Solved Search Engine Redirect

Status
Not open for further replies.

ucwhatudid

Posts: 11   +0
I have recently found my searches being redirected. I use Firefox 3.6.12 with Google as the default. Whenever I click a search result for the first time, I am redirected to some other lame search engine result page. If I go back and click the same search result again, it goes where it is supposed to go. Occasionally the redirected page will not let me return to the Google result page.

I run AVG 8.5 which tells me all is fine. The log results requested in the 8-Step instructions are pasted below. Thanks in advance for the help.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5104

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

11/14/2010 1:20:22 PM
mbam-log-2010-11-14 (13-20-22).txt

Scan type: Quick scan
Objects scanned: 115403
Time elapsed: 21 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2010-11-14 15:45:17
Windows 5.0.2195 Service Pack 4 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 FUJITSU_MHV2040AH rev.00000096
Running: k4b7hlm4.exe; Driver: C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\agkyipob.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

DDS (Ver_10-11-10.01) - NTFSx86
Run by Tom Burrows at 15:45:39.11 on Sun 11/14/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_17
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.121 [GMT -6:00]


============== Running Processes ===============

C:\WINNT\System32\SCardSvr.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\System32\S24EvMon.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINNT\system32\bgsvcgen.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINNT\System32\RegSrvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\RoamMgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
C:\WINNT\system32\ZCfgSvc.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\Intel\Switching\User\RoamSvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINNT\vsnpstd3.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Documents and Settings\Tom Burrows\Desktop\MalAdSpyVirTools\dds.scr

============== Pseudo HJT Report ===============

uLocal Page =
mLocal Page =
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} -
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [ctfmon.exe] ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Xsedadikujikapa] rundll32.exe "c:\winnt\wmf32408.dll",Startup
mRun: [Synchronization Manager] mobsync.exe /logon
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [REGSHAVE] c:\program files\regshave\REGSHAVE.EXE /AUTORUN
mRun: [CreateCD50] "c:\program files\common files\adaptec shared\createcd\CreateCD50.exe" -r
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [snpstd3] c:\winnt\vsnpstd3.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TMRUBottedTray] "c:\program files\trend micro\rubotted\TMRUBottedTray.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Lholidohu] rundll32.exe "c:\winnt\ajonazob.dll",Startup
dRunOnce: [^SetupICWDesktop] c:\program files\internet explorer\connection wizard\icwconn1.exe /desktop
StartupFolder: c:\docume~1\tombur~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ma003dmn.lnk - c:\program files\m-audio audiophile usb\dmn\ma003dmn.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: mercom.com \veri-scribe
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\winnt\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} - hxxp://www.auctiva.com/Aurigma/ImageUploader57.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: Sebring - c:\winnt\system32\LgNotify.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tombur~1\applic~1\mozilla\firefox\profiles\7bfanrhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - HiddenExtension: XULRunner: {8186328A-3B9F-417C-AEBF-888717D18A4D} - c:\documents and settings\tom burrows\local settings\application data\{8186328A-3B9F-417C-AEBF-888717D18A4D}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2009-2-1 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2009-2-1 335240]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\winnt\system32\drivers\avgmfx86.sys [2007-10-19 27784]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2009-2-1 108552]
R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [2002-12-17 363799]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-1 297752]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\trend micro\rubotted\TMRUBotted.exe [2010-11-1 582992]
R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [2002-11-22 48407]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [2005-4-21 92550]
R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [2010-11-1 206608]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [2003-1-15 49776]
R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [2007-10-9 2369664]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [2008-1-10 3567]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [2010-11-1 206608]

=============== Created Last 30 ================

2010-11-13 05:45:58 -------- d--h--w- c:\winnt\PIF
2010-11-02 05:08:44 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
2010-11-02 04:22:49 388096 ----a-r- c:\docume~1\tombur~1\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-10-29 15:08:47 28472 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\atgpcdec.dll
2010-10-29 15:08:47 239496 ----a-w- c:\program files\mozilla firefox\plugins\webex\924\atgpcext.dll
2010-10-29 15:08:43 64392 ----a-w- c:\program files\mozilla firefox\plugins\npatgpc.dll

==================== Find3M ====================

2010-09-26 16:46:30 145408 ----a-w- c:\winnt\system32\msconfig.exe
2010-09-26 11:26:17 0 ----a-w- c:\winnt\Axabocovofa.bin

============= FINISH: 15:46:23.97 ===============

DDS (Ver_10-11-10.01)

Microsoft Windows 2000 Professional
Boot Device: \Device\Harddisk1\Partition1
Install Date:
System Uptime: 11/14/2010 6:41:55 AM (9 hours ago)

Motherboard: Dell Computer Corporation | |
Processor: Intel(R) Pentium(R) M processor 1600MHz | Microprocessor | 1598/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 15.12 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

23_24_2500Tour
2400
2400_2500Help
2400_2500trb
6300
6300_Help
6300Trb
Ace CD Burner
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.3
AiO_Scan
AiO_Scan_CDA
AiOSoftware
AiOSoftwareNPI
All4 CD Wav Ripple 1.2.4
AnswerWorks 4.0 Runtime - English
ATI Control Panel
ATI Display Driver
Audacity 1.2.6
Audio Recording Studio v3.0
Audiophile USB 1.5.4.15
Avery Wizard 3.1
AVG 8.5
B57Inst
BestOn Software
BitTorrent
Blaze Media Pro
Broadcom Driver Installer
BufferChm
Citrix ICA Web Client
Cogniview PDF2XL OCR Evaluation
Compatibility Pack for the 2007 Office system
Conexant D480 MDC V.92 Modem
Copy
CP_AtenaShokunin1Config
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
CP_Panorama1Config
cp_PosterPrintConfig
CreativeProjects
CreativeProjectsTemplates
CueTour
Dell ResourceCD
DesignPro 5.4 Limited Edition
Destinations
DeviceFunctionQFolder
DeviceManagementQFolder
Digital Voice Recorder
DocProc
DocumentViewer
DocumentViewerQFolder
Easy CD Creator 5 Basic
EasyZip
eSupportQFolder
Eusing Free Registry Cleaner
Ezonics VGA camera
Fax
Fax_CDA
FileZilla Client 3.3.1
FinalBurner Free v2.3.0.135
FinePix Studio
FinePixViewer Resource
FinePixViewer Ver.5.3
FreeRIP v3.091
FreeUndelete
FUJIFILM USB Driver
FullDPAppQFolder
GIMP 2.4.2
GoToMeeting/GoToWebinar 3.0.0.198
HiJackThis
HijackThis 2.0.2
Hotfix for MDAC 2.80 (KB927779)
Hotfix for Microsoft .NET Framework 2.0 Service Pack 1 (KB947748)
HP Document Viewer 6.1
HP Imaging Device Functions 6.1
HP Photosmart Premier Software 6.1
HP Product Assistant
HP PSC & OfficeJet 4.2
HP PSC & OfficeJet 6.1.A
HP Software Update
HP Solution Center and Imaging Support Tools 6.1
HP Update
HPProductAssistant
HPSystemDiagnostics
HTMLConverter
ImageMixer VCD2 LE for FinePix
InstantShare
InstantShareDevices
Intel(R) PROSet
ItsDeductible Express
Java(TM) 6 Update 16
Java(TM) 6 Update 17
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Kernel for Outlook Evaluation ver 7.05.01
LADSPA_plugins-win-0.4.15
LizardTech DjVu Control
Malwarebytes' Anti-Malware
Mathematica Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 1.1 Hotfix (KB947742)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft IntelliPoint 5.2
Microsoft Office Live Meeting 2005
Microsoft Office Standard Edition 2003
Microsoft Outlook Personal Folders Backup
Microsoft Visual C++ 2005 Redistributable
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (3.6.12)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
NewCopy_CDA
OpenOffice.org 3.1
Overland
PanoStandAlone
Photo Explosion SE
PhotoGallery
Picasa 2
PrintScreen
ProductContext
ProductContextNPI
QuickProjects
QuickTime
RandMap
Readme
Scan
ScannerCopy
Security Update for DirectX 9 (KB941568)
Security Update for DirectX 9 (KB951698)
Security Update for DirectX 9.0 (KB971633)
Security Update for Windows 2000 (KB904706)
Security Update for Windows 2000 (KB923689)
Security Update for Windows 2000 (KB941569)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 6.4 (KB954600)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Media Player 9 (KB973540)
Shipping Assistant 3.4
SigmaTel AC97 Audio Drivers
SkinsHP1
Skype web features
Skype™ 4.2
Smart Defrag 1.20
SolutionCenter
Sonic_PrimoSDK
Status
Toolbox
TotalImageConverter
TrayApp
Trend Micro RUBotted
TurboTax Deluxe 2003
TurboTax Deluxe 2004
TurboTax Home & Business 2006
TurboTax Home & Business 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier 2005
Unload
Update Rollup 1 for Windows 2000 SP4
Veri-Scribe II
Veri-Scribe II Public Player
WebEx
WebFldrs
WebReg
WebTable 1.9.47
WexTech AnswerWorks
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB842773
Windows 2000 Hotfix - KB893756
Windows 2000 Hotfix - KB896358
Windows 2000 Hotfix - KB896422
Windows 2000 Hotfix - KB896423
Windows 2000 Hotfix - KB899587
Windows 2000 Hotfix - KB899589
Windows 2000 Hotfix - KB900725
Windows 2000 Hotfix - KB901017
Windows 2000 Hotfix - KB901214
Windows 2000 Hotfix - KB905414
Windows 2000 Hotfix - KB905495
Windows 2000 Hotfix - KB905749
Windows 2000 Hotfix - KB908519
Windows 2000 Hotfix - KB908531
Windows 2000 Hotfix - KB911280
Windows 2000 Hotfix - KB913580
Windows 2000 Hotfix - KB914388
Windows 2000 Hotfix - KB914389
Windows 2000 Hotfix - KB917008
Windows 2000 Hotfix - KB917953
Windows 2000 Hotfix - KB918118
Windows 2000 Hotfix - KB920213
Windows 2000 Hotfix - KB920670
Windows 2000 Hotfix - KB920683
Windows 2000 Hotfix - KB920685
Windows 2000 Hotfix - KB921398
Windows 2000 Hotfix - KB921503
Windows 2000 Hotfix - KB922582
Windows 2000 Hotfix - KB923191
Windows 2000 Hotfix - KB923414
Windows 2000 Hotfix - KB923561
Windows 2000 Hotfix - KB923810
Windows 2000 Hotfix - KB923980
Windows 2000 Hotfix - KB924270
Windows 2000 Hotfix - KB924667
Windows 2000 Hotfix - KB925902
Windows 2000 Hotfix - KB926122
Windows 2000 Hotfix - KB926436
Windows 2000 Hotfix - KB927891
Windows 2000 Hotfix - KB928843
Windows 2000 Hotfix - KB930178
Windows 2000 Hotfix - KB931784
Windows 2000 Hotfix - KB933729
Windows 2000 Hotfix - KB935839
Windows 2000 Hotfix - KB935840
Windows 2000 Hotfix - KB936021
Windows 2000 Hotfix - KB937894
Windows 2000 Hotfix - KB938127
Windows 2000 Hotfix - KB938464
Windows 2000 Hotfix - KB938827
Windows 2000 Hotfix - KB938829
Windows 2000 Hotfix - KB939653
Windows 2000 Hotfix - KB941202
Windows 2000 Hotfix - KB941644
Windows 2000 Hotfix - KB943055
Windows 2000 Hotfix - KB943485
Windows 2000 Hotfix - KB944338
Windows 2000 Hotfix - KB944533
Windows 2000 Hotfix - KB945553
Windows 2000 Hotfix - KB948590
Windows 2000 Hotfix - KB950749
Windows 2000 Hotfix - KB950974
Windows 2000 Hotfix - KB951066
Windows 2000 Hotfix - KB951748
Windows 2000 Hotfix - KB952004
Windows 2000 Hotfix - KB952954
Windows 2000 Hotfix - KB954211
Windows 2000 Hotfix - KB955069
Windows 2000 Hotfix - KB956390
Windows 2000 Hotfix - KB956391
Windows 2000 Hotfix - KB956802
Windows 2000 Hotfix - KB957095
Windows 2000 Hotfix - KB957097
Windows 2000 Hotfix - KB958470
Windows 2000 Hotfix - KB958644
Windows 2000 Hotfix - KB958687
Windows 2000 Hotfix - KB959426
Windows 2000 Hotfix - KB960225
Windows 2000 Hotfix - KB960803
Windows 2000 Hotfix - KB960859
Windows 2000 Hotfix - KB961371
Windows 2000 Hotfix - KB961371-V2
Windows 2000 Hotfix - KB961501
Windows 2000 Hotfix - KB967715
Windows 2000 Hotfix - KB968537
Windows 2000 Hotfix - KB970238
Windows 2000 Hotfix - KB971557
Windows 2000 Hotfix - KB972260
Windows 2000 Hotfix - KB973346
Windows 2000 Hotfix - KB973354
Windows 2000 Hotfix - KB973507
Windows 2000 Hotfix - KB973869
Windows 2000 Service Pack 4
Windows Installer 3.1 (KB893803)
Windows Media Player Hotfix [See Q828026 for more information]
Windows Media Player system update (9 Series)
WinRAR archiver
WinZip 11.1
XML Converter Standard Edition

==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

======================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.pif
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
I was uncertain whether you wanted me to run all the steps before posting the txt of the first step, so I'm taking this a step at a time. Below is the result requested. Should I continue with each of the next steps? Thanks in advance.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 2000 Professional
Windows Information: Service Pack 4 (build 2195)
Logical Drives Mask: 0x00000014

Kernel Drivers (total 126):
0x80400000 \WINNT\System32\ntoskrnl.exe
0x80062000 \WINNT\System32\hal.dll
0xEB810000 \WINNT\System32\BOOTVID.dll
0xBFFD8000 ACPI.sys
0xEB9C8000 \WINNT\System32\DRIVERS\WMILIB.SYS
0xEB400000 pci.sys
0xEB410000 isapnp.sys
0xEB814000 compbatt.sys
0xEB900000 \WINNT\System32\DRIVERS\BATTC.SYS
0xEB9C9000 pciide.sys
0xEB680000 \WINNT\System32\DRIVERS\PCIIDEX.SYS
0xBFFBD000 pcmcia.sys
0xBFFA0000 ftdisk.sys
0xEB902000 Diskperf.sys
0xBFF7E000 dmio.sys
0xEB818000 PartMgr.sys
0xEB688000 MountMgr.sys
0xBFF68000 atapi.sys
0xEB690000 sparrow.sys
0xBFF55000 \WINNT\System32\DRIVERS\SCSIPORT.SYS
0xEB698000 disk.sys
0xEB420000 \WINNT\System32\DRIVERS\CLASSPNP.SYS
0xBFF33000 fltmgr.sys
0xEB430000 PxHelp20.sys
0xBFF21000 KSecDD.sys
0xBFEA3000 Ntfs.sys
0xBFE79000 NDIS.sys
0xBFE63000 Mup.sys
0xEB904000 avgrkx86.sys
0xEB6A0000 agp440.sys
0xEB87C000 \SystemRoot\System32\DRIVERS\CmBatt.sys
0xEB450000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xBFCCC000 \SystemRoot\System32\DRIVERS\ati2mtag.sys
0xEB6D0000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xEB6B8000 \SystemRoot\System32\DRIVERS\uhcd.sys
0xBFCAA000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xEB6E0000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xBFC91000 \SystemRoot\System32\DRIVERS\b57w2k.sys
0xEB888000 \SystemRoot\system32\DRIVERS\SMCLIB.SYS
0xBFC7A000 \SystemRoot\system32\DRIVERS\ozscr.sys
0xBFA37000 \SystemRoot\System32\DRIVERS\w70n5.sys
0xEB460000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xEB6F8000 \SystemRoot\system32\DRIVERS\point32.sys
0xEB708000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xEB718000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xEB470000 \SystemRoot\System32\DRIVERS\serial.sys
0xEB898000 \SystemRoot\System32\DRIVERS\serenum.sys
0xEB730000 \SystemRoot\System32\DRIVERS\parport.sys
0xEB9EB000 \SystemRoot\System32\Drivers\Cdr4_2K.SYS
0xEB740000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xBFA17000 \SystemRoot\System32\DRIVERS\ks.sys
0xEB480000 \SystemRoot\System32\DRIVERS\redbook.sys
0xEB9F0000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xBF9F8000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xBF97B000 \SystemRoot\system32\drivers\portcls.sys
0xBF9A0000 \SystemRoot\system32\drivers\STAC97.sys
0xBF948000 \SystemRoot\system32\DRIVERS\HSFHWICH.sys
0xBF84B000 \SystemRoot\system32\DRIVERS\HSF_DPV.SYS
0xBF79E000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xEB778000 \SystemRoot\System32\Drivers\Modem.SYS
0xEB490000 \SystemRoot\System32\DRIVERS\mipmn2k.sys
0xEB9FA000 \SystemRoot\System32\DRIVERS\audstub.sys
0xEB4A0000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xEB8B4000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xBF787000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xEB8C0000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xEB4B0000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xEB798000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xEB7A8000 \SystemRoot\System32\DRIVERS\raspti.sys
0xEB4C0000 \SystemRoot\System32\DRIVERS\parallel.sys
0xEBA04000 \SystemRoot\System32\DRIVERS\swenum.sys
0xBF75C000 \SystemRoot\System32\DRIVERS\update.sys
0xEB7C0000 \SystemRoot\System32\DRIVERS\omci.sys
0xBF72B000 \SystemRoot\system32\DRIVERS\TMPassthru.sys
0xEB4F0000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xEB500000 \SystemRoot\System32\DRIVERS\usbhub20.sys
0xEB7E0000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xEB7F8000 \SystemRoot\System32\Drivers\EFS.SYS
0xEB520000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEB912000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xEB9E6000 \SystemRoot\System32\Drivers\Null.SYS
0xEB9E8000 \SystemRoot\System32\Drivers\Beep.SYS
0xEB8F4000 \SystemRoot\System32\drivers\vga.sys
0xEB9EC000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBD666000 \SystemRoot\System32\Drivers\cdudf.SYS
0xEB6E8000 \SystemRoot\System32\Drivers\Msfs.SYS
0xEB530000 \SystemRoot\System32\Drivers\Npfs.SYS
0xBD61F000 \SystemRoot\System32\Drivers\UdfReadr.SYS
0xEB91A000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xBD5BE000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xEB540000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xEB728000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xBD4DD000 \SystemRoot\System32\Drivers\avgtdix.sys
0xBD4B2000 \SystemRoot\System32\DRIVERS\netbt.sys
0xEB550000 \SystemRoot\System32\DRIVERS\netbios.sys
0xBD488000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xBD410000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xEB750000 \SystemRoot\System32\Drivers\avgmfx86.sys
0xBD3BF000 \SystemRoot\System32\Drivers\avgldx86.sys
0xEBA1F000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBD3A9000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xA0000000 \??\C:\WINNT\system32\win32k.sys
0xBD33F000 \SystemRoot\System32\ati2dvag.dll
0xBD305000 \SystemRoot\System32\ati2cqag.dll
0xBD2CF000 \SystemRoot\System32\atikvmag.dll
0xBB068000 \SystemRoot\System32\ati3duag.dll
0xBAF5D000 \SystemRoot\System32\ativvaxx.dll
0xBAF49000 \SystemRoot\System32\DRIVERS\s24trans.sys
0xBADFF000 \SystemRoot\System32\drivers\afd.sys
0xBAD25000 \SystemRoot\system32\drivers\wdmaud.sys
0xBAF15000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB7A0000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xEB780000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xEB95A000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xBADDF000 \SystemRoot\System32\Drivers\Fips.SYS
0xBABAD000 \SystemRoot\System32\DRIVERS\srv.sys
0xBAD09000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xBA55B000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xBA34B000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB9D6B000 \??\C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\agkyipob.sys
0xEB6A8000 \??\C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\mbr.sys
0xB9D48000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xB9CDB000 \SystemRoot\System32\ATMFD.DLL
0xEB6B0000 \SystemRoot\System32\DRIVERS\asyncmac.sys
0xB9CB6000 \SystemRoot\system32\drivers\kmixer.sys
0x77F80000 \WINNT\system32\NTDLL.DLL

Processes (total 52):
0 System Idle Process
8 System
184 \SystemRoot\System32\smss.exe
212 CSRSS.EXE
236 \??\C:\WINNT\system32\winlogon.exe
264 C:\WINNT\system32\services.exe
276 C:\WINNT\system32\lsass.exe
404 C:\WINNT\System32\SCardSvr.exe
432 C:\WINNT\system32\Ati2evxx.exe
468 C:\WINNT\System32\S24EvMon.exe
540 C:\WINNT\system32\svchost.exe
568 C:\WINNT\system32\spoolsv.exe
608 C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
628 C:\WINNT\system32\bgsvcgen.exe
656 C:\WINNT\System32\svchost.exe
680 C:\Program Files\Java\jre6\bin\jqs.exe
716 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
828 C:\PROGRA~1\AVG\AVG8\avgam.exe
840 C:\PROGRA~1\AVG\AVG8\avgrsx.exe
892 C:\WINNT\System32\RegSrvc.exe
920 C:\WINNT\system32\regsvc.exe
932 C:\WINNT\System32\RoamMgr.exe
996 C:\Program Files\AVG\AVG8\avgrsx.exe
1096 C:\WINNT\system32\ZCfgSvc.exe
1180 C:\WINNT\system32\Ati2evxx.exe
1260 C:\WINNT\Explorer.EXE
1172 C:\WINNT\system32\MSTask.exe
1344 C:\WINNT\system32\stisvc.exe
1392 C:\WINNT\System32\WBEM\WinMgmt.exe
1408 C:\WINNT\system32\svchost.exe
1448 C:\Program Files\Intel\Switching\User\RoamSvc.exe
1656 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
1688 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
1720 C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
1676 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
1708 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
1732 C:\PROGRA~1\AVG\AVG8\avgtray.exe
1744 C:\Program Files\Microsoft IntelliPoint\point32.exe
1788 C:\Program Files\Java\jre6\bin\jusched.exe
1704 C:\WINNT\vsnpstd3.exe
1860 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
1880 C:\WINNT\system32\ctfmon.exe
1944 C:\WINNT\system32\svchost.exe
2056 C:\Program Files\FinePixViewer\QuickDCF2.exe
2076 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
2116 C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe
876 c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
2256 C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
2212 C:\PROGRA~1\AVG\AVG8\avgnsx.exe
1648 C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe
2372 C:\Program Files\Mozilla Firefox\firefox.exe
2216 C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe

WARNING: Unsupported Windows version! Results may not be accurate!
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMHV2040AH, Rev: 00000096

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!
 
ComboFix 10-11-14.01 - Tom Burrows 11/15/2010 0:12.2.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.95 [GMT -6:00]
Running from: c:\documents and settings\Tom Burrows\Desktop\ComboFix.exe
.
/wow section - STAGE 10


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Tom Burrows\g2mdlhlpx.exe
c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}
c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome.manifest
c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome\content\_cfg.js
c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\chrome\content\overlay.xul
c:\documents and settings\Tom Burrows\Local Settings\Application Data\{8186328A-3B9F-417C-AEBF-888717D18A4D}\install.rdf
c:\winnt\system32\Memman.vxd
c:\winnt\system32\msconfig.exe
c:\winnt\system32\skinboxer43.dll
c:\winnt\Web\default.htt

.
((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-13 05:45 . 2010-11-13 05:45 -------- d--h--w- c:\winnt\PIF
2010-11-02 05:08 . 2008-03-02 08:28 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
2010-11-02 04:22 . 2010-11-02 04:22 388096 ----a-r- c:\documents and settings\Tom Burrows\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-29 15:08 . 2010-10-29 15:08 28472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcdec.dll
2010-10-29 15:08 . 2010-10-29 15:08 239496 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcext.dll
2010-10-29 15:08 . 2010-10-29 15:08 64392 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 15:09 . 2010-10-29 15:09 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 10:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_05.44.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 05:57 . 2010-11-15 05:57 16384 c:\winnt\system32\Perflib_Perfdata_5f4.dat
+ 2010-11-15 05:58 . 2010-11-15 05:58 16384 c:\winnt\system32\Perflib_Perfdata_580.dat
+ 2010-11-15 05:54 . 2010-11-15 05:54 16384 c:\winnt\system32\Perflib_Perfdata_2a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]
"Xsedadikujikapa"="c:\winnt\wmf32408.dll" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"CreateCD50"="c:\program files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [2002-12-17 131157]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-25 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"snpstd3"="c:\winnt\vsnpstd3.exe" [2005-09-05 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Lholidohu"="c:\winnt\ajonazob.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Tom Burrows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-7 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
MA003DMN.LNK - c:\program files\M-Audio Audiophile USB\Dmn\ma003dmn.exe [2007-12-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 13:40 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-02-03 16:59 110592 ----a-w- c:\winnt\system32\LgNotify.dll

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2/1/2009 9:33 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2/1/2009 9:33 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2/1/2009 9:33 PM 108552]
R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [12/17/2002 12:29 PM 363799]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 9:32 PM 297752]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [11/1/2010 11:08 PM 582992]
R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [11/22/2002 1:09 PM 48407]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [4/21/2005 8:58 PM 92550]
R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [10/9/2007 5:45 PM 2369664]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [1/10/2008 10:18 AM 3567]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
.
------- Supplementary Scan -------
.
uLocal Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: mercom.com \veri-scribe
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 00:31
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\System32\LgNotify.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1748)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
c:\winnt\system32\gdiplus.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
Completion time: 2010-11-15 00:36:47
ComboFix-quarantined-files.txt 2010-11-15 06:36
ComboFix2.txt 2010-11-15 05:47

Pre-Run: 16,064,946,176 bytes free
Post-Run: 16,049,274,880 bytes free

- - End Of File - - 8E93A6EFB3053D22230779077705DF8C
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
File::
c:\winnt\wmf32408.dll
c:\winnt\ajonazob.dll


Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xsedadikujikapa"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lholidohu"=-


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
I did as you instructed. However, when ComboFix ran, I was prompted that a newer version was available and do I want to update? I selected yes as prior instructions said always do so. Was I correct to do that?

ComboFix 10-11-14.04 - Tom Burrows 11/15/2010 10:33:28.3.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.116 [GMT -6:00]
Running from: c:\documents and settings\Tom Burrows\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tom Burrows\Desktop\CFScript.txt

FILE ::
"c:\winnt\ajonazob.dll"
"c:\winnt\wmf32408.dll"
.
/wow section - STAGE 10


((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-13 05:45 . 2010-11-13 05:45 -------- d--h--w- c:\winnt\PIF
2010-11-02 05:08 . 2008-03-02 08:28 206608 ----a-w- c:\winnt\system32\drivers\TMPassthru.sys
2010-11-02 04:22 . 2010-11-02 04:22 388096 ----a-r- c:\documents and settings\Tom Burrows\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-29 15:08 . 2010-10-29 15:08 28472 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcdec.dll
2010-10-29 15:08 . 2010-10-29 15:08 239496 ----a-w- c:\program files\Mozilla Firefox\plugins\WebEx\924\atgpcext.dll
2010-10-29 15:08 . 2010-10-29 15:08 64392 ----a-w- c:\program files\Mozilla Firefox\plugins\npatgpc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-29 15:09 . 2010-10-29 15:09 101768 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

------- Sigcheck -------

[-] 2002-11-27 00:03 . 36678803A8030EE9A771935CFC1848BD . 52224 . . [ERROR: 0x0] . . c:\winnt\system32\mspmsnsv.dll

[-] 2004-07-09 10:27 . 3120F6D2AB10CDF242EDE54052A8BE47 . 1689600 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-11-15_05.44.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-15 05:57 . 2010-11-15 05:57 16384 c:\winnt\system32\Perflib_Perfdata_5f4.dat
+ 2010-11-15 05:58 . 2010-11-15 05:58 16384 c:\winnt\system32\Perflib_Perfdata_580.dat
+ 2010-11-15 05:54 . 2010-11-15 05:54 16384 c:\winnt\system32\Perflib_Perfdata_2a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-01-03 294912]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2002-12-18 86016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-05 53248]
"CreateCD50"="c:\program files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" [2002-12-17 131157]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-07-08 2048352]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-08-25 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"snpstd3"="c:\winnt\vsnpstd3.exe" [2005-09-05 339968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"TMRUBottedTray"="c:\program files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2008-11-06 288088]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]

c:\documents and settings\Tom Burrows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2007-11-7 303104]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-12-15 73728]
MA003DMN.LNK - c:\program files\M-Audio Audiophile USB\Dmn\ma003dmn.exe [2007-12-6 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 13:40 11952 ----a-w- c:\winnt\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-02-03 16:59 110592 ----a-w- c:\winnt\system32\LgNotify.dll

R0 AvgRkx86;avgrkx86.sys;c:\winnt\system32\drivers\avgrkx86.sys [2/1/2009 9:33 PM 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\winnt\system32\drivers\avgldx86.sys [2/1/2009 9:33 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\winnt\system32\drivers\avgtdix.sys [2/1/2009 9:33 PM 108552]
R1 cdudf;cdudf;c:\winnt\system32\drivers\cdudf.sys [12/17/2002 12:29 PM 363799]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/1/2009 9:32 PM 297752]
R2 RUBotted;Trend Micro RUBotted Service;c:\program files\Trend Micro\RUBotted\TMRUBotted.exe [11/1/2010 11:08 PM 582992]
R3 MIPMN;Intel Adapter Switching Driver;c:\winnt\system32\drivers\mipmn2k.sys [11/22/2002 1:09 PM 48407]
R3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\winnt\system32\drivers\ozscr.sys [4/21/2005 8:58 PM 92550]
R3 TMPassthruMP;TMPassthruMP;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]
R3 usbhub20;USB Hub Support;c:\winnt\system32\drivers\usbhub20.sys [1/15/2003 10:46 AM 49776]
R3 w70n5;Intel(R) PRO/Wireless 7100 Adapter Driver;c:\winnt\system32\drivers\w70n5.sys [10/9/2007 5:45 PM 2369664]
S3 PortTalk;PortTalk;c:\winnt\system32\drivers\PortTalk.sys [1/10/2008 10:18 AM 3567]
S3 TMPassthru;Trend Micro Passthru Ndis Service;c:\winnt\system32\drivers\TMPassthru.sys [11/1/2010 11:08 PM 206608]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - IPNAT
*NewlyCreated* - RASAUTO
*NewlyCreated* - SHAREDACCESS
.
.
------- Supplementary Scan -------
.
uLocal Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
Trusted Zone: mercom.com \veri-scribe
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\winnt\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\winnt\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 10:53
Windows 5.0.2195 Service Pack 4 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\winnt\system32\Ati2evxx.dll
c:\winnt\System32\LgNotify.dll
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL

- - - - - - - > 'explorer.exe'(1364)
c:\winnt\AppPatch\AcLayers.DLL
c:\winnt\system32\SHDOCVW.DLL
.
Completion time: 2010-11-15 10:58:47
ComboFix-quarantined-files.txt 2010-11-15 16:58
ComboFix2.txt 2010-11-15 06:36
ComboFix3.txt 2010-11-15 05:47

Pre-Run: 16,055,181,312 bytes free
Post-Run: 16,041,242,624 bytes free

- - End Of File - - 9A87B5DE4B799D6144C23D5FFC083446
 
Was I correct to do that?
Absolutely :)

How is computer doing?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL logfile created on: 11/15/2010 9:17:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom Burrows\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.94 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

Computer Name: ICMG-3B7ABE9F5C | User Name: Tom Burrows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
PRC - [2010/07/08 08:42:37 | 002,048,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe
PRC - [2009/08/19 10:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 10:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009/07/30 07:40:47 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe
PRC - [2009/07/30 07:39:26 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgnsx.exe
PRC - [2009/07/30 07:38:01 | 000,832,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgam.exe
PRC - [2009/07/30 07:33:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe
PRC - [2008/11/06 10:33:56 | 000,288,088 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe
PRC - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
PRC - [2007/01/30 12:02:00 | 000,303,104 | ---- | M] (FUJIFILM Corporation) -- C:\Program Files\FinePixViewer\QuickDCF2.exe
PRC - [2005/12/15 10:57:34 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
PRC - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) -- C:\WINNT\system32\bgsvcgen.exe
PRC - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 13:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 13:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\stisvc.exe
PRC - [2003/02/03 10:58:08 | 000,139,264 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\RoamMgr.exe
PRC - [2003/02/03 10:57:16 | 000,315,392 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\ZCfgSvc.exe
PRC - [2003/01/12 16:09:46 | 000,299,075 | ---- | M] (Intel Corporation ) -- C:\WINNT\system32\S24EvMon.exe
PRC - [2003/01/12 16:08:26 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINNT\system32\RegSrvc.exe
PRC - [2003/01/10 13:36:46 | 000,409,600 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Switching\User\RoamSvc.exe
PRC - [2002/12/17 13:14:14 | 000,131,157 | ---- | M] (Roxio) -- C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
PRC - [2002/12/17 12:28:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe


========== Modules (SafeList) ==========

MOD - [2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
MOD - [2003/06/19 13:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 13:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2002/08/09 10:12:56 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/30 07:33:47 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/11/06 10:33:54 | 000,582,992 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe -- (RUBotted)
SRV - [2007/08/09 01:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINNT\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/04/30 17:02:26 | 000,086,016 | ---- | M] (B.H.A Corporation) [Auto | Running] -- C:\WINNT\system32\bgsvcgen.exe -- (bgsvcgen)
SRV - [2004/09/07 09:59:06 | 000,122,128 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 13:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 13:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 13:05:04 | 000,061,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\stisvc.exe -- (StiSvc)
SRV - [2003/06/19 13:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/02/03 10:58:08 | 000,139,264 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\RoamMgr.exe -- (RoamMgr)
SRV - [2003/01/12 16:09:46 | 000,299,075 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINNT\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/01/12 16:08:26 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINNT\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/01/10 13:36:46 | 000,409,600 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Switching\User\RoamSvc.exe -- (IntelRoam)
SRV - [2002/11/26 10:27:12 | 000,139,264 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- C:\DOCUME~1\TOMBUR~1\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2009/07/30 07:40:40 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINNT\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/07/30 07:40:37 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/04/26 08:57:17 | 000,012,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINNT\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/04/26 08:57:01 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINNT\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\TMPassthru.sys -- (TMPassthruMP)
DRV - [2008/03/02 02:28:00 | 000,206,608 | ---- | M] (Trend Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\TMPassthru.sys -- (TMPassthru)
DRV - [2007/12/19 05:43:03 | 000,227,298 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2007/12/19 05:43:03 | 000,143,834 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINNT\System32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2007/12/19 05:43:03 | 000,030,630 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINNT\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2007/12/19 05:43:03 | 000,025,898 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2006/10/04 20:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 20:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINNT\System32\drivers\cdr4_2K.sys -- (Cdr4_2K)
DRV - [2006/01/02 17:05:24 | 008,702,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2005/11/10 18:49:24 | 001,406,464 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/05/03 14:09:28 | 001,033,728 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_DPV.SYS -- (HSF_DPV)
DRV - [2005/05/03 14:08:50 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2005/05/03 14:08:44 | 000,705,408 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/04/21 20:58:38 | 000,092,550 | ---- | M] (O2Micro) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ozscr.sys -- (OZSCR)
DRV - [2004/07/09 02:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/06/19 13:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 13:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 13:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 13:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 13:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 13:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 13:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmload.sys -- (dmload)
DRV - [2003/02/07 03:28:46 | 002,369,664 | R--- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\w70n5.sys -- (w70n5) Intel(R)
DRV - [2003/01/15 10:46:02 | 000,049,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\usbhub20.sys -- (usbhub20)
DRV - [2003/01/12 15:37:40 | 000,010,906 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINNT\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/01/07 16:40:04 | 000,102,225 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\b57w2k.sys -- (b57w2k)
DRV - [2002/12/17 12:29:38 | 000,363,799 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\cdudf.sys -- (cdudf)
DRV - [2002/11/22 13:09:38 | 000,048,407 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\mipmn2k.sys -- (MIPMN)
DRV - [2002/11/11 16:57:16 | 000,193,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\STAC97.sys -- (STAC97) Audio Driver (WDM)
DRV - [2002/10/09 08:20:52 | 000,017,153 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINNT\system32\drivers\omci.sys -- (OMCI)
DRV - [2002/08/09 10:12:42 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2002/08/09 10:08:29 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2002/01/12 18:30:34 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\PortTalk.sys -- (PortTalk)
DRV - [1999/10/12 15:57:12 | 000,068,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [1999/09/28 15:14:04 | 000,019,376 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\sparrow.sys -- (Sparrow)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.msnbc.msn.com/"


FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 14:03:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/06/10 08:33:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/27 23:32:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/29 09:09:22 | 000,000,000 | ---D | M]

[2008/09/23 22:19:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Mozilla\Extensions
[2009/09/16 21:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Mozilla\Firefox\Profiles\7bfanrhw.default\extensions
[2010/11/14 20:56:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/10/29 09:09:00 | 000,101,768 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2010/10/29 09:08:43 | 000,064,392 | ---- | M] (Cisco WebEx LLC) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2009/07/31 13:06:48 | 001,654,784 | ---- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2005/12/05 21:31:00 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2008/06/30 21:02:00 | 000,663,072 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/11/14 23:43:57 | 000,000,027 | ---- | M]) - C:\WINNT\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CreateCD50] C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe (Roxio)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE (FUJI PHOTO FILM CO., LTD.)
O4 - HKLM..\Run: [snpstd3] C:\WINNT\vsnpstd3.exe ()
O4 - HKLM..\Run: [TMRUBottedTray] C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe (Trend Micro Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe (FUJIFILM Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK = C:\Program Files\M-Audio Audiophile USB\Dmn\ma003dmn.exe (Nemesis)
O4 - Startup: C:\Documents and Settings\Tom Burrows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: mercom.com ([veri-scribe] ftp in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {38AB0814-B09B-4378-9940-14A19638C3C2} http://www.auctiva.com/Aurigma/ImageUploader57.cab (Auctiva Image Uploader Control)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\application/octet-stream - No CLSID value found
O18 - Protocol\Filter\application/x-complus - No CLSID value found
O18 - Protocol\Filter\application/x-msdownload - No CLSID value found
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINNT\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\Sebring: DllName - C:\WINNT\System32\LgNotify.dll - C:\WINNT\system32\LgNotify.dll (Intel Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Nwsapagent - File not found

Drivers32: aux - C:\WINNT\System32\mmdrv.dll (Microsoft Corporation)
Drivers32: aux2 - File not found
Drivers32: aux3 - File not found
Drivers32: aux4 - File not found
Drivers32: aux5 - File not found
Drivers32: aux6 - File not found
Drivers32: aux7 - File not found
Drivers32: aux8 - File not found
Drivers32: aux9 - File not found
Drivers32: midi2 - File not found
Drivers32: midi3 - File not found
Drivers32: midi4 - File not found
Drivers32: midi5 - File not found
Drivers32: midi6 - File not found
Drivers32: midi7 - File not found
Drivers32: midi8 - File not found
Drivers32: midi9 - File not found
Drivers32: mixer2 - File not found
Drivers32: mixer3 - File not found
Drivers32: mixer4 - File not found
Drivers32: mixer5 - File not found
Drivers32: mixer6 - File not found
Drivers32: mixer7 - File not found
Drivers32: mixer8 - File not found
Drivers32: mixer9 - File not found
Drivers32: msacm.iac2 - C:\WINNT\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINNT\System32\l3codecx.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINNT\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINNT\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINNT\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINNT\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINNT\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINNT\System32\ir32_32.dll ()
Drivers32: vidc.iv50 - C:\WINNT\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.IYUV - C:\WINNT\System32\iyuv_32.dll (Intel(R) Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: vidc.tscc - C:\WINNT\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.WMV3 - C:\WINNT\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\WINNT\System32\xvidvfw.dll ()
Drivers32: VIDC.YVU9 - C:\WINNT\System32\tsbyuv.dll (Toshiba Corporation)
Drivers32: wave2 - File not found
Drivers32: wave3 - File not found
Drivers32: wave4 - File not found
Drivers32: wave5 - File not found
Drivers32: wave6 - File not found
Drivers32: wave7 - File not found
Drivers32: wave8 - File not found
Drivers32: wave9 - File not found
SystemRestore not available.

========== Files/Folders - Created Within 30 Days ==========

[2010/11/15 18:37:42 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
[2010/11/15 10:52:46 | 000,000,000 | ---D | C] -- C:\WINNT\temp
[2010/11/15 10:30:54 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/11/14 23:24:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINNT\SWXCACLS.exe
[2010/11/14 23:24:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINNT\SWREG.exe
[2010/11/14 23:24:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINNT\SWSC.exe
[2010/11/14 23:24:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINNT\NIRCMD.exe
[2010/11/14 23:24:20 | 000,000,000 | ---D | C] -- C:\WINNT\ERDNT
[2010/11/14 23:23:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/12 23:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Burrows\Desktop\MalAdSpyVirTools
[2010/11/12 23:45:58 | 000,000,000 | -H-D | C] -- C:\WINNT\PIF
[2010/11/01 23:08:44 | 000,206,608 | ---- | C] (Trend Micro Inc.) -- C:\WINNT\System32\drivers\TMPassthru.sys
[2010/10/29 09:09:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tom Burrows\Application Data\webex
[2010/01/24 13:45:05 | 000,131,072 | ---- | C] ( ) -- C:\WINNT\System32\rsnpstd3.dll
[2010/01/24 13:45:05 | 000,053,248 | ---- | C] ( ) -- C:\WINNT\System32\vsnpstd3.dll
[2010/01/24 13:45:04 | 000,061,440 | ---- | C] ( ) -- C:\WINNT\System32\csnpstd3.dll

========== Files - Modified Within 30 Days ==========

[2010/11/15 20:35:40 | 000,000,453 | ---- | M] () -- C:\WINNT\hpbafd.ini
[2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
[2010/11/15 18:11:43 | 067,646,144 | ---- | M] () -- C:\WINNT\System32\drivers\Avg\incavi.avm
[2010/11/15 15:01:10 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\Ageless Mailing label.doc
[2010/11/15 10:28:41 | 003,909,976 | R--- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
[2010/11/14 23:58:04 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_580.dat
[2010/11/14 23:57:48 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_5f4.dat
[2010/11/14 23:56:07 | 000,000,662 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA003DMN.LNK
[2010/11/14 23:54:28 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
[2010/11/14 23:43:57 | 000,000,027 | ---- | M] () -- C:\WINNT\System32\drivers\etc\hosts
[2010/11/14 22:00:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
[2010/11/13 02:58:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINNT\MBR.exe
[2010/11/04 02:04:23 | 000,039,666 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\Gm vs mu.pdf
[2010/11/04 01:47:19 | 000,060,842 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\voa.pdf
[2010/11/03 13:12:57 | 001,404,928 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\2010 Tube Lists.xls
[2010/10/27 23:39:04 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/10/20 11:11:33 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
[2010/10/20 11:08:22 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/10/19 13:30:48 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_4d4.dat

========== Files Created - No Company Name ==========

[2010/11/14 23:58:04 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_580.dat
[2010/11/14 23:57:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5f4.dat
[2010/11/14 23:54:28 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2a4.dat
[2010/11/14 23:24:31 | 000,256,512 | ---- | C] () -- C:\WINNT\PEV.exe
[2010/11/14 23:24:31 | 000,098,816 | ---- | C] () -- C:\WINNT\sed.exe
[2010/11/14 23:24:31 | 000,089,088 | ---- | C] () -- C:\WINNT\MBR.exe
[2010/11/14 23:24:31 | 000,080,412 | ---- | C] () -- C:\WINNT\grep.exe
[2010/11/14 23:24:31 | 000,068,096 | ---- | C] () -- C:\WINNT\zip.exe
[2010/11/14 23:19:20 | 003,909,976 | R--- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
[2010/11/14 22:00:20 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
[2010/11/13 10:01:40 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
[2010/11/04 02:04:22 | 000,039,666 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\Gm vs mu.pdf
[2010/11/04 01:47:16 | 000,060,842 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\voa.pdf
[2010/11/01 22:20:31 | 001,404,928 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\My Documents\2010 Tube Lists.xls
[2010/10/20 11:11:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4e0.dat
[2010/10/20 11:08:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2b4.dat
[2010/10/19 13:30:48 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_4d4.dat
[2010/01/24 13:45:04 | 008,702,080 | ---- | C] () -- C:\WINNT\System32\drivers\snpstd3.sys
[2010/01/24 13:45:04 | 000,015,498 | ---- | C] () -- C:\WINNT\snpstd3.ini
[2010/01/24 13:44:14 | 000,000,831 | ---- | C] () -- C:\WINNT\EZLiveMonitor2.0.ini
[2010/01/24 13:44:12 | 000,012,548 | ---- | C] () -- C:\WINNT\EZMediaBox2.ini
[2010/01/24 13:43:20 | 000,098,304 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2010/01/24 13:43:19 | 000,483,328 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2010/01/24 13:43:19 | 000,000,744 | ---- | C] () -- C:\WINNT\EZVMail3.ini
[2008/10/28 11:12:20 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2008/10/14 04:58:21 | 000,000,073 | ---- | C] () -- C:\WINNT\cdplayer.ini
[2008/10/07 07:51:06 | 000,000,000 | ---- | C] () -- C:\WINNT\Dvm.INI
[2008/05/27 17:16:44 | 000,061,440 | ---- | C] () -- C:\WINNT\System32\NormalizeDSP.dll
[2008/02/08 06:50:06 | 000,129,024 | ---- | C] () -- C:\WINNT\System32\ZipDll.dll
[2008/02/08 06:50:06 | 000,115,712 | ---- | C] () -- C:\WINNT\System32\UnzDll.dll
[2008/02/08 06:50:05 | 000,053,248 | ---- | C] () -- C:\WINNT\System32\UNRAR.DLL
[2008/01/19 03:04:50 | 000,000,453 | ---- | C] () -- C:\WINNT\hpbafd.ini
[2007/12/28 23:46:14 | 000,018,768 | ---- | C] () -- C:\WINNT\System32\drivers\SECDRV.SYS
[2007/12/16 22:35:44 | 000,029,184 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/06 20:14:12 | 000,000,128 | ---- | C] () -- C:\WINNT\ars.INI
[2007/10/15 13:43:48 | 000,000,134 | ---- | C] () -- C:\Documents and Settings\Tom Burrows\Local Settings\Application Data\fusioncache.dat
[2007/10/15 13:33:06 | 000,002,303 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2007/10/15 13:24:51 | 000,077,824 | ---- | C] () -- C:\WINNT\System32\hpzids01.dll
[2007/10/09 22:01:31 | 000,000,701 | ---- | C] () -- C:\WINNT\ODBC.INI
[2007/10/09 16:37:55 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2007/10/09 11:15:01 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2007/03/05 12:34:28 | 000,676,224 | ---- | C] () -- C:\WINNT\System32\OGACheckControl.DLL
[2006/11/05 22:30:38 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\lame_enc.dll
[2006/10/21 11:59:59 | 000,262,144 | ---- | C] () -- C:\WINNT\System32\Manipulate.dll
[2006/09/24 19:53:56 | 000,268,242 | ---- | C] () -- C:\WINNT\System32\erdmpg-parse.dll
[2006/09/24 19:53:44 | 002,518,779 | ---- | C] () -- C:\WINNT\System32\erdmpg-enc.dll
[2006/09/24 19:52:06 | 000,030,693 | ---- | C] () -- C:\WINNT\System32\erdmpg-int.dll
[2005/10/14 21:10:24 | 000,065,536 | ---- | C] () -- C:\WINNT\System32\comLyricGetter.dll
[2004/02/01 13:21:56 | 000,097,280 | ---- | C] () -- C:\WINNT\System32\Uncommon.dll
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINNT\System32\OUTLPERF.INI
[2002/10/24 11:32:00 | 000,003,072 | ---- | C] () -- C:\WINNT\System32\mipmnlog.dll
[2002/08/09 10:18:21 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[2002/08/09 10:14:25 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002/08/09 10:09:09 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2002/08/09 10:08:42 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002/08/09 10:08:35 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2001/07/06 15:30:00 | 000,003,399 | ---- | C] () -- C:\WINNT\System32\hptcpmon.ini
[1999/09/25 04:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 04:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys

========== LOP Check ==========
 
[2008/01/11 13:29:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2009/06/10 08:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2007/12/28 22:54:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cogniview
[2008/10/14 04:58:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/03/13 00:08:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2009/03/08 12:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OfficeRecovery
[2009/03/08 10:03:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2007/11/24 11:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/10/26 23:10:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
[2009/02/01 21:32:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\AVGTOOLBAR
[2009/09/04 07:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\BitTorrent
[2007/12/28 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Cogniview
[2008/01/23 17:42:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FileMaker
[2010/02/07 12:36:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FileZilla
[2008/10/26 22:42:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FinalBurner AudioCD Ripper
[2007/11/07 09:01:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\FUJIFILM
[2007/12/16 23:13:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\gtk-2.0
[2008/06/03 11:12:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\ICAClient
[2009/08/10 16:54:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\IObit
[2008/08/06 14:25:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Kernel for Outlook
[2008/03/13 00:08:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Nova Development
[2008/10/27 17:55:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\OfficeUpdate12
[2010/01/05 21:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\OpenOffice.org
[2008/08/12 00:12:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\Softplicity
[2010/10/29 09:51:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tom Burrows\Application Data\webex

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2003/06/19 13:05:04 | 000,150,528 | RHS- | M] () -- C:\arcldr.exe
[2003/06/19 13:05:04 | 000,163,840 | RHS- | M] () -- C:\arcsetup.exe
[2008/09/01 09:54:42 | 000,000,084 | ---- | M] () -- C:\ASIO_DLL_DEBUG.txt
[2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () -- C:\AUTOEXEC.BAT
[2010/09/26 15:28:44 | 000,000,192 | -HS- | M] () -- C:\boot.ini
[2010/11/15 10:58:48 | 000,009,991 | ---- | M] () -- C:\ComboFix.txt
[2007/10/09 16:38:33 | 000,000,000 | -H-- | M] () -- C:\CONFIG.SYS
[2008/10/07 07:51:06 | 001,707,415 | ---- | M] () -- C:\D0000005.VOC
[2008/10/14 05:37:58 | 000,004,386 | ---- | M] () -- C:\devicetable.log
[2007/10/09 16:38:33 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/03/08 14:53:31 | 000,157,513 | ---- | M] () -- C:\log_fs.log
[2007/10/09 16:38:33 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/08/09 10:13:20 | 000,034,724 | RHS- | M] () -- C:\NTDETECT.COM
[2007/10/09 18:54:28 | 000,214,432 | RHS- | M] () -- C:\ntldr
[2010/11/14 23:54:07 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2008/06/18 10:36:03 | 000,000,028 | ---- | M] () -- C:\PLAYER_SERVICES_DEBUG.txt
[2010/11/12 23:45:18 | 000,000,404 | ---- | M] () -- C:\rkill.log
[2008/11/09 17:06:06 | 000,000,510 | ---- | M] () -- C:\updatedatfix.log
[2008/09/01 09:56:37 | 000,001,258 | ---- | M] () -- C:\vsPlayerClient_DEBUG.txt
[2009/03/08 12:42:28 | 000,015,870 | ---- | M] () -- C:\_00GVF5O.JPG
[2009/03/08 12:42:26 | 000,031,787 | ---- | M] () -- C:\_06VIIEL.JPG
[2009/03/08 12:42:28 | 000,015,547 | ---- | M] () -- C:\_0J1VHK5.JPG
[2009/03/08 12:42:25 | 000,099,758 | ---- | M] () -- C:\_0S24J3H.JPG
[2009/03/08 12:42:15 | 000,170,448 | ---- | M] () -- C:\_0SCQRM1.JPG
[2009/03/08 12:42:32 | 000,045,348 | ---- | M] () -- C:\_19IFFEO.JPG
[2009/03/08 12:42:39 | 000,016,142 | ---- | M] () -- C:\_1OPIDP7.JPG

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2007/10/09 16:38:07 | 000,000,067 | -HS- | M] () -- C:\WINNT\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2005/10/14 21:41:46 | 000,072,192 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\hpzpp43a.dll
[2007/08/21 13:55:54 | 000,028,504 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\lmdippr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\mdippr.dll
[2003/06/19 13:05:04 | 000,006,928 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\spool\prtprocs\w32x86\sfmpsprt.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2007/10/09 16:37:55 | 000,000,271 | -H-- | M] () -- C:\Program Files\desktop.ini
[2007/10/09 16:37:55 | 000,021,952 | -H-- | M] () -- C:\Program Files\folder.htt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/10/09 11:12:05 | 000,081,920 | ---- | M] () -- C:\WINNT\system32\config\default.sav
[2007/10/09 11:12:05 | 000,532,480 | ---- | M] () -- C:\WINNT\system32\config\software.sav
[2007/10/09 11:12:05 | 000,385,024 | ---- | M] () -- C:\WINNT\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2007/10/09 16:50:56 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2008/10/14 05:09:07 | 003,251,879 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\aceburn.exe
[2008/10/14 05:06:24 | 000,587,706 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\all4cwr124.exe
[2007/12/06 20:07:17 | 001,902,600 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\arssetup.exe
[2008/01/11 13:37:11 | 035,378,168 | ---- | M] (Avery ) -- C:\Documents and Settings\Tom Burrows\Desktop\Avery_Wizard_Holiday.exe
[2008/01/29 18:46:05 | 000,452,392 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Tom Burrows\Desktop\COL10862(2).exe
[2008/01/29 18:12:17 | 000,452,392 | ---- | M] (Hewlett-Packard ) -- C:\Documents and Settings\Tom Burrows\Desktop\COL10862.exe
[2010/11/15 10:28:41 | 003,909,976 | R--- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ComboFix.exe
[2008/01/11 13:24:25 | 085,901,040 | ---- | M] (Avery Dennison ) -- C:\Documents and Settings\Tom Burrows\Desktop\DesignPro5_4_Limited.exe
[2009/03/08 10:02:39 | 003,916,984 | ---- | M] (PC Drivers HeadQuarters ) -- C:\Documents and Settings\Tom Burrows\Desktop\DriverDetective.exe
[2009/08/05 09:59:57 | 000,959,592 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\EFRCSetup.exe
[2008/02/08 06:49:14 | 001,876,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\ezip35.exe
[2008/09/25 19:52:37 | 010,088,014 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\fb_free.exe
[2008/10/15 21:58:07 | 028,868,320 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\FileFormatConverters.exe
[2008/09/23 21:40:31 | 007,507,848 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\Desktop\Firefox Setup 3.0.2(2).exe
[2008/09/23 21:27:16 | 007,507,848 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\Desktop\Firefox Setup 3.0.2.exe
[2008/10/14 04:57:01 | 001,892,336 | ---- | M] (MGShareware ) -- C:\Documents and Settings\Tom Burrows\Desktop\freeripmp3.exe
[2009/03/08 12:40:47 | 001,238,688 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\freeundelete.exe
[2008/01/11 11:48:32 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\gc_w01_ENU.exe
[2007/12/16 22:53:46 | 015,180,000 | ---- | M] ( ) -- C:\Documents and Settings\Tom Burrows\Desktop\gimp-2.4.2-i686-setup.exe
[2010/09/26 10:17:58 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\iExplore.exe
[2007/10/10 22:19:19 | 001,164,456 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Tom Burrows\Desktop\install_flash_player.exe
[2009/06/11 21:53:08 | 007,183,768 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\IP5_2Eng.exe
[2008/02/01 11:39:02 | 000,382,352 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\jre-6u3-windows-i586-p-iftw.exe
[2010/11/13 02:58:59 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\k4b7hlm4.exe
[2008/04/13 22:11:29 | 017,779,321 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\lilypond-2.10.33-1.mingw.exe
[2008/09/03 23:20:10 | 085,182,928 | ---- | M] (Wolfram Research ) -- C:\Documents and Settings\Tom Burrows\Desktop\MathematicaPlayer.EXE
[2010/11/14 22:00:15 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\MBRCheck.exe
[2008/04/07 21:36:57 | 005,556,616 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\MDAC_TYP.EXE
[2009/03/21 00:42:57 | 000,438,592 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\msgr9us.exe
[2007/12/06 20:04:00 | 001,182,843 | ---- | M] (Marshall Electronics, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\MXLUSBRecorderSetup.exe
[2008/04/07 20:27:36 | 047,400,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\NetFx64.exe
[2008/10/09 17:56:47 | 000,473,120 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\OGAPluginInstall.exe
[2010/11/15 18:37:40 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tom Burrows\Desktop\OTL.exe
[2007/12/28 22:52:55 | 028,644,998 | ---- | M] (Cogniview ) -- C:\Documents and Settings\Tom Burrows\Desktop\PDF2XL_OCR-_Convert_PDF_to_Excel_56301.exe
[2008/10/09 17:59:20 | 000,163,712 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\pfbackup.exe
[2007/12/16 22:32:47 | 006,219,320 | ---- | M] (Google Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\picasaweb-current-setup.exe
[2007/10/21 22:20:56 | 020,256,064 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\Tom Burrows\Desktop\QuickTimeInstaller.exe
[2008/08/06 13:15:18 | 002,279,687 | ---- | M] (Nucleus Data Recovery .com ) -- C:\Documents and Settings\Tom Burrows\Desktop\Repair-PST-Setup.exe
[2008/02/01 11:58:32 | 006,909,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\setup(2).exe
[2008/07/17 10:25:41 | 007,260,192 | ---- | M] (United States Postal Service ) -- C:\Documents and Settings\Tom Burrows\Desktop\setup(3).exe
[2008/02/01 11:31:10 | 006,909,784 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\setup.exe
[2008/10/18 11:39:27 | 027,462,344 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\setupeng.exe
[2008/01/23 17:33:16 | 005,253,694 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SETUPEX.EXE
[2008/04/07 22:01:50 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SetupWebTable(2).exe
[2008/04/07 22:00:03 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\SetupWebTable.exe
[2008/10/26 23:01:05 | 020,234,544 | ---- | M] (Mystik Media ) -- C:\Documents and Settings\Tom Burrows\Desktop\setup_blazemp.exe
[2008/08/26 15:16:00 | 005,253,694 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\spp.exe
[2008/03/06 21:25:29 | 000,872,104 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\Support-LogMeInRescue(2).exe
[2007/10/17 09:44:18 | 000,825,512 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\Support-LogMeInRescue.exe
[2008/03/25 23:32:55 | 004,497,552 | ---- | M] (Helmsman, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\TotalHTMLConverter.exe
[2008/08/12 00:12:37 | 006,458,016 | ---- | M] (Helmsman, Inc. ) -- C:\Documents and Settings\Tom Burrows\Desktop\TotalImageConverter.exe
[2008/01/18 10:59:40 | 143,298,856 | ---- | M] (Acronis) -- C:\Documents and Settings\Tom Burrows\Desktop\TrueImage11_s_en.exe
[2007/10/19 21:32:59 | 000,188,406 | ---- | M] (Roxio) -- C:\Documents and Settings\Tom Burrows\Desktop\updatecdr4_53_71.exe
[2008/04/07 21:35:55 | 000,895,016 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\Desktop\WGAPluginInstall.exe
[2007/11/24 11:34:07 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\winzip111(2).exe
[2007/11/24 11:34:05 | 009,479,520 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\winzip111.exe
[2009/02/05 20:02:13 | 001,206,366 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Desktop\wrar371.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2004/02/27 17:36:18 | 000,013,023 | ---- | M] () -- C:\WINNT\snpstd3.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2007/10/09 21:45:52 | 019,755,376 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\aaw2007.exe
[2007/10/19 21:17:37 | 054,486,288 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\avg75f_488a1157.exe
[2009/02/01 17:58:20 | 077,680,744 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Tom Burrows\My Documents\avg_ipw_stf_all_8_233a1415.exe
[2007/10/10 22:05:07 | 006,016,952 | ---- | M] (Mozilla) -- C:\Documents and Settings\Tom Burrows\My Documents\Firefox Setup 2.0.0.7.exe
[2008/01/19 02:43:32 | 017,792,232 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\HPUPD41PCL532.exe
[2008/06/03 11:11:12 | 002,307,104 | ---- | M] (Citrix Systems, Inc.) -- C:\Documents and Settings\Tom Burrows\My Documents\ica32t.exe
[2007/10/09 17:58:00 | 000,491,768 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\ie6setup.exe
[2008/01/03 14:14:06 | 032,600,454 | ---- | M] (Macrovision Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\IM3_HDDcam.exe
[2008/01/19 03:02:15 | 004,960,412 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\lj1038en.exe
[2008/04/07 20:28:41 | 047,400,128 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Tom Burrows\My Documents\NetFx64.exe
[2008/04/07 22:02:44 | 001,534,464 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\My Documents\SetupWebTable.exe
[2007/10/15 11:13:02 | 082,603,072 | ---- | M] (Intuit Inc.) -- C:\Documents and Settings\Tom Burrows\My Documents\w_turbotax_1040_hab_2006_09.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/08/09 10:08:42 | 000,000,777 | ---- | M] () -- C:\WINNT\addins\faxext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >
[2002/08/09 10:08:52 | 000,000,654 | ---- | M] () -- C:\WINNT\Config\general.idf
[2002/08/09 10:09:03 | 000,000,658 | ---- | M] () -- C:\WINNT\Config\hindered.idf
[2002/08/09 10:11:47 | 000,000,302 | ---- | M] () -- C:\WINNT\Config\msadlib.idf

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2007/10/09 16:50:56 | 000,000,083 | -HS- | M] () -- C:\Documents and Settings\Tom Burrows\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2007/10/09 18:57:55 | 000,002,362 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/15 21:32:57 | 000,065,536 | ---- | M] () -- C:\Documents and Settings\Tom Burrows\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2002/12/11 14:08:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINNT\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2010/11/01 23:09:19 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\诐
[2010/11/01 23:09:19 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\诐

========== Alternate Data Streams ==========

@Alternate Data Stream - 8368 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7932 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7772 bytes -> C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 7224 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6764 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 6460 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5968 bytes -> C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5904 bytes -> C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5832 bytes -> C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5740 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5532 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5508 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 5360 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4888 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3864 bytes -> C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 3840 bytes -> C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2980 bytes -> C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 2384 bytes -> C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 18700 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 18636 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 1256 bytes -> C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 11808 bytes -> C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc

< End of report >
 
OTL Extras logfile created on: 11/15/2010 9:17:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Tom Burrows\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 162.00 Mb Available Physical Memory | 32.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 14.94 Gb Free Space | 40.09% Space Free | Partition Type: NTFS

Computer Name: ICMG-3B7ABE9F5C | User Name: Tom Burrows | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJIFILM Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00212357-3B02-4C78-BCCB-45F635DABAC3}" = Microsoft Office Live Meeting 2005
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{105CFC7C-6992-11D5-BD9D-000102C10FD8}" = LizardTech DjVu Control
"{12650598-D7B9-4FB5-91B2-2CAA641AC589}" = Trend Micro RUBotted
"{15C77FC3-8137-4A5E-8F81-F559045DD6B0}" = Shipping Assistant 3.4
"{193DD0DC-004A-4545-A301-E4A7335C8E41}" = 2400
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.3.0.135
"{1CB34CE9-0E6B-493F-BB66-3425E5DF76E5}" = CP_CalendarTemplates1
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.3
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{2A548002-9042-4083-A270-B67473DE1073}" = SkinsHP1
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{2E7595EC-4FB1-4E29-93D4-9083C8A9B107}" = TurboTax ItsDeductible 2005
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3c2754c6-efa1-4069-9191-1b0b4d2b45d5}" = BestOn Software
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3CF99DC3-38FD-46E6-A6B4-9C70074E020C}" = DocumentViewer
"{3FE0CFAB-584A-4AA5-B8CD-C32284CFA308}" = RandMap
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{4462265B-3DC7-44AD-B56D-D09BA67BA422}" = 6300
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{494D17B5-3369-4905-8C4B-80C972C5E0FF}" = CP_Panorama1Config
"{4BE1E10B-4580-41BE-899F-60B5DC1DB2EA}" = Cogniview PDF2XL OCR Evaluation
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.091
"{515ECD73-3CD2-4BE4-9C06-02A985D9F962}" = Veri-Scribe II
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{54F0998F-73C8-4b51-8286-FE903C231BED}" = cp_PosterPrintConfig
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{5BC304B7-84B4-43B3-8A62-EB9BC2051544}" = Photo Explosion SE
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{64635543-70E7-436D-8D6D-4A721595029E}" = Microsoft IntelliPoint 5.2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72E67064-A144-42A6-BC85-12276B2D5D42}" = 2400_2500Help
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{766633B3-1AFA-44B6-A3FC-1DE991CD9C52}" = CP_Package_Basic1
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{79F8E1D4-36C1-439C-95FA-F695050B5B07}" = Sonic_PrimoSDK
"{7C03270C-4FAB-4F5C-B10D-52FEDA190790}" = DocumentViewerQFolder
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{7F373956-6960-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{80EFBB50-5B6C-4A9D-AFBC-C7664AFF252F}" = Digital Voice Recorder
"{8552A53D-5226-462B-8E7C-B3174C04E7BD}" = Intel(R) PROSet
"{869C3062-4745-4949-B6C9-98AF24D89030}" = PhotoGallery
"{8B957F8D-FBDE-4DB4-99E7-192487575050}" = 23_24_2500Tour
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9AD84892-7664-479C-8F95-7A25B964B04D}" = 2400_2500trb
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9D4ABB0C-F60B-44A6-956C-A4A63D5495C9}" = CueTour
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.3
"{AFF1EA96-9C23-4249-B7D4-CD4B54D4582F}" = TurboTax ItsDeductible 2006
"{B093990A-AAF2-44AC-9216-14BB7A2189B6}" = ImageMixer VCD2 LE for FinePix
"{B11E71BA-498C-42D4-9F1A-9D7A89D9DA61}" = CP_AtenaShokunin1Config
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B7147127-69CC-4A5A-9ED3-92859E87B9DE}" = Veri-Scribe II Public Player
"{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player
"{BB7DEA41-298E-450B-9C3A-E7B48D9D021B}" = 6300_Help
"{BBD3BF67-5B89-4CBB-BA58-5818ED5F3290}" = cp_OnlineProjectsConfig
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = B57Inst
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook Personal Folders Backup
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C8C8387B-A98B-44E8-807A-1A9B7F51FFDA}" = Blaze Media Pro
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B5}" = WinZip 11.1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{DA1CD94B-826A-4bba-AC46-EF352F47BC81}" = InstantShareDevices
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E2EA5233-8AC4-4A59-A521-FBD1A0778A06}" = XML Converter Standard Edition
"{E3B3AB03-8ABC-46CF-8CA9-DB5581E1F368}" = FinePix Studio
"{E5A1DE9A-A21C-43A1-B06D-5146BAF62033}" = PanoStandAlone
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F2AB49F2-D632-446C-9A6E-5B4A98DFF13B}" = 6300Trb
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F999C60C-0DB8-4563-A54B-ABB97560CF65}" = Ezonics VGA camera
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Ace CD Burner" = Ace CD Burner
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All4 CD Wav Ripple_is1" = All4 CD Wav Ripple 1.2.4
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Audio Recording Studio_is1" = Audio Recording Studio v3.0
"AVG8Uninstall" = AVG 8.5
"Blaze Media Pro" = Blaze Media Pro
"Citrix ICA Web Client" = Citrix ICA Web Client
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"EasyZip" = EasyZip
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"FileZilla Client" = FileZilla Client 3.3.1
"FreeUndelete" = FreeUndelete
"HijackThis" = HijackThis 2.0.2
"HP Document Viewer" = HP Document Viewer 6.1
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP Photo & Imaging" = HP Photosmart Premier Software 6.1
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"InstallShield_{4BE1E10B-4580-41BE-899F-60B5DC1DB2EA}" = Cogniview PDF2XL OCR Evaluation
"InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}" = DesignPro 5.4 Limited Edition
"InstallShield_{BB0EB7D5-D1C7-41D1-B974-32F6596A7164}" = Mathematica Player
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Driver Installer
"InstallShield_{D3C97899-3890-43DB-AA0C-D91A84FA7787}" = Avery Wizard 3.1
"Kernel for Outlook Evaluation ver 7.05.01_is1" = Kernel for Outlook Evaluation ver 7.05.01
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Picasa2" = Picasa 2
"Q828026" = Windows Media Player Hotfix [See Q828026 for more information]
"QuickTime" = QuickTime
"Smart Defrag_is1" = Smart Defrag 1.20
"ST6UNST #1" = WebTable 1.9.47
"Total HTML Converter_is1" = HTMLConverter
"Total Image Converter_is1" = TotalImageConverter
"TurboTax Deluxe 2003" = TurboTax Deluxe 2003
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Home & Business 2006" = TurboTax Home & Business 2006
"TurboTax Home & Business 2007" = TurboTax Home & Business 2007
"TurboTax Premier 2005" = TurboTax Premier 2005
"Update Rollup 1" = Update Rollup 1 for Windows 2000 SP4
"USBAudiophile" = Audiophile USB 1.5.4.15
"Windows 2000 Service Pack" = Windows 2000 Service Pack 4
"WinGimp-2.0_is1" = GIMP 2.4.2
"WinRAR archiver" = WinRAR archiver
"WMP7" = Windows Media Player system update (9 Series)
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"GoToMeeting" = GoToMeeting/GoToWebinar 3.0.0.198

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2010 7:18:28 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Microsoft Office 11 | ID = 1000
Description = Faulting application outlook.exe, version 11.0.8217.0, stamp 480f95d9,
faulting module pstprx32.dll, version 11.0.8200.0, stamp 472f9439, debug? 0, fault
address 0x00024022.

Error - 11/13/2010 3:26:45 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 11/13/2010 3:34:02 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 1010
Description = The Collect Procedure for the "PerfDisk" service in DLL "C:\WINNT\system32\perfdisk.dll"
generated an exception or returned an invalid status. Performance data returned
by counter DLL will be not be returned in Perf Data Block. Exception or status
code returned is data DWORD 0.

Error - 11/15/2010 8:55:06 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Perflib | ID = 1015
Description = The timeout waiting for the performance data collection function "PerfDisk"
in
the "C:\WINNT\system32\perfdisk.dll" Library to finish has expired. There may be
a problem with this extensible counter or the service it is collecting data from
or the system may have been very busy when this call was attempted.

[ System Events ]
Error - 11/14/2010 2:40:28 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
No action.

Error - 11/14/2010 2:40:29 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The AVG8 WatchDog service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: Restart
the service.

Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The RegSrvc service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 0 milliseconds: No action.

Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The RoamMgr service terminated unexpectedly. It has done this 1 time(s).
The following corrective action will be taken in 0 milliseconds: No action.

Error - 11/14/2010 2:40:30 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Remote Registry Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 1000 milliseconds:
Restart the service.

Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Trend Micro RUBotted Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 0
milliseconds: No action.

Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Still Image Service service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
No action.

Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Task Scheduler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 0 milliseconds: No
action.

Error - 11/14/2010 2:40:31 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Windows Management Instrumentation service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 11/14/2010 2:40:32 PM | Computer Name = ICMG-3B7ABE9F5C | Source = Service Control Manager | ID = 7031
Description = The Adapter Switching service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
No action.


< End of report >
 
How is computer doing?

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - Reg Error: Value error. File not found
    O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
    O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
    O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
    @Alternate Data Stream - 8368 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7932 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7772 bytes -> C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 7224 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 6764 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 6460 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5968 bytes -> C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5904 bytes -> C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5832 bytes -> C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5740 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5532 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5508 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 5360 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 4888 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 3864 bytes -> C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 3840 bytes -> C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 2980 bytes -> C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 2384 bytes -> C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 18700 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 18636 bytes -> C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 1256 bytes -> C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc
    @Alternate Data Stream - 11808 bytes -> C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=======================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Okay, right now I cannot seem to get Java to run anymore. When I run the diagnostic to determine version, it won't run correctly. If I try and open the Jave control panel I get an error message. If I try to manually download and install Java, nothing changes.

Ideas?
 
Okay, I have run JavaRa to remove old versions, rerun OTL, run Security Check, TFC and ESET. Logs for OTL, Security Check and ESET below. Redirection is no longer a problem, however Java is still not running correctly.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINNT\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
ADS C:\Documents and Settings\Tom Burrows\My Documents\CryoValve.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\AES Bid List - December 2007 - January 2008 (2).pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\_0SCQRM1.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\12B4.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\BCR10Monsters06.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\vacuum tube characteristic equations.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\_0S24J3H.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\_19IFFEO.JPG:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\Soap Bubbles.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\vacutrace.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\OTL-7242.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\rskass08.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\FDA_Form.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\jumper.pdf:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\Prairie Wind.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\Santa Fe Stucco.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\System32\setup.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\winnt256.bmp:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI2.dll.htm:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Tom Burrows\My Documents\eBayISAPI.dll.htm:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\WINNT\System32\ntimage.gif:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\All Users\Desktop\Introduction of Picture The Future.lnk:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom Burrows
->Temp folder emptied: 18938242 bytes
->Temporary Internet Files folder emptied: 318405 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 103439703 bytes
->Flash cache emptied: 16114 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 117.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Tom Burrows
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11202010_005928

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.5
Windows 2000 Service Pack 4
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

AVG 8.5
Trend Micro RUBotted
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
HijackThis 2.0.2
Eusing Free Registry Cleaner
Java(TM) 6 Update 22
Java(TM) 6 Update 16
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 8.2.3
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
Trend Micro RUBotted TMRUBotted.exe
Trend Micro RUBotted TMRUBottedTray.exe
````````````````````````````````
DNS Vulnerability Check:

nslookup.exe missing!
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

C:\Documents and Settings\Tom Burrows\Desktop\freeripmp3.exe Win32/Adware.ADON application deleted - quarantined
 
however Java is still not running correctly
Please explain.

I still can see Java(TM) 6 Update 16. Uninstall it manually.

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
Ok, by manually uninstalling and reinstalling I now have Java working correctly. That said, I cannot uninstall the Java Update 16 - I get error messages when I try. Is it necessary? Everything else seems to be working now.
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.
 
All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Tom Burrows
->Temp folder emptied: 10344246 bytes
->Temporary Internet Files folder emptied: 221875 bytes
->Java cache emptied: 1853 bytes
->FireFox cache emptied: 51395393 bytes
->Flash cache emptied: 1604 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: shell32.dll unable to determine bytes removed.

Total Files Cleaned = 59.00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Tom Burrows
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.3 log created on 11202010_215508

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
 
Status
Not open for further replies.
Back