Jump to content

Recommended Posts

Hello! While I was out errand-ing on Valentine's Day, my brother called me, panicked, because something had popped up on our computer - something that said we had an innumerable number of viruses and trojans and whatnot. I smelled virus, so I told him to run a virus scan with our antivirus, PC Cillin, until I got home and could look at it myself. Well, little did I know, but we had gotten this insidious trojan-thing, My Security wall. I ran a few searches, and learned that the thing that was most likely to take it out was Malwarebytes, so I downloaded it and removed it.

So I thought.

As this computer has always been a bit... sketchy, it wouldn't let me enter the password after I removed the My Security Wall, so I restarted it again. Surprise of surprises, the insidious thing had popped up again when I tried to delete one last icon that I courteously thought the program had missed. However, knowing the mood swings of this computer, I ran the Malwarebytes again, and it seemed to do the job. However, one last vestige of the virus is ticking around - gala search engine. Whenever I entered anything into the search bar at the top, it redirected me to Gala Search. I tried everything, including upgrading to IE 8, trying to get rid of the thing. However, nothing's working. Please help? I would just tell my family to not use the toolbar, but they'd forget and use it anyway, releasing goodness knows what viruses into our computer, forcing me to spend another five hours on the computer attempting to delete and remove them.

What should I do?

Link to post
Share on other sites

Hello! While I was out errand-ing on Valentine's Day, my brother called me, panicked, because something had popped up on our computer - something that said we had an innumerable number of viruses and trojans and whatnot. I smelled virus, so I told him to run a virus scan with our antivirus, PC Cillin, until I got home and could look at it myself. Well, little did I know, but we had gotten this insidious trojan-thing, My Security wall. I ran a few searches, and learned that the thing that was most likely to take it out was Malwarebytes, so I downloaded it and removed it.

So I thought.

As this computer has always been a bit... sketchy, it wouldn't let me enter the password after I removed the My Security Wall, so I restarted it again. Surprise of surprises, the insidious thing had popped up again when I tried to delete one last icon that I courteously thought the program had missed. However, knowing the mood swings of this computer, I ran the Malwarebytes again, and it seemed to do the job. However, one last vestige of the virus is ticking around - gala search engine. Whenever I entered anything into the search bar at the top, it redirected me to Gala Search. I tried everything, including upgrading to IE 8, trying to get rid of the thing. However, nothing's working. Please help? I would just tell my family to not use the toolbar, but they'd forget and use it anyway, releasing goodness knows what viruses into our computer, forcing me to spend another five hours on the computer attempting to delete and remove them.

What should I do?

Also, when I registered for your site, my antivirus didn't like me using my email. It's not giving me the error message now, but occasionally when I pull up google, it gives me error notes that my HOSTS file has been changed. (And I did have to go in and change it. Again.) It seems to be working now, but I'm trying to give you all the details I can remember. I'm not great with computers - I'm just the only one in the house who knows more than just how to use email and facebook. Please use plain english? There's only so much techno jargon I understand... I'll try, though.

Link to post
Share on other sites

Also, (wow, what occurs to me when I'm thinking,) I get redirects when i click on google links. It always directs me to another site that TrendMicro says is a bad site and blocks, and I have to hit the "back" button to get to whatever site I wanted to. I'm sure that's an issue - it's never happened before this.

Link to post
Share on other sites

Hi Lhyrre,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your computer problems.

The logs can take some time to research, so please be patient with me.

Please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Link to post
Share on other sites

Hi Lhyrre,

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized

    [*]Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.

  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE

Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Link to post
Share on other sites

Whoot. Here it goes...

OTL

OTL logfile created on: 2/15/2010 4:15:25 PM - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Joe\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14.65 Gb Total Space | 0.30 Gb Free Space | 2.05% Space Free | Partition Type: NTFS

Drive D: | 22.62 Gb Total Space | 5.23 Gb Free Space | 23.10% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

Computer Name: MJ1

Current User Name: Joe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.)

PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()

PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()

PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)

PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\AppPatch\aclayers.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\shimeng.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.)

SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe ()

SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe ()

SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe ()

SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe ()

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.)

SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)

SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard)

SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (GhostStartService) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation)

========== Driver Services (SafeList) ==========

DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.)

DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.)

DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.)

DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.)

DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys ()

DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys ()

DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys ()

DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.)

DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.)

DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.)

DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)

DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation)

DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)

DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.)

DRV - (SiSide) -- C:\WINDOWS\System32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)

DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)

DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)

DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation)

DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

IE - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\S-1-5-21-329068152-1284227242-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/02/15 13:56:11 | 000,002,065 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 74.125.45.100 4-open-davinci.com

O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com

O1 - Hosts: 74.125.45.100 privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com

O1 - Hosts: 74.125.45.100 getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com

O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com

O1 - Hosts: 74.125.45.100 www.getavplusnow.com

O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com

O1 - Hosts: 74.125.45.100 urs.microsoft.com

O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com

O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com

O1 - Hosts: 74.125.45.100 paysoftbillsolution.com

O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com

O1 - Hosts: 94.228.209.236 www.google.com

O1 - Hosts: 94.228.209.236 google.com

O1 - Hosts: 94.228.209.236 google.com.au

O1 - Hosts: 94.228.209.236 www.google.com.au

O1 - Hosts: 94.228.209.236 google.be

O1 - Hosts: 94.228.209.236 www.google.be

O1 - Hosts: 94.228.209.236 google.com.br

O1 - Hosts: 94.228.209.236 www.google.com.br

O1 - Hosts: 94.228.209.236 google.ca

O1 - Hosts: 94.228.209.236 www.google.ca

O1 - Hosts: 37 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)

O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation)

O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)

O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)

O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe ()

O4 - HKLM..\Run: [userFaultCheck] File not found

O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.)

O4 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)

O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1230168500243 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230168550618 (MUWebControl Class)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class)

O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)

O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2008/12/24 20:18:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2005/09/26 23:42:46 | 000,000,026 | R--- | M] () - H:\autorun.inf -- [ CDFS ]

O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell - "" = AutoRun

O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell\AutoRun - "" = Auto&Play

O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/02/15 16:14:24 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe

[2010/02/15 15:14:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IECompatCache

[2010/02/15 15:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\PrivacIE

[2010/02/15 15:10:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IETldCache

[2010/02/15 15:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates

[2010/02/15 15:04:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8

[2010/02/15 12:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes

[2010/02/15 12:50:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/02/15 12:50:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/02/15 12:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/02/15 12:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/02/14 16:16:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSEVSW

[2010/02/14 16:14:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\13a6568

[2010/01/31 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google

[2010/01/31 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works

[2010/01/31 14:44:54 | 000,000,000 | RH-D | C] -- C:\MSOCache

[2010/01/31 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft Help

[2010/01/31 14:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help

[2010/01/30 19:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\3DVIA

[2010/01/30 19:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools

[2010/01/30 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\GetRightToGo

[2010/01/30 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Downloads

[2009/12/03 09:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS

[2009/12/03 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp

[2009/10/03 01:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp

[2009/05/06 15:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google

[2009/04/21 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google

[2008/12/24 21:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2008/12/24 20:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2008/12/24 20:17:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2008/12/24 20:17:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 D:\Joes Documents\*.tmp files -> D:\Joes Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/02/15 16:14:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe

[2010/02/15 15:45:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1284227242-1801674531-1006UA.job

[2010/02/15 15:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010/02/15 15:10:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/02/15 15:09:21 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT

[2010/02/15 15:09:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini

[2010/02/15 15:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/02/15 14:45:25 | 000,020,992 | ---- | M] () -- D:\Joes Documents\Step 2.doc

[2010/02/15 13:56:11 | 000,002,065 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak

[2010/02/15 13:56:11 | 000,002,065 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010/02/15 12:50:33 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/14 17:45:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1284227242-1801674531-1006Core.job

[2010/02/14 15:45:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/02/12 11:01:20 | 000,038,912 | ---- | M] () -- D:\Joes Documents\Adrianna charrie sheet.doc

[2010/02/11 21:27:20 | 000,026,112 | ---- | M] () -- D:\Joes Documents\Character Sheet Form.doc

[2010/02/10 14:16:43 | 000,759,808 | ---- | M] () -- D:\Joes Documents\DRoP1.doc

[2010/02/09 22:12:17 | 000,020,480 | ---- | M] () -- D:\Joes Documents\Pei Wei Restaurant Review.doc

[2010/02/08 22:34:18 | 001,283,072 | ---- | M] () -- D:\Joes Documents\College_Bound_-_January_2010.doc

[2010/02/06 14:53:28 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/02/05 23:31:57 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\66a50jD3Vpls

[2010/02/03 23:05:44 | 000,324,608 | ---- | M] () -- D:\Joes Documents\Newspaper.pub

[2010/02/03 23:05:32 | 001,158,656 | ---- | M] () -- D:\Joes Documents\February Issue.pub

[2010/02/03 22:14:51 | 000,017,788 | ---- | M] () -- D:\Joes Documents\graph.emf

[2010/02/03 13:49:46 | 000,020,992 | ---- | M] () -- D:\Joes Documents\NEWSPAPER MEETING PLAN 2.doc

[2010/02/02 20:54:38 | 000,081,776 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

[2010/02/01 00:14:50 | 000,024,064 | ---- | M] () -- D:\Joes Documents\newspaper shtuff.doc

[2010/02/01 00:14:39 | 000,047,104 | ---- | M] () -- D:\Joes Documents\articles_4_paper.doc

[2010/01/31 22:52:44 | 000,249,005 | ---- | M] () -- D:\Joes Documents\Newspaper_pub.zip

[2010/01/31 20:07:16 | 000,013,381 | ---- | M] () -- D:\Joes Documents\Celiac%20Follow%20Up%20wordpad[1].rtf

[2010/01/31 18:06:04 | 000,025,088 | ---- | M] () -- D:\Joes Documents\Doc2.doc

[2010/01/31 17:24:19 | 000,030,720 | ---- | M] () -- D:\Joes Documents\Da Interviews FOO.doc

[2010/01/30 09:40:20 | 000,053,760 | ---- | M] () -- D:\Joes Documents\High School Transcript.doc

[2010/01/25 11:58:48 | 000,022,016 | ---- | M] () -- D:\Joes Documents\mike his.doc

[2010/01/21 20:34:16 | 000,019,968 | ---- | M] () -- D:\Joes Documents\a stupid woman.doc

[2010/01/21 20:26:20 | 000,020,480 | ---- | M] () -- D:\Joes Documents\MEETING PLAN.doc

[2010/01/21 20:18:30 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk

[2010/01/19 19:29:46 | 000,022,016 | ---- | M] () -- D:\Joes Documents\Mike.doc

[2010/01/19 19:21:01 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 D:\Joes Documents\*.tmp files -> D:\Joes Documents\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/02/15 14:45:24 | 000,020,992 | ---- | C] () -- D:\Joes Documents\Step 2.doc

[2010/02/15 12:50:33 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/02/11 22:24:17 | 000,038,912 | ---- | C] () -- D:\Joes Documents\Adrianna charrie sheet.doc

[2010/02/11 21:27:20 | 000,026,112 | ---- | C] () -- D:\Joes Documents\Character Sheet Form.doc

[2010/02/09 21:34:12 | 000,020,480 | ---- | C] () -- D:\Joes Documents\Pei Wei Restaurant Review.doc

[2010/02/08 22:34:14 | 001,283,072 | ---- | C] () -- D:\Joes Documents\College_Bound_-_January_2010.doc

[2010/02/08 21:36:57 | 000,759,808 | ---- | C] () -- D:\Joes Documents\DRoP1.doc

[2010/02/05 23:31:57 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\66a50jD3Vpls

[2010/02/03 22:14:50 | 000,017,788 | ---- | C] () -- D:\Joes Documents\graph.emf

[2010/02/03 13:49:46 | 000,020,992 | ---- | C] () -- D:\Joes Documents\NEWSPAPER MEETING PLAN 2.doc

[2010/02/01 00:14:49 | 000,024,064 | ---- | C] () -- D:\Joes Documents\newspaper shtuff.doc

[2010/02/01 00:08:37 | 000,324,608 | ---- | C] () -- D:\Joes Documents\Newspaper.pub

[2010/02/01 00:01:45 | 001,158,656 | ---- | C] () -- D:\Joes Documents\February Issue.pub

[2010/01/31 22:52:42 | 000,249,005 | ---- | C] () -- D:\Joes Documents\Newspaper_pub.zip

[2010/01/31 20:06:49 | 000,013,381 | ---- | C] () -- D:\Joes Documents\Celiac%20Follow%20Up%20wordpad[1].rtf

[2010/01/31 18:06:04 | 000,025,088 | ---- | C] () -- D:\Joes Documents\Doc2.doc

[2010/01/31 17:24:19 | 000,030,720 | ---- | C] () -- D:\Joes Documents\Da Interviews FOO.doc

[2010/01/31 14:50:24 | 000,047,104 | ---- | C] () -- D:\Joes Documents\articles_4_paper.doc

[2010/01/30 09:40:20 | 000,053,760 | ---- | C] () -- D:\Joes Documents\High School Transcript.doc

[2010/01/23 15:00:51 | 000,022,016 | ---- | C] () -- D:\Joes Documents\mike his.doc

[2010/01/21 20:34:16 | 000,019,968 | ---- | C] () -- D:\Joes Documents\a stupid woman.doc

[2010/01/21 20:26:19 | 000,020,480 | ---- | C] () -- D:\Joes Documents\MEETING PLAN.doc

[2010/01/19 19:29:45 | 000,022,016 | ---- | C] () -- D:\Joes Documents\Mike.doc

[2008/12/29 13:57:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI

[2008/12/26 11:32:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2008/12/25 21:37:47 | 000,153,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys

[2008/12/25 21:37:47 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys

[2008/12/25 21:37:47 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys

[2008/12/25 18:00:49 | 000,007,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/12/24 21:24:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008/12/24 21:06:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll

[2008/12/24 21:06:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll

[2008/12/24 21:06:02 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll

[2008/12/24 21:06:02 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll

[2008/12/24 21:06:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll

[2008/12/24 20:31:41 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll

[2008/12/24 20:26:43 | 000,121,948 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini

[2008/12/24 20:26:28 | 000,108,562 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini

[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL

[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

< End of report >

Extras:

OTL Extras logfile created on: 2/15/2010 4:15:26 PM - Run 1

OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Joe\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free

Paging file location(s): C:\pagefile.sys 1104 2208 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 14.65 Gb Total Space | 0.30 Gb Free Space | 2.05% Space Free | Partition Type: NTFS

Drive D: | 22.62 Gb Total Space | 5.23 Gb Free Space | 23.10% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

Drive H: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

I: Drive not present or media not loaded

Computer Name: MJ1

Current User Name: Joe

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: All users

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"H:\setup\HPZNUI01.EXE" = H:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)

"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found

"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found

"C:\Program Files\TRACKSTERS\update.exe" = C:\Program Files\TRACKSTERS\update.exe:*:Enabled:TrueUpdate Client -- ()

"C:\Program Files\TRACKSTERS\Tracksters.exe" = C:\Program Files\TRACKSTERS\Tracksters.exe:*:Enabled:Tracksters -- ()

"C:\Documents and Settings\All Users\Application Data\13a6568\MS13a6.exe" = C:\Documents and Settings\All Users\Application Data\13a6568\MS13a6.exe:*:Enabled:My Security Wall -- ()

"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR

"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype

Link to post
Share on other sites

HA! I just got the Error again, when I tried to access my email, and I will copy it for you here.

"There is a problem with this website's security certificate.

The security certificate presented by this website was not issued by a trusted certificate authority.

The security certificate presented by this website has expired or is not yet valid.

The security certificate presented by this website was issued for a different website's address.

Security certificate problems may indicate an attempt to fool you or intercept any data you send to the server.

We recommend that you close this webpage and do not continue to this website.

Click here to close this webpage.

Continue to this website (not recommended).

More information "

At first, I thought it was my TrendMicro firewall, (Which has worked remarkably well for the past few years I've had it,) but at second glance this looks like the Windows blocker.

Link to post
Share on other sites

Hi Lhyrre,

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code
    [resethosts]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please try some Google searches and let me know if they are working OK now.

Link to post
Share on other sites

Hi Lhyrre,

Try again with this

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png textbox. Do not include the word Code
    :Commands
    [emptytemp]
    [resethosts]


  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Please try some Google searches and let me know if they are working OK now.

Link to post
Share on other sites

All processes killed

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bryan

->Temp folder emptied: 22819834 bytes

->Temporary Internet Files folder emptied: 128098440 bytes

->Google Chrome cache emptied: 38504151 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

User: Joe

->Temp folder emptied: 274080015 bytes

->Temporary Internet Files folder emptied: 1082401122 bytes

->Java cache emptied: 32932385 bytes

->Google Chrome cache emptied: 5837168 bytes

User: Katie

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 474310646 bytes

->Google Chrome cache emptied: 11656438 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 18604954 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1138887 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 5784099 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 84842 bytes

RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,999.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.1.28.0 log created on 02152010_175022

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

*

That's it. I tried the google search from the bar, and it still redirected me to gala search. However, when run from google, when I type in the adress, the searches are no longer redirecting. (That's a relief...)

Link to post
Share on other sites

Hi Lhyrre,

when I type in the adress, the searches are no longer redirecting.

Good, now let's fix gala search.

  1. Click the down arrow next to the search box to open the list. Your default search will be shown there.
  2. Click on Find More Providers. This will take you to microsoft.com and a list of providers will be shown.
  3. Select another search provider (for example Bing)
  4. Click on the arrow next to the search box and select Manage search providers
  5. click on Bing and then click on Set as default
  6. click on Google then click on Remove
  7. click on Close
  8. Now repeat this procedure and add Google from the Microsoft site and then set as default

Now try a Google search from the search bar and let me know if the gala problem has gone.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.3 are vulnerable.

  • Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 18.

  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 18 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u18-windows-i586-p.exe to install the newest version

.

Link to post
Share on other sites

Hi Lhyrre,

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Remove GMER

Delete the GMER icon from your desktop, it will be named 8ef0qcv0.exe

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Create a new, clean System Restore point which you can use in case of future system problems:

  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Update your AntiVirus Software and keep your other programs up-to-date

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.

You can use one of these sites to check if any updates are needed for your pc.

Secunia Software Inspector

F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.