google results redirect

[BBecker]

OTL fix results...

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
C:\Documents and Settings\Malia Becker\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Malia Becker\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
C:\Documents and Settings\Malia Becker\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Malia Becker\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Malia Becker\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Malia Becker\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
->Temporary Internet Files folder emptied: 13600634 bytes

User: Malia Becker
->Temp folder emptied: 3254140927 bytes
->Temporary Internet Files folder emptied: 187561754 bytes
->Java cache emptied: 47186434 bytes
->FireFox cache emptied: 111104120 bytes
->Flash cache emptied: 1569107 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 498655265 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 103651744 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 19828551 bytes
RecycleBin emptied: 1362504555 bytes

Total Files Cleaned = 5,341.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05112011_063929

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\home_;site=nbc;sect=home;sub=;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=1;ord=100457611671[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\home_comcastweblogo;site=nbc;sect=home;sub=comcastweblogo;genre=reality;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;po[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\rcru_games;site=nbc;sect=rcru;sub=games;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=5[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=653[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZQK3RPKL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\XWM8PIMB\boxed_sets;sz=300x250;s=48;s=176;s=140;s=12;s=64;s=92;s=210;s=49;s=199;s=177;s=156;s=128;s=55;s=145;s=28;s=3;s=1;s=98;s=10;s=75;s=37;s=16;s=179;s=88;s=51;s=27;s=172;s=14[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP4BQDOT\CASLQF8P.com%2Fsearch%3Fhl%3Den%26q%3Dtintin%2Bin%2Bthe%2Bcongo%26btnG%3DGoogle%2BSearch&cc=100&u_h=1024&u_w=1280&u_ah=990&u_aw=1280&u_cd=32&u_tz=-300&u_his=6&u_java=true not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP4BQDOT\gijoe-40th-Aniversary_W0QQsofocusZbsQQsbrftogZ1QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfsooZ1[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP4BQDOT\gijoe-40th-Aniversary_W0QQsofocusZbsQQsbrftogZ1QQfromZR10QQsacatZ-1QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfsooZ1[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\WP4BQDOT\tintin_W0QQcatrefZC6QQcoactionZcompareQQcoentrypageZsearchQQcopagenumZ1QQfromZR10QQfrtsZ50QQfsooZ1QQfsopZ1QQfstypeZ1QQftrtZ1QQftrvZ1QQsacatZQ2d1QQsaprchiZQQsaprcloZ[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\WLA38LQV\gijoe-40th-Aniversary_W0QQsofocusZbsQQsbrftogZ1QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfsooZ1QQcoacti[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\QT6DCF49\gijoe-40th-Aniversary_W0QQsofocusZbsQQsbrftogZ1QQcatrefZC6QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfso[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\home_;site=nbc;sect=home;sub=;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=100457611671[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\home_comcasttilelogo;site=nbc;sect=home;sub=comcasttilelogo;genre=reality;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\home_comcasttilelogo;site=nbc;sect=home;sub=comcasttilelogo;genre=reality;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\home_ribbon;site=nbc;sect=home;sub=ribbon;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;pos=9;tile=9;ord=153306805645[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\rcru_games;site=nbc;sect=rcru;sub=games;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;til[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\rcru_games;site=nbc;sect=rcru;sub=games;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;til[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=300x2[1] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\Q1XU3I5K\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=300x2[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHMJ8XQF\gijoe-40th-Aneversary_W0QQsofocusZbsQQsbrftogZ1QQcatrefZC6QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfso[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHMJ8XQF\gijoe-40th-Anevirsary_W0QQsofocusZbsQQsbrftogZ1QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfsooZ1QQcoacti[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\GHMJ8XQF\GIJOE-40th-anniversary_W0QQsofocusZbsQQsbrftogZ1QQfromZR10QQsacatZ-1QQcatrefZC6QQsargnZ-1QQsaslcZ2QQsadisZ200QQfposZQ5AIPQ2FPostalQQftrtZ1QQftrvZ1QQfsopZ1QQfsooZ1[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\F37MTBLX\entertainment;comp=;ptype=story;pageid=495743;col=;kw=ramsay+gordon+restaurant;s1=entertainment;s2=null;pos=console300x100;url=story_0_2933_482726_00;fnc=ad;;sid=undefin[1] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\home_toyotawebexclusive;site=nbc;sect=home;sub=toyotawebexclusive;genre=comedy;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;[1] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\home_toyotawebexclusive;site=nbc;sect=home;sub=toyotawebexclusive;genre=comedy;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_games;site=nbc;sect=rcru;sub=games;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=3[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=300x2[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=728x9[1] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=728x9[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=930[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=967[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\DR73998A\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=[3] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\B43BKAAE\drama;sz=728x90;s=48;s=176;s=140;s=12;s=64;s=92;s=210;s=49;s=199;s=177;s=156;s=128;s=55;s=145;s=28;s=3;s=1;s=98;s=10;s=75;s=37;s=16;s=179;s=88;s=51;s=27;s=172;s=144;s=32[1].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\B43BKAAE\drama;sz=728x90;s=48;s=176;s=140;s=12;s=64;s=92;s=210;s=49;s=199;s=177;s=156;s=128;s=55;s=145;s=28;s=3;s=1;s=98;s=10;s=75;s=37;s=16;s=179;s=88;s=51;s=27;s=172;s=144;s=32[2].htm not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\B43BKAAE\entertainment;comp=;ptype=story;pageid=495743;col=;kw=ramsay+gordon+restaurant;s1=entertainment;s2=null;pos=frame1;url=story_0_2933_482726_00;fnc=ad;;sid=undefined;sz=30[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\B43BKAAE\entertainment;dcopt=ist;comp=;ptype=story;pageid=495743;col=;kw=ramsay+gordon+restaurant;s1=entertainment;s2=null;pos=top;url=story_0_2933_482726_00;fnc=ad;;sid=undefine[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\1230082644@PageCounter,HeaderSpon,WindowShade,WxSpon,PageSpon,PageSpon2,PdSearch,PageSpon3,PageSpon4,PList1,PList2,PList3,PList4,PList5,PList6,Hidden1,Hidden2[1] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\home_;site=nbc;sect=home;sub=;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=153306805645[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\home_;site=nbc;sect=home;sub=;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=1;ord=153306805645[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\home_comcastweblogo;site=nbc;sect=home;sub=comcastweblogo;genre=reality;daypart=primetime;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;po[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\home_ribbon;site=nbc;sect=home;sub=ribbon;genre=;daypart=;!category=home;!category=js;!category=nbc;network=tvn;sz=1x1;tagtype=js;uri=;pos=9;tile=9;ord=100457611671[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\rcru_gamesadventure;site=nbc;sect=rcru;sub=gamesadventure;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;!category=noexpand;network=tvn;sz=728x9[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=684[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=300x250;tagtype=js;uri=;pos=7;tile=7;ord=825[2] not found!
File\Folder C:\Documents and Settings\Malia Becker\Local Settings\Temp\Temporary Internet Files\Content.IE5\87TNMYJL\rcru_home;site=nbc;sect=rcru;sub=home;genre=drama;daypart=primetime;!category=rcru;!category=js;!category=nbc;network=tvn;sz=728x90;tagtype=js;dcopt=ist;uri=;pos=1;tile=[2] not found!

Registry entries deleted on Reboot...

 

[ken545]

:bigthumb:

How are things running now, any redirects or unwanted POP Up windows ?

 

[BBecker]

log from new OTL scan...

OTL logfile created on: 5/11/2011 7:21:31 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Malia Becker\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 52.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.03 Gb Total Space | 81.07 Gb Free Space | 54.39% Space Free | Partition Type: NTFS

Computer Name: SRS1 | User Name: Malia Becker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Malia Becker\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Malia Becker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWIZARD.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
PRC - C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Intel\Wireless\Bin\1XConfig.exe (Intel)
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe (IBM Corporation)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Malia Becker\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (SBAMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBAMSvc.exe (Sunbelt Software)
SRV - (SBPIMSvc) -- C:\Program Files\Sunbelt Software\VIPRE\SBPIMSvc.exe (Sunbelt Software)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe ()
SRV - (Retrospect Helper) -- C:\Program Files\Dantz\Retrospect 7.0\rthlpsvc.exe (EMC Dantz)
SRV - (RetroLauncher) -- C:\Program Files\Dantz\Retrospect 7.0\retrorun.exe (EMC Dantz)
SRV - (QCONSVC) -- C:\WINDOWS\system32\QCONSVC.EXE (IBM Corp.)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (ICDSPTSV) -- C:\WINDOWS\system32\IcdSptSv.exe (Sony Corporation)


========== Driver Services (SafeList) ==========

DRV - (SbTis) -- C:\WINDOWS\system32\drivers\sbtis.sys (Sunbelt Software, Inc.)
DRV - (sbapifs) -- C:\WINDOWS\system32\drivers\sbapifs.sys (Sunbelt Software)
DRV - (sbaphd) -- C:\WINDOWS\system32\drivers\sbaphd.sys (Sunbelt Software)
DRV - (SBRE) -- C:\WINDOWS\system32\drivers\SBREDrv.sys (Sunbelt Software)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (elagopro) -- C:\WINDOWS\system32\drivers\elagopro.sys (Gteko Ltd.)
DRV - (elaunidr) -- C:\WINDOWS\system32\drivers\elaunidr.sys (Gteko Ltd.)
DRV - (QCNDISIF) -- C:\WINDOWS\system32\drivers\qcndisif.sys (IBM Corporation.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.SYS ()
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (ltmodem5) -- C:\WINDOWS\system32\drivers\ltmdmnt.sys (LT)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (ICDUSB2) Sony IC Recorder (ST) -- C:\WINDOWS\system32\drivers\IcdUsb2.sys (Sony Corporation)
DRV - (S3SSavage) -- C:\WINDOWS\system32\drivers\s3ssavm.sys (S3 Graphics, Inc.)
DRV - (TwoTrack) -- C:\WINDOWS\system32\drivers\TwoTrack.sys (IBM Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.worldmag.com/index.cfm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.worldmag.com/index.cfm"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/14 21:13:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/10 18:44:37 | 000,000,000 | ---D | M]

[2009/08/18 20:24:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malia Becker\Application Data\Mozilla\Extensions
[2011/05/10 08:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malia Becker\Application Data\Mozilla\Firefox\Profiles\we1cutxq.default\extensions
[2010/07/12 07:23:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Malia Becker\Application Data\Mozilla\Firefox\Profiles\we1cutxq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/29 20:12:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Malia Becker\Application Data\Mozilla\Firefox\Profiles\we1cutxq.default\extensions\browserhighlighter@ebay.com
[2011/05/10 08:39:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/21 22:04:27 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MALIA BECKER\APPLICATION DATA\MOVE NETWORKS
[2008/12/08 14:45:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/09/20 18:48:45 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol308.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll

O1 HOSTS File: ([2011/05/11 06:39:35 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe ()
O4 - HKLM..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE (IBM Corp.)
O4 - HKLM..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE (IBM Corp.)
O4 - HKLM..\Run: [S3TRAY2] C:\WINDOWS\System32\S3Tray2.exe (S3 Graphics, Inc.)
O4 - HKLM..\Run: [SBAMTray] C:\Program Files\Sunbelt Software\VIPRE\SBAMTray.exe (Sunbelt Software)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (IBM Corporation)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (IBM Corp.)
O4 - HKLM..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKCU..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe (IBM)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Audible Download Manager.lnk = C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
O4 - Startup: C:\Documents and Settings\Malia Becker\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Malia Becker\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} http://www.crsdata.net/CRSDataObject/CRSNInfo.cab (CRS Inc. Data Object)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} http://www.crsdata.net/investor/maps/downloads/mgaxctrlv65.cab (Autodesk MapGuide ActiveX Control)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symantec.com/activex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} http://offers.e-centives.com/cif/download/bin/actxcab.cab (CBSTIEPrint Class)
O16 - DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} http://www.tellmemore-online.com/bin/tol7inst.cab (InstallerCtrl Class)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4.1/jinstall-141-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://keymark.webex.com/client/v_mywebex-t20/support/ieatgpc.cab (GpcContainer Class)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\QConGina: DllName - QConGina.dll - C:\WINDOWS\System32\QConGina.dll (IBM Corp.)
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Malia Becker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Malia Becker\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/07/02 00:17:55 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{99e3d934-469c-11dc-9a50-0012f09225af}\Shell\AutoRun\command - "" = E:\wd_windows_tools\setup.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/11 06:39:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/10 18:41:01 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Malia Becker\Desktop\esetsmartinstaller_enu.exe
[2011/05/10 09:58:52 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Malia Becker\Desktop\OTL.exe
[2011/05/10 09:01:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malia Becker\Application Data\Malwarebytes
[2011/05/10 09:01:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/10 09:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/10 09:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/10 09:01:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/10 09:01:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/10 09:01:11 | 007,734,240 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malia Becker\Desktop\mbam-setup.exe
[2011/05/10 07:12:30 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malia Becker\Desktop\TDSSKiller.exe
[2011/05/09 07:58:17 | 000,589,632 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Malia Becker\Desktop\aswMBR.exe
[2011/05/02 23:17:07 | 000,000,000 | ---D | C] -- C:\scan
[2011/05/02 23:12:01 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/02 23:12:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/04/15 07:21:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2011/04/14 21:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Malia Becker\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[4 C:\Documents and Settings\Malia Becker\My Documents\*.tmp files -> C:\Documents and Settings\Malia Becker\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/11 07:11:34 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/11 07:11:30 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/11 07:10:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 07:10:14 | 1341,116,416 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/11 06:50:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/11 06:39:35 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/05/10 18:41:23 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Malia Becker\Desktop\esetsmartinstaller_enu.exe
[2011/05/10 09:58:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Malia Becker\Desktop\OTL.exe
[2011/05/10 09:01:46 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 08:54:16 | 007,734,240 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Malia Becker\Desktop\mbam-setup.exe
[2011/05/10 07:20:23 | 000,445,082 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/10 07:20:23 | 000,072,792 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/09 20:54:42 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/09 20:00:00 | 000,000,636 | ---- | M] () -- C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Malia Becker.job
[2011/05/09 19:18:23 | 000,589,632 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Malia Becker\Desktop\aswMBR.exe
[2011/05/09 18:13:19 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\MBR.dat
[2011/05/09 08:35:41 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Start Menu\Programs\Startup\Dropbox.lnk
[2011/05/09 08:35:41 | 000,001,030 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\Dropbox.lnk
[2011/05/09 08:20:09 | 000,000,911 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/02 23:12:02 | 000,000,595 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\ERUNT.lnk
[2011/05/02 16:02:26 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\dds.com
[2011/05/01 14:21:34 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Malia Becker\Desktop\TDSSKiller.exe
[2011/04/30 15:30:20 | 000,020,921 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\Lowes Proof of Purchase Claim Form FINAL.pdf
[2011/04/28 22:39:24 | 000,857,179 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\Jack's sample #3.jpg
[2011/04/28 12:52:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2011/04/16 07:20:28 | 000,000,795 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/04/16 07:15:27 | 000,175,464 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/16 00:03:04 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/15 07:24:50 | 000,945,817 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\Writing sample.jpg
[2011/04/15 07:23:58 | 000,071,352 | ---- | M] () -- C:\Documents and Settings\Malia Becker\Desktop\Writing sample.tif
[4 C:\Documents and Settings\Malia Becker\My Documents\*.tmp files -> C:\Documents and Settings\Malia Becker\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/10 09:01:46 | 000,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/10 07:07:17 | 1341,116,416 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/09 20:54:42 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/09 08:20:09 | 000,000,911 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\cfg
[2011/05/09 08:00:11 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\MBR.dat
[2011/05/02 23:18:40 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\dds.com
[2011/05/02 23:12:02 | 000,000,595 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\ERUNT.lnk
[2011/04/30 15:30:18 | 000,020,921 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\Lowes Proof of Purchase Claim Form FINAL.pdf
[2011/04/28 22:39:24 | 000,857,179 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\Jack's sample #3.jpg
[2011/04/15 07:24:50 | 000,945,817 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\Writing sample.jpg
[2011/04/15 07:23:58 | 000,071,352 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Desktop\Writing sample.tif
[2011/01/03 14:01:23 | 000,032,360 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/05 01:16:51 | 000,106,200 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/10/04 20:25:45 | 000,000,104 | ---- | C] () -- C:\WINDOWS\Library.ini
[2009/08/28 20:30:33 | 000,000,281 | ---- | C] () -- C:\WINDOWS\Kofax200.ini
[2009/08/20 13:35:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iplayer.INI
[2009/08/18 20:24:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/07/16 21:10:07 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2006/11/03 19:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2006/08/31 11:34:24 | 000,051,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2006/01/04 21:24:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DVEdit.INI
[2005/08/15 17:13:07 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS69.DLL
[2005/08/11 19:07:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\IcdSptSvps.dll
[2005/08/11 19:07:36 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\dsp_trc.dll
[2005/07/13 11:55:14 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Local Settings\Application Data\fusioncache.dat
[2005/07/13 11:27:55 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\CNCMFP12.INI
[2005/07/04 08:00:20 | 000,043,008 | ---- | C] () -- C:\Documents and Settings\Malia Becker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/07/02 00:35:03 | 000,053,248 | R--- | C] () -- C:\WINDOWS\UpdtNv28.exe
[2005/06/26 01:17:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/06/25 12:12:21 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/25 12:11:07 | 000,184,320 | ---- | C] () -- C:\WINDOWS\TPBATHLP.EXE
[2005/06/25 12:09:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2005/06/25 12:09:02 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2005/06/25 12:09:02 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2005/06/25 12:08:21 | 000,002,432 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.SYS
[2005/06/25 11:52:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2005/06/25 11:52:01 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2005/06/25 11:52:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2005/06/25 11:52:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2005/06/25 11:52:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2005/06/25 11:52:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2005/06/25 11:50:28 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/06/25 11:49:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2005/06/25 11:41:34 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2005/06/25 11:40:44 | 000,009,341 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2005/06/25 11:37:08 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2005/06/25 11:36:54 | 000,114,688 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2005/06/25 10:12:50 | 000,002,481 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/11/08 20:12:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/02 17:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/03/19 15:12:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2004/01/09 09:10:32 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\AIBMRUNL.dll
[2003/02/20 12:32:29 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/02/20 12:18:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/02/20 12:09:47 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/20 12:03:32 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/20 12:02:39 | 000,175,464 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/14 12:00:26 | 000,038,567 | ---- | C] () -- C:\WINDOWS\System32\pcpbios.exe
[2002/01/09 21:38:20 | 000,106,496 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2001/08/23 10:26:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2001/08/23 10:24:30 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1980/01/01 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 03:00:00 | 000,445,082 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 03:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1980/01/01 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 03:00:00 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[1980/01/01 03:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[1980/01/01 03:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1980/01/01 03:00:00 | 000,072,792 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 03:00:00 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ibmpmsvc.exe
[1980/01/01 03:00:00 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\tpinspm.dll
[1980/01/01 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 03:00:00 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[1980/01/01 03:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1980/01/01 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMPFC5A2B2

< End of report >

 

[BBecker]

No redirects or pop-ups occurring. Good sign!

Anything else hidden I should search for?

Also, do we know what this infection was? Anything obvious we should be doing to prevent it?

 

[ken545]

You where infected by the latest version of the TDSS Rootkit, many ways to get this, File Sharing with the Torrents, downloading illegal software, opening attachments in your mail from people you dont know or just plain wandering into an infected website.

With the seriousness of this infection there could be more lurking.

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[BBecker]

Results of ComboFix...

ComboFix 11-05-10.02 - Malia Becker 05/11/2011 9:04.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1279.579 [GMT -4:00]
Running from: c:\documents and settings\Malia Becker\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Malia Becker\Application Data\.#
C:\Images
c:\program files\IBM\Updater\ucstartup.exe
c:\windows\system32\BSTIEPrintCtl1.dll
c:\windows\system32\bszip.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-11 10:39 . 2011-05-11 10:39 -------- d-----w- C:\_OTL
2011-05-10 13:01 . 2011-05-10 13:01 -------- d-----w- c:\documents and settings\Malia Becker\Application Data\Malwarebytes
2011-05-10 13:01 . 2011-05-10 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-05-10 13:01 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-10 13:01 . 2011-05-10 13:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-10 13:01 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-03 03:17 . 2011-05-09 22:24 -------- d-----w- C:\scan
2011-05-03 03:12 . 2011-05-03 03:12 -------- d-----w- c:\program files\ERUNT
2011-04-15 11:21 . 2011-04-15 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SSScanAppDataDir
2011-04-15 01:37 . 2011-04-15 01:37 -------- d-----w- c:\documents and settings\Malia Becker\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 11:15 . 2005-06-25 15:14 61696 ----a-w- c:\windows\system32\drivers\ohci1394.sys
2011-03-07 05:33 . 2003-02-20 16:10 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:45 . 1980-01-01 07:00 434176 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 1980-01-01 07:00 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-20 18:17 . 2008-08-10 18:31 398760 ----a-r- c:\windows\system32\cpnprt2.cid
2011-02-17 13:51 . 2005-06-25 15:21 81920 ----a-w- c:\windows\system32\ieencode.dll
2011-02-17 13:51 . 1980-01-01 07:00 667136 ----a-w- c:\windows\system32\wininet.dll
2011-02-17 13:51 . 1980-01-01 07:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2011-02-17 13:18 . 1980-01-01 07:00 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 1980-01-01 07:00 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:37 . 2005-06-25 15:21 369664 ----a-w- c:\windows\system32\html.iec
2011-02-17 12:32 . 2009-04-16 12:32 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 1980-01-01 07:00 290432 ----a-w- c:\windows\system32\atmfd.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Malia Becker\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Malia Becker\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Malia Becker\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Malia Becker\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-07-22 442368]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-03-09 26100520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-09 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 69632]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-06-16 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-06-16 512000]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TpShocks"="TpShocks.exe" [2004-03-27 102400]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2005-03-04 94208]
"TP4EX"="tp4ex.exe" [2002-09-04 53248]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 339968]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-09-02 127035]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-07-22 442368]
"QCTRAY"="c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE" [2005-03-18 745472]
"QCWLICON"="c:\progra~1\ThinkPad\CONNEC~1\QCWLIcon.exe" [2005-03-18 86016]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 395776]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2010-08-20 1348944]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
.
c:\documents and settings\Malia Becker\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Malia Becker\Application Data\Dropbox\bin\Dropbox.exe [2011-5-3 24172208]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2008-12-9 1783128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2005-03-18 10:07 262144 ----a-w- c:\windows\system32\QConGina.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2004-08-13 03:11 24576 ----a-w- c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2006-09-14 12:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 21:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]
2007-03-15 21:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KDTray]
2009-05-27 20:16 278528 ----a-w- c:\program files\Kofax\Kofax Desktop\bin\KofaxDesktopTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-09 03:02 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-09-10 12:38 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"c:\\Program Files\\Dantz\\Retrospect 7.0\\Retrospect.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\win\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Malia Becker\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"<NO NAME>"=
.
R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [9/5/2010 9:18 AM 21464]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [5/13/2010 7:56 AM 98392]
R1 SbTis;SbTis;c:\windows\system32\drivers\sbtis.sys [9/5/2010 9:14 AM 212568]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [6/25/2005 12:11 PM 16384]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [9/5/2010 9:18 AM 69976]
R2 SBPIMSvc;SB Recovery Service;c:\program files\Sunbelt Software\VIPRE\SBPIMSvc.exe [8/20/2010 9:15 AM 181584]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 5:20 PM 135664]
S2 SBAMSvc;VIPRE Antivirus;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [8/20/2010 9:16 AM 2763080]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2010 5:20 PM 135664]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\system32\drivers\IcdUsb2.sys [8/11/2005 7:07 PM 39048]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.sys [6/25/2005 12:08 PM 12288]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 5:06 PM 11520]
.
Contents of the 'Scheduled Tasks' folder
.
2005-11-05 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2005-06-25 08:37]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:20]
.
2011-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 21:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.worldmag.com/index.cfm
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: {0612502E-29F8-11D6-BC3C-00C0F0167E34} - hxxp://www.crsdata.net/CRSDataObject/CRSNInfo.cab
DPF: {C7C7152F-6E85-44F3-A14B-A7F85FDDEA3B} - hxxp://www.tellmemore-online.com/bin/tol7inst.cab
FF - ProfilePath - c:\documents and settings\Malia Becker\Application Data\Mozilla\Firefox\Profiles\we1cutxq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.worldmag.com/index.cfm
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Malia Becker\Application Data\Move Networks
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-UC_Start - c:\program files\IBM\Updater\\ucstartup.exe
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-11 09:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(912)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
Completion time: 2011-05-11 09:16:11
ComboFix-quarantined-files.txt 2011-05-11 13:15
.
Pre-Run: 86,906,540,032 bytes free
Post-Run: 86,881,947,648 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
.
- - End Of File - - 511DFE0EAF4A005DC82E237E58D05307

 

[ken545]

:bigthumb:

How is your system behaving now ?

 

[BBecker]

So far all seems to be working as it should with regard to internet (Google results no longer redirected).

We still have problems with Word and Excel (2003) complaining that they have encountered a problem and need to close AFTER you have already initiated closing them, but that has been going on for at least 5 months now, so I would think that is probably a Microsoft bug (due to some XP or library update), unrelated to this root kit/malware infection.

 

[ken545]

:bigthumb:

Why dont you post here in this forum for your Excel problem as we just do malware removal on this one. All us forums work together so feel free to link them to this thread so they can see what we have done.
http://forums.whatthetech.com/index.php?showforum=120

• Click START then RUN
• Now type Combofix /uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.
  
  
  
  

Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups

• 
  How did I get infected in the first place ?
  Read these links and find out how to prevent getting infected again.
• Tutorial for System Restore <-- Do this first to prevent yourself from being reinfected.
• WhattheTech
• Grinler BleepingComputer
• GeeksTo Go
• Dslreports

Safe Surfn
Ken

 

[BBecker]

Thanks!

Ken, Thank you for your assistance in cleaning up our mess!

 

[ken545]

Your very welcome

Take care,

Ken

 

[ken545]

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.