Jump to content

amselby81

Members
  • Posts

    18
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I wonder why the guy from avast would say that... My husband is really upset and is thinking about dropping avast for something else. He and I both have a hard time believing that we've been infected with lots of viruses since 2012. Daledoc, I will follow your advice. Thank you!
  2. I'm posting from my phone, so please forgive me if I'm posting this question where I shouldn't. We have been using Malware Bytes for a few years now, and I believe we even paid for something. I'm not sure if it was pro, or what. I think it was just a one time purchase. Malware bytes and the people on this forum saved my computer back in 2011, when mcafee failed it. So we dropped mcafee and started using malware bytes. Then shortly after that, we downloaded avast. Everything has seemed great! We paid for a subscription with avast back in august. No problems. Then today, we couldn't use avast to run a scan. My husband called avast and they said that our computer was full of viruses, an has been since 2012. He said that using malware with avast voids avast, and causes avast to not work properly. He said that in order to fix it, we would need to pay $120. We didn't pay it because we wanted to do some research first. This is what happened with mcafee. Viruses would get into our computer, and then we had to pay $100 in order to fix it. We paid that once, then ran into problems 6 months later and it just felt like a scam that we needed to keep dishing out money to fix our computer because the antivirus software failed to prevent viruses. That is when we found malware bytes! but is it true that our computer could be heavily infected an both malware bytes and avast haven't picked these viruses up because we had both programs? Does running malware bytes void avast? Do we need to pay the money to get avast fixed? Thank you!
  3. Sorry. Haven't done that yet. To be honest, I completely forgot b/c our computer has been running so well. I'll get it done tomorrow. Thank you!
  4. Oh, you are sooooo my computer hero! Things seem to be cleared up. I did a google search and it worked. My computer is also running at regular speed. Please let me know what I need to do next. Also, do you know where the name of the thing that caused these problems? It seems to be going around, since so many people in these forums are having similar issues. Do you know where it came from and how I got it? And how to avoid it? My husband and I appreciate your help soooo much!
  5. I think this was the fastest process that I've done for this issue. Haven't checked to see if things are running faster or if I'm still being redirected, but here's the log. Thank you. ========================================================= ComboFix 10-01-04.01 - Owner 01/05/2010 20:28:02.1.1 - x86 Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Shared c:\windows\Downloaded Program Files\CpNMgr.dll c:\windows\system32\cookie1.dat c:\windows\system32\ps2.bat c:\windows\system32\tb.dr c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\viassary-hp.reg D:\Autorun.inf Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected Restored copy from - Kitty ate it c:\windows\system32\proquota.exe was missing Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe . ((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 ))))))))))))))))))))))))))))))) . 2009-12-28 16:13 . 2009-12-28 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-12-28 16:11 . 2009-12-28 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-12-22 23:57 . 2009-12-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768] "AOL Fast Start"="c:\progra~1\AOL9~1.0\AOL.EXE" [2006-11-10 50736] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664] "HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-05-12 151597] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-01-17 229376] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-12 98304] "HostManager"="c:\program files\Common Files\AOL\1176667549\ee\AOLSoftware.exe" [2006-09-26 50736] "mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240] "Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] c:\documents and settings\Owner\Start Menu\Programs\Startup\ IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-5-12 57344] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-20 66864] Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\AOL\\RC\\regclient.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"= S2 mrtRate;mrtRate; [x] S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/22/2009 8:02 PM 18560] S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\Owner\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\iMSPQMn.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-12-15 c:\windows\Tasks\McDefragTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 16:22] 2010-01-01 c:\windows\Tasks\McQcTask.job - c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 16:22] 2010-01-05 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-13 17:24] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uStart Page = hxxp://www.comcast.net/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe HKLM-Run-VTTimer - VTTimer.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-01-05 20:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4460) c:\windows\system32\WININET.dll c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\System32\gearsec.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\progra~1\McAfee\MSC\mcmscsvc.exe c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\progra~1\McAfee\VIRUSS~1\mcshield.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\mcafee.com\agent\mcagent.exe c:\program files\McAfee\MPF\MPFSrv.exe c:\windows\system32\HPZipm12.exe c:\windows\wanmpsvc.exe c:\windows\AGRSMMSG.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe c:\program files\Common Files\AOL\ACS\AOLacsd.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe . ************************************************************************** . Completion time: 2010-01-05 21:26:10 - machine was rebooted ComboFix-quarantined-files.txt 2010-01-06 02:25 Pre-Run: 13,721,337,856 bytes free Post-Run: 13,770,100,736 bytes free - - End Of File - - 165C5106EE8F83A43918BA2C35406982
  6. Alright. Don't know why I had so much trouble remembering the name. It's pretty obvious. Just happened again and it's called thewebsitesurvey.com .
  7. I wanted to add some more information. In addition to the search engine redirects, something else that keeps happening is that another internet explorer window opens, and there's a "survey" that it wants me to take. We x out of it, but it pops up every once in awhile. I'm sorry I can't remember what the "survey" is called, but it will say something along the lines of, "Thank you for visiting (insert any web address), please take our survey for a chance to win a prize." It has said thanks for visiting msn.com, comcast.net, malwarebytes.org, and a few other websites, but it's always the website that I'm visiting whenever it pops open. Always the same plain white screen and same look, it just changes whatever website that it's "thanking" me for visiting. I hope that makes sense. I wish i could be more specific. If this is something that you're not familiar with, I'll write down what this website is called or who the supposed sponsor is, so I can tell you what it's called. Thank you, Angie
  8. Thank you. I did all the stuff for java script and adobe and the old versions are gone and I now have the updated versions. I updated to the newest malwarebytes anti malware, the one that is dated for Dec. 30th. I'll post the log from that, below. I went to run kaspersky and I messed it up. I got a pop up saying that I needed to add an add on for Java Script. I was a little paranoid about it b/c I had just downloaded the latest version, and so I cancelled it. Big mistake b/c now I can't run Kaspersky. I've tried to do the process all over again, in hopes that I get the offer for downloading the add on, but now I get a little icon at the bottom of my screen that says that add ons are disabled. I clicked on the icon and it took me to manage addons, and I have no idea what to do there. When I try to accept kaspersky, it tells me, "Launch of the Java application is interrupted! Please establish an uninterrupted internet connection for work with this program." If you can tell me how to enable that java add on, that'd be great. Oh, btw, I keept forgetting to tell you that I've got the google redirect thing that other people have been posting about on these forums. I google search something, and I get the results and I click on something and it redirects me to something totally different. Just thought I'd tell you, since that may help you in further diagnosing my computer. I really really appreciate all of your help. Alright, so on to what I could do. Here is the latest MWBAM log: =============================================== Malwarebytes' Anti-Malware 1.43 Database version: 3474 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.11 1/2/2010 9:10:30 PM mbam-log-2010-01-02 (21-10-30).txt Scan type: Quick Scan Objects scanned: 114863 Time elapsed: 1 hour(s), 37 minute(s), 41 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\jgaw400.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
  9. Thank you, again. I went ahead and ran the fix with otc, with no problems. I then removed the viewpoint manager and media player like you said, by going to start and then run, etc. I have not removed javascript or adobe yet, b/c I'm not sure whether it is safe, because you say beware if you have 9x or ME, and neither me or my husband knows what the means. We just want to make sure, but we have Windows XP. I want to ask a couple questions. First off, we keep getting something that pops up called "Just in Time Debugger." and it wants us to use something that says it's a new instance of Microsoft Script Editor. We don't think it's legit, b/c it keeps popping up even after we close it. It'll usually pop back up 3 or 4 times in a row, after closing it. We don't click yes or no, we right click the tab that it makes at the bottom, and click close. We figured that it's safe to close it that way, since we don't actually click on the box. Is this thing legit or a virus/malware/foistware? My 2nd question, well is kind of statement, but our computer is still so slow. Is our computer still not clean? We also haven't updated our internet explorer to IE 9. Could that also be a reason for our computer to be so slow? Is it just age? I swear our computer wasn't nearly this slow until we had the virus/malware issues almost 2 weeks ago. Okay, so no more questions. Here is the log that I got when I ran the fix with OTC: ============================================================= All processes killed ========== OTL ========== No active process named ViewMgr.exe was found! No active process named ViewpointService.exe was found! Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found. ========== SERVICES/DRIVERS ========== Service Viewpoint Manager Service stopped successfully! Service Viewpoint Manager Service deleted successfully! ========== FILES ========== C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Manager folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMPVideo_Win folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMgr_Win folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully. C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Program Files\Viewpoint\Common folder moved successfully. C:\Program Files\Viewpoint folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully. C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully. C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 65716 bytes ->Temporary Internet Files folder emptied: 33299 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Owner ->Temp folder emptied: 105111418 bytes ->Temporary Internet Files folder emptied: 11823926 bytes ->Java cache emptied: 2412934 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 39097 bytes %systemroot%\System32 .tmp files removed: 2577 bytes Windows Temp folder emptied: 350942982 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23945528 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2997404 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 474.00 mb OTL by OldTimer - Version 3.1.20.1 log created on 01012010_104430 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\YHIPG9UP.SH!\EntGam_Brd&Puz-EA;MN=93210766;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1 5;sg2=10;pmi=2;ten=570;clv=4148;aol=1;r33=1;r38=1;r119=1;!c=d-dxp;!c=d-pxp;sz[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E 1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90 ; tile=1;dcove=d;o[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA 250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72 8 x90;tile=1;dcove[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA 250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72 8 x90;tile=1;dcove[2] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\IPBN4TRG.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E 1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90 ; tile=1;dcove=d;o[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\EntGam_Brd&Puz-EA;MN=93186322;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1 5;sg2=10;pmi=2;ten=569;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90;tile=1;dco[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\EntGam_Brd&Puz-EA;MN=93186323;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1 5;sg2=10;pmi=2;ten=569;clv=4148;aol=1;r33=1;r38=1;r119=1;!c=d-dxp;!c=d-pxp;sz[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E 1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=567;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90 ; tile=1;dcove=d;o[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA 250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72 8 x90;tile=1;dcove[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\AED7KPQ3.SH!\News_USNews;MN=93179288;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E 1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=160x60 0 ;tile=2;dcove=d;[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\AED7KPQ3.SH!\News_USNews;MN=93179288;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E 1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=567;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=160x60 0 ;tile=2;dcove=d;[1] not found! File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\21ARCLE9.SH!\EntGam_Cas-EA;MN=93210763;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1 5;sg2=10;pmi=2;ten=570;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=500x350;tile=1;dcove = [1] not found! C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll moved successfully. File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found! C:\WINDOWS\temp\mcmsc_QfuQm9evTAW7ewI moved successfully. C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWFZZ1T\meebo[1].htm moved successfully. C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWFZZ1T\meebo_cim_v84_cim_8_5[1].js moved successfully. File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3DOW20JS\cafemom_com[1].htm not found! Registry entries deleted on Reboot...
  10. Hi. Sorry for taking so long to respond. I've tried to do the things that you told me to do, but I've had some problems. I didn't have problems doing the OTC, and I can post the logs for that. However, I had problems doing the gmer. I managed to unzip it and save it to my desktop, but when I double clicked on gmer.exe, it did not start to run or do a scan. The window just popped up. Nothing else came up saying anything about rootkits or files with rookits, etc. So I went ahead and started a scan. It kept scanning and scanning and 5 hrs later it was still scanning. I walked away from my computer and came back and it was gone. It appeared that my computer restarted. No logs popped up. That's just really frustrating that I waited that long and I didn't get anything from it. Now, when I open it, it shows some files. I don't know if that's something that I'm supposed to save or what, but there are fewer files listed then there were when it was still doing the scan. Thank you for your help. I'm not sure if this is going to do us any good, but here is the otl.txt: ============================================================ OTL logfile created on: 12/30/2009 11:02:00 PM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 247.00 Mb Total Physical Memory | 52.00 Mb Available Physical Memory | 21.00% Memory free 671.00 Mb Paging File | 218.00 Mb Available in Paging File | 33.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30.93 Gb Total Space | 12.89 Gb Free Space | 41.67% Space Free | Partition Type: NTFS Drive D: | 6.32 Gb Total Space | 2.26 Gb Free Space | 35.73% Space Free | Partition Type: FAT32 Drive E: | 2.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JASON1980 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe PRC - [2009/07/08 19:22:24 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe PRC - [2009/04/20 17:22:04 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/02/13 12:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2008/02/13 12:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2008/02/13 12:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2008/01/25 13:32:56 | 00,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe PRC - [2008/01/25 13:32:48 | 00,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe PRC - [2006/09/25 19:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1176667549\ee\aolsoftware.exe PRC - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe PRC - [2005/11/04 14:04:48 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe PRC - [2004/08/20 15:55:14 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe PRC - [2004/05/12 06:26:09 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe PRC - [2004/01/16 21:16:18 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2004/01/16 21:16:06 | 00,417,792 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2004/01/09 03:34:10 | 00,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe PRC - [2003/12/22 17:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/11/03 21:47:08 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe PRC - [2003/08/21 05:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe ========== Modules (SafeList) ========== MOD - [2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe MOD - [2008/02/05 17:20:30 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll ========== Win32 Services (SafeList) ========== SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service) SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService) SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield) SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon) SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc) SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy) SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc) SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2008/02/05 17:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service) SRV - [2006/11/09 18:35:43 | 00,083,504 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS) SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS) SRV - [2004/01/16 21:16:06 | 00,417,792 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService) SRV - [2003/11/03 21:47:08 | 00,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity) SRV - [2003/08/27 10:27:44 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW) SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555 O1 HOSTS File: (735 bytes) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems) O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176667549\ee\aolsoftware.exe (America Online, Inc.) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard) O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard) O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.) O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company) O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.) O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe () O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [updateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions) O4 - HKLM..\Run: [VTTimer] File not found O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.) O4 - HKCU..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company) O4 - HKCU..\Run: [DelayShred] c:\Program Files\McAfee\MSHR\ShrCL.exe () O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.) O4 - HKLM..\RunOnceEx: [] File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1 O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03) O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/05/12 01:25:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/06/04 17:47:04 | 00,000,000 | ---D | M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (15766103389110272) ========== Files/Folders - Created Within 14 Days ========== [2009/12/30 22:59:12 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/12/28 11:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes [2009/12/28 11:12:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/12/28 11:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2009/12/28 11:11:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/12/28 11:11:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/22 20:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX [2009/12/22 20:02:52 | 00,018,560 | ---- | C] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys [2009/12/22 19:52:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP [2009/12/22 19:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2009/12/22 18:57:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog [2009/12/22 18:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog [2009/12/21 16:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\syuclo [2009/01/03 12:15:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2008/07/25 15:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee [2007/12/02 07:48:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2006/10/10 04:52:45 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2006/04/27 09:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec [2006/04/21 21:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2005/11/13 13:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia [2004/05/12 01:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe [2009/12/30 22:05:38 | 06,201,344 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb [2009/12/30 22:05:24 | 04,469,760 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb [2009/12/30 22:02:35 | 00,010,987 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF [2009/12/30 21:48:54 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT [2009/12/30 21:48:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2009/12/30 21:48:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2009/12/30 21:48:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2009/12/30 21:48:09 | 25,957,5808 | -HS- | M] () -- C:\hiberfil.sys [2009/12/30 21:48:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs [2009/12/30 21:47:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad [2009/12/29 20:02:02 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job [2009/12/29 09:50:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable [2009/12/28 17:15:44 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT [2009/12/28 17:15:44 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini [2009/12/28 11:12:15 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/23 14:35:18 | 00,440,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2009/12/23 14:35:18 | 00,070,588 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2009/12/23 14:35:15 | 00,520,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/12/22 19:51:04 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk [2009/12/22 19:49:45 | 00,000,110 | ---- | M] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2009/12/29 09:50:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable [2009/12/28 11:12:15 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2009/12/22 19:51:02 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk [2009/12/22 19:06:56 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini [2009/05/14 08:58:34 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI [2009/04/20 17:25:08 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini [2008/02/05 17:20:08 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys [2007/02/13 10:42:26 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys [2007/01/22 16:34:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2006/10/10 05:14:21 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2006/06/20 03:13:10 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini [2005/07/29 15:31:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI [2005/07/29 00:54:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI [2004/09/30 11:21:13 | 00,000,134 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2004/09/26 00:05:59 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini [2004/09/26 00:05:58 | 00,000,508 | ---- | C] () -- C:\WINDOWS\intuprof.ini [2004/09/08 13:03:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2004/09/08 13:03:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2004/09/08 13:03:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2004/09/08 13:03:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2004/09/08 13:03:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2004/09/08 13:03:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2004/05/13 01:11:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004/05/12 19:44:01 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2004/05/12 19:44:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2004/05/12 07:25:14 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll [2004/05/12 07:24:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll [2004/05/12 07:24:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll [2004/05/12 07:23:18 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat [2004/05/12 07:21:36 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll [2004/05/12 07:06:40 | 00,028,764 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS [2004/05/12 07:06:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll [2004/05/12 06:19:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2004/05/12 06:10:15 | 00,001,090 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2004/05/12 04:27:46 | 00,002,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2004/05/12 02:14:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/05/12 02:02:57 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll [2004/05/12 02:02:57 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll [2004/05/12 02:00:16 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll [2004/05/12 01:28:30 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini [2004/05/12 01:16:45 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2004/03/30 17:04:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini [2003/03/07 00:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll [2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll ========== LOP Check ========== [2009/12/22 18:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog [2005/01/27 00:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground [2007/03/17 05:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2008/01/07 17:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fisher-Price [2005/06/24 22:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech [2004/05/12 07:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView [2007/03/11 21:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint [2009/12/15 01:00:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job [2009/07/01 00:00:05 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > [2005/12/05 18:52:46 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe < MD5 for: AGP440.SYS > [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys [2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys < MD5 for: ATAPI.SYS > [2002/08/29 03:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys [2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2009/12/24 12:48:13 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys [2009/12/24 12:48:13 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys [2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys < MD5 for: EVENTLOG.DLL > [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll [2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll < MD5 for: NETLOGON.DLL > [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll [2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll < MD5 for: SCECLI.DLL > [2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\atl.dll [2009/10/29 02:46:54 | 06,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll [1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ] < End of report > ================================================================= And here is the extras.txt: ================================================================= OTL Extras logfile created on: 12/30/2009 11:02:01 PM - Run 1 OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.11) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 247.00 Mb Total Physical Memory | 52.00 Mb Available Physical Memory | 21.00% Memory free 671.00 Mb Paging File | 218.00 Mb Available in Paging File | 33.00% Paging File free Paging file location(s): C:\pagefile.sys 372 744 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 30.93 Gb Total Space | 12.89 Gb Free Space | 41.67% Space Free | Partition Type: NTFS Drive D: | 6.32 Gb Total Space | 2.26 Gb Free Space | 35.73% Space Free | Partition Type: FAT32 Drive E: | 2.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: JASON1980 Current User Name: Owner Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusOverride" = 0 "FirewallOverride" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "8085:TCP" = 8085:TCP:*:Enabled:drv ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- File not found "C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- () "C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- () "C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.) "C:\Program Files\AOL\RC\regclient.exe" = C:\Program Files\AOL\RC\regclient.exe:*:Enabled:AOL -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC) "C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC) "C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC) "C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC) "C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC) "C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.) "C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.) "C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation) "C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier "{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200 "{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager "{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger "{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III "{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5 "{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo "{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600 "{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD "{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK "{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices "{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc "{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme "{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970 "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress "{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan "{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan "{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation "{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers "{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1 "{2CB7E2C0-7B15-4A87-93B7-036BE7DE5B66}" = TurboTax 2008 wwviper "{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0 "{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2 "{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal "{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4 "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software "{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK "{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics "{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2 "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant "{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series "{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm "{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy "{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot "{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC "{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81 "{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004 "{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen "{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA "{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP "{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware "{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr "{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam "{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg "{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox "{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03 "{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director "{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2 "{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare "{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset "{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0 "{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English "{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect "{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up "{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp "{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS "{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver "{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT "{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload "{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini "{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003 "{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow! "{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}" = iTunes "{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL "{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects "{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore "{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI "{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht "{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8 "{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext "{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530 "{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK "{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax "{AF363EA8-CB9F-40EC-90E0-A46AD9C78EB0}" = Laugh, Smile & Learn
  11. I hope I'm asking this in the right place. I'm trying to do the whole defogger, downloading dds, and gmer rootkit scanner thing. I was working on downloading the dds but the dds.txt and attach.txt logs did not come up. Instead I got a black screen that said that I should disable the script blocker, but I have no idea what a script blocker is. I did a google search on how to disable it, and every link that I clicked on redirected me to a totally different website. Now I'm afraid that I've got viruses again, b/c that's just suspicious for the computer to redirect me for every thing that I clicked on. For instance I clicked on a link that was supposed to take me to flippingcomputer.com but it took me to stopzilla. ::sigh:: This crap sucks. Thanks a bunch!
  12. Man...that stinks! LOL I'll let me husband know to change the passwords and such from his computer at work. He does keep a very close eye on our bank stuff, though. Checks it at least once a day. I usually think he's just being paranoid, but I appreciate it now. And thank you for the tip about closing those pop ups with control al delete. I've wondered if clicking on the x actually installs it. Those tricky virus making people. Boo to them. and I do use facebook quite often, but I try to be careful about clicking on videos and links. I hate that mcafee doesn't pick these things up. I really feel like they are sort of a scam. We called them last week, right after we started having problems, and they told us that the viruses had been removed and that our computer was just being slow b/c we were low on memory. I know that if we were to call them now, they'd want us to shell out $100 to have someone hack into our computer to fix it. We've had that happen before. I bet if I would have known about mawarebytes we wouldn't have had to dish out the money to fix it. I did post on the other board. Unfortunately I did it before reading your latest post, and so I did not include the most recent log. You've been a super big help. I really appreciate it.
  13. Hello all. Let me explain what I mean by hoping that there's still hope. My computer is about 5 years old, and was working alright until about a week ago. I was on the BabyCenter.com forum when all of a sudden I had a popup say that our computer had viruses and that we needed to download or purchase something in order to clean it. We've had this before, and it did horrific things to our computer. Mcafee didn't catch it before, and then when it was too late we ended up having to shell out $100 for someone from Mcafee to hack into our computer to fix it. So when this happened last week I immediately closed that pop up and went to run mcafee. Mcafee wouldn't work. Our computer shut off and when we turned it back on it said that Mcafee had removed a trojan or two (or three) and blah blah blah. Our computer hasn't been the same since. We can't run Mcafee, still. Well, we can but it only scans 1,000 files an hour and we've left it run all day and it's gotten to scan about 11,000 files and it still says that it's 0% finished, which we have about 115,000 files, so it should be some percentage of the way finished. Our computer is also really really slow. Oh yeah! And when we called mcafee, they said that mcafee removed the viruses and that it's just that our computer doesn't have enough memory. That was last Tuesday, but we've still be getting popups saying that we have viruses. I personally think Mcafee is crooked and they just want us to get to the point where we have to shell out $100 to have it fixed again. ::sigh:: Alright, so sorry that was so long, but felt the need to share that. I realize that our computer just may be too old, but we're hoping that it's something else that can be fixed. I ran my very first malwarebytes scan earlier today, and it turned up that we had a bunch of viruses. We removed them but our computer is still acting the same way. Still can't run mcafee and it's just still really slow. Here is the log from earlier. Thanks in advance: _________________________________________ Internet Explorer 7.0.5730.11 12/28/2009 5:12:24 PM mbam-log-2009-12-28 (17-12-24).txt Scan type: Quick Scan Objects scanned: 115642 Time elapsed: 1 hour(s), 9 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 20 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drv (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Rogue.SysGuard) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tnitgqja (Trojan.FakeAlert.N) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\spool\prtprocs\w32x86\607.tmp (Malware.Packer) -> Quarantined and deleted successfully. C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
  14. Okie dokie. I just now read your last post. I just finished my 2nd scan and it turned up no infections. I used quick scan both times. I'll cut and paste the log from the earlier quick scan that found the 16 infected objects. I feel the need to say that this computer is 5 years old, but was working fine until about a week ago. I mean, of course it wasn't as fast as a newer computer, but it was fast enough. About a week ago is when we started having problems. We had a pop up say that we had some viruses and that we needed to download something to remove them. We closed the pop up immediately and went to run a mcafee scan and mcafee wouldn't work. Mcafee hasn't worked since, and our computer has been super slow. Mcafee still won't work and our computer is still really slow. Okay, so here is the log. I still haven't done the defogger stuff and all that other stuff that was in that one thread. How long does that usually take? And will there be info that I need to cut and paste from those steps? _____________________________ Internet Explorer 7.0.5730.11 12/28/2009 5:12:24 PM mbam-log-2009-12-28 (17-12-24).txt Scan type: Quick Scan Objects scanned: 115642 Time elapsed: 1 hour(s), 9 minute(s), 57 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 20 Registry Values Infected: 5 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 13 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drv (Trojan.Agent) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Rogue.SysGuard) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tnitgqja (Trojan.FakeAlert.N) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\spool\prtprocs\w32x86\607.tmp (Malware.Packer) -> Quarantined and deleted successfully. C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully. C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully. C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully. C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.
  15. I must have been typing when you responded, but I just read your last response. I need to run another scan, and then I'll post the log report thingy that pops up on notepad. It took about an hour and a half to do that last scan, so don't expect an immediate response. Thanks again.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.