Jump to content

Hoping that there's still hope


Recommended Posts

Hello all. Let me explain what I mean by hoping that there's still hope. My computer is about 5 years old, and was working alright until about a week ago. I was on the BabyCenter.com forum when all of a sudden I had a popup say that our computer had viruses and that we needed to download or purchase something in order to clean it. We've had this before, and it did horrific things to our computer. Mcafee didn't catch it before, and then when it was too late we ended up having to shell out $100 for someone from Mcafee to hack into our computer to fix it.

So when this happened last week I immediately closed that pop up and went to run mcafee. Mcafee wouldn't work. Our computer shut off and when we turned it back on it said that Mcafee had removed a trojan or two (or three) and blah blah blah. Our computer hasn't been the same since. We can't run Mcafee, still. Well, we can but it only scans 1,000 files an hour and we've left it run all day and it's gotten to scan about 11,000 files and it still says that it's 0% finished, which we have about 115,000 files, so it should be some percentage of the way finished. Our computer is also really really slow.

Oh yeah! And when we called mcafee, they said that mcafee removed the viruses and that it's just that our computer doesn't have enough memory. That was last Tuesday, but we've still be getting popups saying that we have viruses. I personally think Mcafee is crooked and they just want us to get to the point where we have to shell out $100 to have it fixed again. ::sigh::

Alright, so sorry that was so long, but felt the need to share that. I realize that our computer just may be too old, but we're hoping that it's something else that can be fixed. I ran my very first malwarebytes scan earlier today, and it turned up that we had a bunch of viruses. We removed them but our computer is still acting the same way. Still can't run mcafee and it's just still really slow.

Here is the log from earlier. Thanks in advance:

_________________________________________

Internet Explorer 7.0.5730.11

12/28/2009 5:12:24 PM

mbam-log-2009-12-28 (17-12-24).txt

Scan type: Quick Scan

Objects scanned: 115642

Time elapsed: 1 hour(s), 9 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 20

Registry Values Infected: 5

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 13

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CLASSES_ROOT\main.bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{4b66e1df-4de3-4cda-83b5-11673eadab0b} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CLASSES_ROOT\Interface\{986a8ac1-ab4d-4f41-9068-4b01c0197867} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{549b5ca7-4a86-11d7-a4df-000874180bb3} (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{afd4ad01-58c1-47db-a404-fbe00a6c5486} (Trojan.BHO) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{39fc2065-c9c7-49cd-8942-44cc2dedc844} (Trojan.Downloader) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{abd45510-9b22-41cd-9acd-8182a2da7c63} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{684ee1db-cd52-4ca9-9ccf-93d5f6b419ba} (Trojan.Banker) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drv (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system tool (Rogue.SysGuard) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tnitgqja (Trojan.FakeAlert.N) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\spool\prtprocs\w32x86\607.tmp (Malware.Packer) -> Quarantined and deleted successfully.

C:\Program Files\Shared\lib.sig (Adware.Deepdive) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\alog.txt (Stolen.data) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\bb1.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cmds.txt (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\cs.dat (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\ps1.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\rc.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\010112010146118114.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101464849.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\0101120101465752.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\934fdfg34fgjf23 (Worm.KoobFace) -> Quarantined and deleted successfully.

C:\WINDOWS\bf23567.dat (Worm.KoobFace) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Hi amselby81, welcome to Malwarebytes ;)

Sorry for the delay, we have been very busy.

Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in

netsvcs

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

nvrd32.sys

/md5stop

%systemroot%\*. /mp /s

CREATERESTOREPOINT

%systemroot%\system32\*.dll /lockedfiles

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

**Caution**

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.

Link to post
Share on other sites

Hi. Sorry for taking so long to respond. I've tried to do the things that you told me to do, but I've had some problems. I didn't have problems doing the OTC, and I can post the logs for that. However, I had problems doing the gmer. I managed to unzip it and save it to my desktop, but when I double clicked on gmer.exe, it did not start to run or do a scan. The window just popped up. Nothing else came up saying anything about rootkits or files with rookits, etc. So I went ahead and started a scan. It kept scanning and scanning and 5 hrs later it was still scanning. I walked away from my computer and came back and it was gone. It appeared that my computer restarted. No logs popped up. That's just really frustrating that I waited that long and I didn't get anything from it. Now, when I open it, it shows some files. I don't know if that's something that I'm supposed to save or what, but there are fewer files listed then there were when it was still doing the scan.

Thank you for your help.

I'm not sure if this is going to do us any good, but here is the otl.txt:

============================================================

OTL logfile created on: 12/30/2009 11:02:00 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 52.00 Mb Available Physical Memory | 21.00% Memory free

671.00 Mb Paging File | 218.00 Mb Available in Paging File | 33.00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 30.93 Gb Total Space | 12.89 Gb Free Space | 41.67% Space Free | Partition Type: NTFS

Drive D: | 6.32 Gb Total Space | 2.26 Gb Free Space | 35.73% Space Free | Partition Type: FAT32

Drive E: | 2.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JASON1980

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

PRC - [2009/11/10 10:14:38 | 00,443,728 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe

PRC - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

PRC - [2009/10/29 06:54:44 | 01,218,008 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe

PRC - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MPF\MpfSrv.exe

PRC - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\Mcshield.exe

PRC - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\MSC\mcmscsvc.exe

PRC - [2009/07/08 19:22:24 | 05,134,864 | ---- | M] (McAfee) -- C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe

PRC - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe

PRC - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe

PRC - [2009/04/20 17:22:04 | 00,066,864 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

PRC - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2008/02/13 12:06:58 | 02,196,240 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe

PRC - [2008/02/13 12:02:46 | 00,564,496 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

PRC - [2008/02/13 12:02:24 | 00,405,776 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe

PRC - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

PRC - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

PRC - [2008/01/25 13:32:56 | 00,689,416 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LogitechUpdate.exe

PRC - [2008/01/25 13:32:48 | 00,191,240 | ---- | M] (Logitech, Inc.) -- c:\Program Files\Logitech\QuickCam\LU\LULnchr.exe

PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

PRC - [2006/10/23 07:50:35 | 00,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

PRC - [2006/09/25 19:52:48 | 00,050,736 | ---- | M] (America Online, Inc.) -- C:\Program Files\Common Files\AOL\1176667549\ee\aolsoftware.exe

PRC - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe

PRC - [2006/02/19 05:24:52 | 00,239,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe

PRC - [2006/02/19 04:21:22 | 00,288,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

PRC - [2005/11/04 14:04:48 | 00,176,128 | ---- | M] () -- C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

PRC - [2004/08/20 15:55:14 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\igfxtray.exe

PRC - [2004/08/20 15:51:14 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe

PRC - [2004/06/29 09:06:38 | 00,088,363 | ---- | M] (Agere Systems) -- C:\WINDOWS\AGRSMMSG.exe

PRC - [2004/05/12 06:26:09 | 00,098,304 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe

PRC - [2004/01/16 21:16:18 | 00,229,376 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe

PRC - [2004/01/16 21:16:06 | 00,417,792 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\iPod\bin\iPodService.exe

PRC - [2004/01/09 03:34:10 | 00,032,768 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe

PRC - [2003/12/22 17:38:42 | 00,241,664 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

PRC - [2003/11/03 21:47:08 | 00,053,248 | ---- | M] (GEAR Software) -- C:\WINDOWS\system32\gearsec.exe

PRC - [2003/08/21 05:15:48 | 00,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe

PRC - [2003/02/11 21:02:48 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\hp\KBD\kbd.exe

PRC - [1998/05/07 18:04:38 | 00,052,736 | ---- | M] (Hewlett-Packard Company) -- C:\WINDOWS\system\hpsysdrv.exe

========== Modules (SafeList) ==========

MOD - [2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

MOD - [2008/02/05 17:20:30 | 00,109,080 | ---- | M] (Logitech Inc.) -- C:\WINDOWS\Temp\logishrd\LVPrcInj01.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/11/10 09:28:06 | 01,131,808 | ---- | M] (LeapFrog Enterprises, Inc.) [Auto | Running] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2009/10/27 11:19:46 | 00,895,696 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MPF\MPFSrv.exe -- (MpfService)

SRV - [2009/09/16 10:23:32 | 00,365,072 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)

SRV - [2009/09/16 09:22:08 | 00,144,704 | ---- | M] (McAfee, Inc.) [unknown | Running] -- C:\Program Files\McAfee\VirusScan\Mcshield.exe -- (McShield)

SRV - [2009/09/16 08:28:38 | 00,606,736 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)

SRV - [2009/07/09 23:26:20 | 00,865,832 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)

SRV - [2009/07/08 10:54:34 | 00,359,952 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)

SRV - [2009/07/07 18:10:02 | 02,482,848 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)

SRV - [2008/10/10 05:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)

SRV - [2008/02/05 17:22:36 | 00,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)

SRV - [2008/02/05 17:20:42 | 00,150,040 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2008/02/05 17:18:48 | 00,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer)

SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

SRV - [2006/11/09 18:35:43 | 00,083,504 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\acsd.exe -- (AOL ACS)

SRV - [2006/03/03 21:03:10 | 00,069,632 | ---- | M] (HP) [unknown | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

SRV - [2005/03/30 15:46:56 | 00,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)

SRV - [2004/01/16 21:16:06 | 00,417,792 | ---- | M] (Apple Computer, Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPodService)

SRV - [2003/11/03 21:47:08 | 00,053,248 | ---- | M] (GEAR Software) [Auto | Running] -- C:\WINDOWS\system32\gearsec.exe -- (GEARSecurity)

SRV - [2003/08/27 10:27:44 | 00,065,536 | ---- | M] (America Online, Inc.) [Auto | Stopped] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)

SRV - [2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

O1 HOSTS File: (735 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll (Hewlett-Packard Company)

O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)

O4 - HKLM..\Run: [AGRSMMSG] C:\WINDOWS\AGRSMMSG.exe (Agere Systems)

O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1176667549\ee\aolsoftware.exe (America Online, Inc.)

O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)

O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)

O4 - HKLM..\Run: [hpsysdrv] c:\WINDOWS\system\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [KBD] C:\hp\KBD\kbd.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [KernelFaultCheck] File not found

O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe ()

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe ()

O4 - HKLM..\Run: [McAfee Backup] C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe (McAfee)

O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)

O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)

O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)

O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()

O4 - HKLM..\Run: [Reminder] C:\Windows\Creator\Remind_XP.exe (SoftThinks)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [updateManager] c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)

O4 - HKLM..\Run: [VTTimer] File not found

O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\aol.exe (AOL, LLC.)

O4 - HKCU..\Run: [backupNotify] c:\Program Files\HP\Digital Imaging\bin\BackupNotify.exe (Hewlett-Packard Company)

O4 - HKCU..\Run: [DelayShred] c:\Program Files\McAfee\MSHR\ShrCL.exe ()

O4 - HKCU..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe File not found

O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10b.exe (Adobe Systems, Inc.)

O4 - HKLM..\RunOnceEx: [] File not found

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\IMStart.lnk = C:\Program Files\InterMute\IMStart.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {549F957E-2F89-11D6-8CFE-00C04F52B225} http://coupons.smartsource.com/download/cscmv5X.cab (CMV5 Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl...indows-i586.cab (Java Plug-in 1.4.2_03)

O16 - DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_04)

O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230

O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)

O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2004/05/12 01:25:35 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2001/07/28 05:07:38 | 00,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2002/09/11 02:02:32 | 00,000,045 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2004/06/04 17:47:04 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (15766103389110272)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/30 22:59:12 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2009/12/28 11:13:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes

[2009/12/28 11:12:02 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/28 11:11:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/12/28 11:11:57 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/28 11:11:55 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/12/22 20:08:42 | 00,000,000 | ---D | C] -- C:\Program Files\DIFX

[2009/12/22 20:02:52 | 00,018,560 | ---- | C] (LeapFrog) -- C:\WINDOWS\System32\drivers\FlyUsb.sys

[2009/12/22 19:52:27 | 00,000,000 | ---D | C] -- C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP

[2009/12/22 19:00:26 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard

[2009/12/22 18:57:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2009/12/22 18:57:39 | 00,000,000 | ---D | C] -- C:\Program Files\LeapFrog

[2009/12/21 16:06:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\syuclo

[2009/01/03 12:15:27 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[2008/07/25 15:15:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee

[2007/12/02 07:48:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2006/10/10 04:52:45 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll

[2006/04/27 09:37:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Symantec

[2006/04/21 21:38:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2005/11/13 13:30:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2004/05/12 01:27:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/30 22:56:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe

[2009/12/30 22:05:38 | 06,201,344 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb

[2009/12/30 22:05:24 | 04,469,760 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb

[2009/12/30 22:02:35 | 00,010,987 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF

[2009/12/30 21:48:54 | 00,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT

[2009/12/30 21:48:40 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/30 21:48:30 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/30 21:48:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/30 21:48:09 | 25,957,5808 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/30 21:48:07 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs

[2009/12/30 21:47:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad

[2009/12/29 20:02:02 | 00,000,364 | ---- | M] () -- C:\WINDOWS\tasks\Symantec NetDetect.job

[2009/12/29 09:50:35 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\defogger_reenable

[2009/12/28 17:15:44 | 05,505,024 | -H-- | M] () -- C:\Documents and Settings\Owner\NTUSER.DAT

[2009/12/28 17:15:44 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini

[2009/12/28 11:12:15 | 00,000,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/23 14:35:18 | 00,440,488 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2009/12/23 14:35:18 | 00,070,588 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2009/12/23 14:35:15 | 00,520,398 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2009/12/22 19:51:04 | 00,000,651 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk

[2009/12/22 19:49:45 | 00,000,110 | ---- | M] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/29 09:50:35 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\defogger_reenable

[2009/12/28 11:12:15 | 00,000,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2009/12/22 19:51:02 | 00,000,651 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\LeapFrog Connect.lnk

[2009/12/22 19:06:56 | 00,000,110 | ---- | C] () -- C:\WINDOWS\{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}_WiseFW.ini

[2009/05/14 08:58:34 | 00,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/04/20 17:25:08 | 00,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/02/05 17:20:08 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys

[2007/02/13 10:42:26 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys

[2007/01/22 16:34:47 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll

[2006/10/10 05:14:21 | 00,009,728 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/06/20 03:13:10 | 00,000,046 | ---- | C] () -- C:\WINDOWS\VistaEmail.ini

[2005/07/29 15:31:21 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingox.INI

[2005/07/29 00:54:07 | 00,000,000 | ---- | C] () -- C:\WINDOWS\slingo.INI

[2004/09/30 11:21:13 | 00,000,134 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2004/09/26 00:05:59 | 00,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini

[2004/09/26 00:05:58 | 00,000,508 | ---- | C] () -- C:\WINDOWS\intuprof.ini

[2004/09/08 13:03:20 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll

[2004/09/08 13:03:20 | 00,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll

[2004/09/08 13:03:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll

[2004/09/08 13:03:20 | 00,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll

[2004/09/08 13:03:20 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll

[2004/09/08 13:03:20 | 00,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll

[2004/05/13 01:11:55 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2004/05/12 19:44:01 | 00,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2004/05/12 19:44:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2004/05/12 07:25:14 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll

[2004/05/12 07:24:54 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll

[2004/05/12 07:24:54 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll

[2004/05/12 07:23:18 | 00,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat

[2004/05/12 07:21:36 | 00,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll

[2004/05/12 07:06:40 | 00,028,764 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS

[2004/05/12 07:06:00 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll

[2004/05/12 06:19:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2004/05/12 06:10:15 | 00,001,090 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI

[2004/05/12 04:27:46 | 00,002,411 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2004/05/12 02:14:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/05/12 02:02:57 | 00,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll

[2004/05/12 02:02:57 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll

[2004/05/12 02:00:16 | 00,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll

[2004/05/12 01:28:30 | 00,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini

[2004/05/12 01:16:45 | 00,000,549 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini

[2004/03/30 17:04:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

[2003/03/07 00:53:16 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll

[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2000/09/08 16:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll

========== LOP Check ==========

[2009/12/22 18:57:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2005/01/27 00:12:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground

[2007/03/17 05:07:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/01/07 17:41:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Fisher-Price

[2005/06/24 22:12:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech

[2004/05/12 07:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView

[2007/03/11 21:29:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint

[2009/12/15 01:00:01 | 00,000,340 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job

[2009/07/01 00:00:05 | 00,000,332 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

[2005/12/05 18:52:46 | 00,010,920 | ---- | M] () -- C:\aolconnfix.exe

< MD5 for: AGP440.SYS >

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

[2004/08/04 01:07:41 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >

[2002/08/29 03:27:50 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtUninstallQ331958$\atapi.sys

[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2009/12/24 12:48:13 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2009/12/24 12:48:13 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

[2004/08/04 00:59:42 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll

[2004/08/04 02:56:42 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll

[2004/08/04 02:56:44 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2004/08/04 02:56:44 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

[2009/07/17 14:01:06 | 00,058,880 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\atl.dll

[2009/10/29 02:46:54 | 06,067,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ieframe.dll

[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< End of report >

=================================================================

And here is the extras.txt:

=================================================================

OTL Extras logfile created on: 12/30/2009 11:02:01 PM - Run 1

OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Owner\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.11)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

247.00 Mb Total Physical Memory | 52.00 Mb Available Physical Memory | 21.00% Memory free

671.00 Mb Paging File | 218.00 Mb Available in Paging File | 33.00% Paging File free

Paging file location(s): C:\pagefile.sys 372 744 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 30.93 Gb Total Space | 12.89 Gb Free Space | 41.67% Space Free | Partition Type: NTFS

Drive D: | 6.32 Gb Total Space | 2.26 Gb Free Space | 35.73% Space Free | Partition Type: FAT32

Drive E: | 2.53 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: JASON1980

Current User Name: Owner

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"8085:TCP" = 8085:TCP:*:Enabled:drv

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe" = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe:*:Disabled:BackWeb-137903 -- File not found

"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater -- ()

"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()

"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- (America Online, Inc.)

"C:\Program Files\AOL\RC\regclient.exe" = C:\Program Files\AOL\RC\regclient.exe:*:Enabled:AOL -- (AOL LLC)

"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)

"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)

"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- (AOL, LLC.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)

"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)

"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier

"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III

"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5

"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo

"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600

"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD

"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK

"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices

"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc

"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{20749F76-4228-43AD-8AB5-E7B20D8040C4}" = hph_readme

"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress

"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan

"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan

"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation

"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers

"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1

"{2CB7E2C0-7B15-4A87-93B7-036BE7DE5B66}" = TurboTax 2008 wwviper

"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0

"{2FCE4FC5-6930-40E7-A4F1-F862207424EF}" = InterVideo WinDVD Creator 2

"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal

"{3248F0A8-6813-11D6-A77B-00B0D0150040}" = J2SE Runtime Environment 5.0 Update 4

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36DC3E2F-CD8C-4953-9E8F-9A1916D10AA1}" = hph_software

"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK

"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics

"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series

"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm

"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy

"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot

"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC

"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81

"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004

"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen

"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA

"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP

"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware

"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr

"{6444D9D9-CD6C-4464-B970-55C606C944DC}" = Logitech QuickCam

"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg

"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox

"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03

"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director

"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2

"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare

"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset

"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0

"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English

"{7E7D778E-121D-4BBD-BA29-FAA81B9FBD8C}" = LeapFrog Connect

"{8105684D-8CA6-440D-8F58-7E5FD67A499D}" = Easy Internet Sign-up

"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp

"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS

"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver

"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT

"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload

"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003

"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!

"{9705A7E1-3DD1-4BAC-8CA9-FE7B1473BEC9}" = iTunes

"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL

"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects

"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore

"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht

"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO

"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder

"{AC76BA86-7AD7-1033-7B44-A80000000002}" = Adobe Reader 8

"{ACCCEE83-B49B-4964-8A4F-378B8FBC9F75}" = hph_ProductContext

"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530

"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK

"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax

"{AF363EA8-CB9F-40EC-90E0-A46AD9C78EB0}" = Laugh, Smile & Learn

Link to post
Share on other sites

Hi amselby81,

Run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    PRC - [2007/01/04 16:38:18 | 00,112,336 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.

    :Services
    Viewpoint Manager Service

    :Files
    C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP
    C:\Program Files\Viewpoint
    C:\Documents and Settings\All Users\Application Data\Viewpoint
    C:\Documents and Settings\Owner\Application Data\Viewpoint

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Java 2 Runtime Environment, SE v1.4.2_03

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 6

Adobe Reader 8

javaicon.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 17.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u17-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u17-windows-i586.exe and select "Run as an Administrator.")

Your Adobe Acrobat Reader is out of date. Older versions are vulnerable to attack.

Please go to the link below to update.

http://www.adobe.com/products/acrobat/readstep2.html

Link to post
Share on other sites

Thank you, again. I went ahead and ran the fix with otc, with no problems. I then removed the viewpoint manager and media player like you said, by going to start and then run, etc. I have not removed javascript or adobe yet, b/c I'm not sure whether it is safe, because you say beware if you have 9x or ME, and neither me or my husband knows what the means. We just want to make sure, but we have Windows XP.

I want to ask a couple questions. First off, we keep getting something that pops up called "Just in Time Debugger." and it wants us to use something that says it's a new instance of Microsoft Script Editor. We don't think it's legit, b/c it keeps popping up even after we close it. It'll usually pop back up 3 or 4 times in a row, after closing it. We don't click yes or no, we right click the tab that it makes at the bottom, and click close. We figured that it's safe to close it that way, since we don't actually click on the box. Is this thing legit or a virus/malware/foistware?

My 2nd question, well is kind of statement, but our computer is still so slow. Is our computer still not clean? We also haven't updated our internet explorer to IE 9. Could that also be a reason for our computer to be so slow? Is it just age? I swear our computer wasn't nearly this slow until we had the virus/malware issues almost 2 weeks ago.

Okay, so no more questions. Here is the log that I got when I ran the fix with OTC:

=============================================================

All processes killed

========== OTL ==========

No active process named ViewMgr.exe was found!

No active process named ViewpointService.exe was found!

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.

========== SERVICES/DRIVERS ==========

Service Viewpoint Manager Service stopped successfully!

Service Viewpoint Manager Service deleted successfully!

========== FILES ==========

C:\WINDOWS\D9DE9E0371CA423BB10157F13A751003.TMP folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData\images folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Manager\ViewCPData folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Manager folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9Plus folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\NewComponents folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMPVideo_Win folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\VMgr_Win folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents\AxMetaStream_Win folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\DownloadedComponents folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components folder moved successfully.

C:\Program Files\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Program Files\Viewpoint\Common folder moved successfully.

C:\Program Files\Viewpoint folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads\Cache folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager\Downloads folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Manager folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome\BH00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\Welcome folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology\Resources folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint\Viewpoint Experience Technology folder moved successfully.

C:\Documents and Settings\Owner\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 65716 bytes

->Temporary Internet Files folder emptied: 33299 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Owner

->Temp folder emptied: 105111418 bytes

->Temporary Internet Files folder emptied: 11823926 bytes

->Java cache emptied: 2412934 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 39097 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

Windows Temp folder emptied: 350942982 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23945528 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 2997404 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb

OTL by OldTimer - Version 3.1.20.1 log created on 01012010_104430

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\YHIPG9UP.SH!\EntGam_Brd&Puz-EA;MN=93210766;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1

5;sg2=10;pmi=2;ten=570;clv=4148;aol=1;r33=1;r38=1;r119=1;!c=d-dxp;!c=d-pxp;sz[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E

1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90

;

tile=1;dcove=d;o[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA

250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72

8

x90;tile=1;dcove[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\MGTP5UBJ.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA

250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72

8

x90;tile=1;dcove[2] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\IPBN4TRG.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E

1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90

;

tile=1;dcove=d;o[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\EntGam_Brd&Puz-EA;MN=93186322;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1

5;sg2=10;pmi=2;ten=569;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90;tile=1;dco[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\EntGam_Brd&Puz-EA;MN=93186323;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1

5;sg2=10;pmi=2;ten=569;clv=4148;aol=1;r33=1;r38=1;r119=1;!c=d-dxp;!c=d-pxp;sz[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\News_USNews;MN=93197704;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E

1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=567;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=728x90

;

tile=1;dcove=d;o[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\D6BYERYW.SH!\TrgAud_NewsComm;MN=93204206;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA

250E1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=72

8

x90;tile=1;dcove[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\AED7KPQ3.SH!\News_USNews;MN=93179288;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E

1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=566;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=160x60

0

;tile=2;dcove=d;[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\AED7KPQ3.SH!\News_USNews;MN=93179288;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E

1E1;wm=o;sg1=15;sg2=10;pmi=2;ten=567;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=160x60

0

;tile=2;dcove=d;[1] not found!

File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\TEMPOR~1.SH!\Content.SH!\21ARCLE9.SH!\EntGam_Cas-EA;MN=93210763;dcg=00406346;dclu2=FC6C7F522ACEB7F7;u=643D4BEFA250E1E1;wm=o;sg1=1

5;sg2=10;pmi=2;ten=570;clv=4148;aol=1;r33=1;r38=1;r119=1;sz=500x350;tile=1;dcove

=

[1] not found!

C:\Documents and Settings\Owner\Local Settings\Temp\IadHide5.dll moved successfully.

File\Folder C:\WINDOWS\temp\logishrd\LVPrcInj01.dll not found!

C:\WINDOWS\temp\mcmsc_QfuQm9evTAW7ewI moved successfully.

C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWFZZ1T\meebo[1].htm moved successfully.

C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\EIWFZZ1T\meebo_cim_v84_cim_8_5[1].js moved successfully.

File\Folder C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\3DOW20JS\cafemom_com[1].htm not found!

Registry entries deleted on Reboot...

Link to post
Share on other sites

Hi amselby81,

You're welcome. I hope you and your family had a safe and happy new years day.

I want to ask a couple questions. First off, we keep getting something that pops up called "Just in Time Debugger." and it wants us to use something that says it's a new instance of Microsoft Script Editor. We don't think it's legit, b/c it keeps popping up even after we close it. It'll usually pop back up 3 or 4 times in a row, after closing it. We don't click yes or no, we right click the tab that it makes at the bottom, and click close. We figured that it's safe to close it that way, since we don't actually click on the box. Is this thing legit or a virus/malware/foistware?

This is related to Visual Studio, so you don't have to worry, its not malware. If you like I can make it so it stops popping up for you guys.

I have not removed javascript or adobe yet, b/c I'm not sure whether it is safe, because you say beware if you have 9x or ME, and neither me or my husband knows what the means. We just want to make sure, but we have Windows XP.

Since you have Windows XP, its safe to remove Java and Adobe now.

Make sure you update Java before you follow the next steps.

Launch Malwarebytes' Anti-Malware

  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases

[*]Click on My Computer under Scan.

[*]Once the scan is complete, it will display the results. Click on View Scan Report.

[*]You will see a list of infected items there. Click on Save Report As....

[*]Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Link to post
Share on other sites

Thank you. I did all the stuff for java script and adobe and the old versions are gone and I now have the updated versions. I updated to the newest malwarebytes anti malware, the one that is dated for Dec. 30th. I'll post the log from that, below.

I went to run kaspersky and I messed it up. I got a pop up saying that I needed to add an add on for Java Script. I was a little paranoid about it b/c I had just downloaded the latest version, and so I cancelled it. Big mistake b/c now I can't run Kaspersky. I've tried to do the process all over again, in hopes that I get the offer for downloading the add on, but now I get a little icon at the bottom of my screen that says that add ons are disabled. I clicked on the icon and it took me to manage addons, and I have no idea what to do there. When I try to accept kaspersky, it tells me, "Launch of the Java application is interrupted! Please establish an uninterrupted internet connection for work with this program."

If you can tell me how to enable that java add on, that'd be great. :welcome:

Oh, btw, I keept forgetting to tell you that I've got the google redirect thing that other people have been posting about on these forums. I google search something, and I get the results and I click on something and it redirects me to something totally different. Just thought I'd tell you, since that may help you in further diagnosing my computer. I really really appreciate all of your help.

Alright, so on to what I could do. Here is the latest MWBAM log:

===============================================

Malwarebytes' Anti-Malware 1.43

Database version: 3474

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.11

1/2/2010 9:10:30 PM

mbam-log-2010-01-02 (21-10-30).txt

Scan type: Quick Scan

Objects scanned: 114863

Time elapsed: 1 hour(s), 37 minute(s), 41 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\system32\jgaw400.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I wanted to add some more information. In addition to the search engine redirects, something else that keeps happening is that another internet explorer window opens, and there's a "survey" that it wants me to take. We x out of it, but it pops up every once in awhile. I'm sorry I can't remember what the "survey" is called, but it will say something along the lines of, "Thank you for visiting (insert any web address), please take our survey for a chance to win a prize." It has said thanks for visiting msn.com, comcast.net, malwarebytes.org, and a few other websites, but it's always the website that I'm visiting whenever it pops open. Always the same plain white screen and same look, it just changes whatever website that it's "thanking" me for visiting.

I hope that makes sense. I wish i could be more specific. If this is something that you're not familiar with, I'll write down what this website is called or who the supposed sponsor is, so I can tell you what it's called.

Thank you,

Angie

Link to post
Share on other sites

Please download ComboFix from

Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

  1. If you are using Firefox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to "Always ask me where to Save the files".

[*]During the download, rename Combofix to Combo-Fix as follows:

CF_download_FF.gif

CF_download_rename.gif

[*]It is important you rename Combofix during the download, but not after.

[*]Please do not rename Combofix to other names, but only to the one indicated.

[*]Close any open browsers.

[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------

  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------


  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

[*]Double click on combo-Fix.exe & follow the prompts.

[*]When finished, it will produce a report for you.

[*]Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

Link to post
Share on other sites

I think this was the fastest process that I've done for this issue. Haven't checked to see if things are running faster or if I'm still being redirected, but here's the log. Thank you.

=========================================================

ComboFix 10-01-04.01 - Owner 01/05/2010 20:28:02.1.1 - x86

Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Shared

c:\windows\Downloaded Program Files\CpNMgr.dll

c:\windows\system32\cookie1.dat

c:\windows\system32\ps2.bat

c:\windows\system32\tb.dr

c:\windows\TEMP\logishrd\LVPrcInj01.dll

c:\windows\viassary-hp.reg

D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected

Restored copy from - Kitty ate it :D

c:\windows\system32\proquota.exe was missing

Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.

((((((((((((((((((((((((( Files Created from 2009-12-06 to 2010-01-06 )))))))))))))))))))))))))))))))

.

2009-12-28 16:13 . 2009-12-28 16:13 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes

2009-12-28 16:11 . 2009-12-28 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-22 23:57 . 2009-12-22 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Leapfrog

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BackupNotify"="c:\program files\HP\Digital Imaging\bin\backupnotify.exe" [2004-01-09 32768]

"AOL Fast Start"="c:\progra~1\AOL9~1.0\AOL.EXE" [2006-11-10 50736]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]

"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-08-20 118784]

"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]

"HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328]

"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-05-12 151597]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-01-17 229376]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]

"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]

"Reminder"="c:\windows\Creator\Remind_XP.exe" [2003-12-18 118784]

"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]

"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-08-20 155648]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-05-12 98304]

"HostManager"="c:\program files\Common Files\AOL\1176667549\ee\AOLSoftware.exe" [2006-09-26 50736]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]

"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]

"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]

"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-11-10 443728]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\Owner\Start Menu\Programs\Startup\

IMStart.lnk - c:\program files\InterMute\IMStart.exe [2004-5-12 57344]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-11-4 176128]

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]

Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-4-20 66864]

Quicken Scheduled Updates.lnk - c:\program files\Quicken\bagent.exe [2003-7-30 57344]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\Program Files\\America Online 9.0\\waol.exe"=

"c:\\Program Files\\AOL\\RC\\regclient.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=

"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\AOL 9.0\\waol.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

S2 mrtRate;mrtRate; [x]

S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/22/2009 8:02 PM 18560]

S3 iMSPQMn;iMSPQMn;\??\c:\docume~1\Owner\LOCALS~1\Temp\iMSPQMn.sys --> c:\docume~1\Owner\LOCALS~1\Temp\iMSPQMn.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-12-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 16:22]

2010-01-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-05-27 16:22]

2010-01-05 c:\windows\Tasks\Symantec NetDetect.job

- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-05-13 17:24]

.

.

------- Supplementary Scan -------

.

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.comcast.net/

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

.

- - - - ORPHANS REMOVED - - - -

HKCU-Run-MoneyAgent - c:\program files\Microsoft Money\System\mnyexpr.exe

HKLM-Run-VTTimer - VTTimer.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-01-05 20:56

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4460)

c:\windows\system32\WININET.dll

c:\docume~1\Owner\LOCALS~1\Temp\IadHide5.dll

c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\System32\gearsec.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

c:\progra~1\McAfee\MSC\mcmscsvc.exe

c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe

c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe

c:\progra~1\McAfee\VIRUSS~1\mcshield.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\progra~1\mcafee.com\agent\mcagent.exe

c:\program files\McAfee\MPF\MPFSrv.exe

c:\windows\system32\HPZipm12.exe

c:\windows\wanmpsvc.exe

c:\windows\AGRSMMSG.exe

c:\windows\system32\wscntfy.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe

c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe

c:\program files\Common Files\AOL\ACS\AOLacsd.exe

c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe

c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe

.

**************************************************************************

.

Completion time: 2010-01-05 21:26:10 - machine was rebooted

ComboFix-quarantined-files.txt 2010-01-06 02:25

Pre-Run: 13,721,337,856 bytes free

Post-Run: 13,770,100,736 bytes free

- - End Of File - - 165C5106EE8F83A43918BA2C35406982

Link to post
Share on other sites

Oh, you are sooooo my computer hero! Things seem to be cleared up. I did a google search and it worked. My computer is also running at regular speed. Please let me know what I need to do next. Also, do you know where the name of the thing that caused these problems? It seems to be going around, since so many people in these forums are having similar issues. Do you know where it came from and how I got it? And how to avoid it?

My husband and I appreciate your help soooo much!

Link to post
Share on other sites

Hi amselby81,

You're welcome, glad I could help :)

You had a few Trojans as well a a Backdoor trojan, and a Rogue Tool that pretened to be a legit antimalware tool.

Just one more thing to clean up:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Driver::

mrtRate

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

  • 2 weeks later...
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.