    Internet Explorer 6 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    AVG 8.5
    Trend Micro RUBotted
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Eusing Free Registry Cleaner
    Java(TM) 6 Update 22
    Java(TM) 6 Update 16
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 8.2.3
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVG avgwdsvc.exe
    AVG avgtray.exe
    AVG avgrsx.exe
    AVG avgnsx.exe
    Trend Micro RUBotted TMRUBotted.exe
    Trend Micro RUBotted TMRUBottedTray.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    nslookup.exe missing!
    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````

    C:\Documents and Settings\Tom Burrows\Desktop\freeripmp3.exe Win32/Adware.ADON application deleted - quarantined
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please explain.

    I still can see Java(TM) 6 Update 16. Uninstall it manually.

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
     
  18. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    Ok, by manually uninstalling and reinstalling I now have Java working correctly. That said, I cannot uninstall the Java Update 16 - I get error messages when I try. Is it necessary? Everything else seems to be working now.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  20. ucwhatudid

    ucwhatudid TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Tom Burrows
    ->Temp folder emptied: 10344246 bytes
    ->Temporary Internet Files folder emptied: 221875 bytes
    ->Java cache emptied: 1853 bytes
    ->FireFox cache emptied: 51395393 bytes
    ->Flash cache emptied: 1604 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: shell32.dll unable to determine bytes removed.

    Total Files Cleaned = 59.00 mb


    [EMPTYFLASH]

    User: Administrator

    User: All Users

    User: Default User

    User: Tom Burrows
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11202010_215508

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Whenever you're ready.
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The issue seems to be resolved.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...