Jump to content

ken42

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ken42
    Hi Maurice, The files in \Kits\... are simply installation kits for various software tools or products. The two in question are expendable and probably not the latest versions anyway, so I'll just delete them along with the other content in those folders. Also, we aren't using Outlook Express (it came pre-installed on the computer and we used it very briefly), so I'm thinking it best to uninstall OE and then delete any remaining OE-related files. . . . and then I'll do another Disk Cleanup! Thanks again! Ken
  2. ken42
    Hi Maurice, I downloaded the trial version of Kaspersky Internet Security 2010 and ran a full scan. It cleaned up the items from the previous online scan plus a few additional items. The scans are now clean, and as far as I can tell, my wife's computer is fully functional again. Thanks VERY MUCH for all the help! Ken
  3. ken42
    Hi Maurice, I'm back. Your points are well taken. I figured - in MY case - the risk was acceptable since I was on the verge of deciding to wipe the system and peice things together from backups. That said, I'm happy to find that the computer is still at least as functional as it was before I got trigger happy. I ran another full Kaspersky online scan. Started it before I left a week ago, and now have the report (see below). I think it is mostly reporting infections in areas that *may* be less harmful (e.g., backup copies of infected files vs "live" infections). Based on what you've seen here, do you think a purchased copy of Kaspersky Anti-Virus 2010 + Kaspersky Internet Security 2010 would have fully detected and cleaned this computer's infections? Possibly prevented the infections? Or limited the severity of the infections or reduced the amount of time / effort required to eliminate the infections? If so, my wife suggests it would be money well spent. Here's the latest scan report. Please let me know what steps I should take next. And thanks again for all your help! Ken - - - - - - - - - - - - - - -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, March 28, 2010 Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, March 20, 2010 06:17:53 Records in database: 3822046 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ E:\ F:\ Scan statistics: Objects scanned: 201615 Threats found: 13 Infected objects found: 19 Suspicious objects found: 0 Scan duration: 06:55:17 File name / Threat / Threats count C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239644.exe Infected: not-a-virus:AdWare.Win32.AdSrve.b 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239644.exe Infected: not-a-virus:AdWare.Win32.AdSrve.c 2 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239644.exe Infected: Trojan.Win32.Runner.d 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239644.exe Infected: Trojan.Win32.VB.od 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239645.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239645.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239646.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239647.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239648.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1 C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1796\A0239649.vbs Infected: Trojan.VBS.KillAV.h 1 D:\Kits\STT\standardsetup.exe Infected: Trojan.Win32.Clicker.a 1 D:\Kits\Util\UltraVnc-101-Setup.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 2 F:\backups\it\20070524\DAS\Tammi\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1 F:\backups\it\20070524\DAS\Tammi\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Sobig.a 1 F:\backups\it\20070524\DAS\Tammi\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Tanatos.b.dam 1 Selected area has been scanned.
  4. ken42
    Hi Maurice! The remote-run of Kaspersky finished. It reported a bunch of nasty stuff. I thought I'd be clever and delete the nasty files, but clearly the infection is protecting itself . . . some files I just couldn't delete and at least one file would let me delete it but the file would reappear after a few seconds. So, I thought I'd be even more clever and see if I've learned something from your VERY helpful posts. . . I used Avenger to delete the remaining nasty files! That seems to have worked. I can now launch IE again (I'm posting from IE running on my wife's computer right now), and I was also able to get Kaspersky online scan running directly on my wife's computer. I'll post the log from the local scan when it completes (or that might have to wait a week). For now, here are the logs from what I just finished. Thanks again! Ken >>>>>>>>>>>>>>>>>>>> Kaspersky (remotely-run) log <<<<<<<<<<<<<<<<<<<< -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Friday, March 19, 2010 Operating system: Microsoft (build 7600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Friday, March 19, 2010 14:38:34 Records in database: 3815708 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - Folder: M:\ Scan statistics: Objects scanned: 171377 Threats found: 14 Infected objects found: 23 Suspicious objects found: 6 Scan duration: 08:29:55 File name / Threat / Threats count M:\Documents and Settings\Tammi\Local Settings\Application Data\Identities\{B11A468A-75A0-4AFC-B54F-4F1605423790}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2 M:\Documents and Settings\Tammi\Local Settings\Application Data\Identities\{B11A468A-75A0-4AFC-B54F-4F1605423790}\Microsoft\Outlook Express\Inbox.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 1 M:\Documents and Settings\Tammi\Local Settings\Application Data\Identities\{B11A468A-75A0-4AFC-B54F-4F1605423790}\Microsoft\Outlook Express\PayPal Fraud.dbx Infected: Email-Worm.Win32.Mydoom.e 2 M:\Documents and Settings\Tammi\Local Settings\Application Data\Identities\{B11A468A-75A0-4AFC-B54F-4F1605423790}\Microsoft\Outlook Express\Sent Items.dbx Infected: Email-Worm.Win32.Mydoom.e 2 M:\Documents and Settings\Tammi\Local Settings\Application Data\Microsoft\Outlook\Exchange\MAILBOX.PST Suspicious: Trojan-Spy.HTML.Fraud.gen 3 M:\Documents and Settings\Tammi\Local Settings\Application Data\Microsoft\Outlook\Exchange\MAILBOX.PST Infected: Email-Worm.Win32.Mydoom.e 2 M:\Documents and Settings\Tammi\Local Settings\Temp\bvnr.tmp Infected: Trojan-PSW.Win32.Kates.cu 1 M:\Kits\kadellin-bx1\Parent\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c 2 M:\Kits\kadellin-bx1\Parent\UltraVNC-102-Setup.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 1 M:\Overpro-401.exe Infected: not-a-virus:AdWare.Win32.AdSrve.b 1 M:\Overpro-401.exe Infected: not-a-virus:AdWare.Win32.AdSrve.c 2 M:\Overpro-401.exe Infected: Trojan.Win32.Runner.d 1 M:\Overpro-401.exe Infected: Trojan.Win32.VB.od 1 M:\Program Files\UltraVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1 M:\Program Files\UltraVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.e 1 M:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1789\A0238339.exe Infected: Trojan-PSW.Win32.Kates.cb 1 M:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1791\A0238394.exe Infected: Trojan-PSW.Win32.Kates.ct 1 M:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1792\A0238411.exe Infected: Trojan-PSW.Win32.Kates.ct 1 M:\VNC\vnc-4_1_3-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 2 M:\WINDOWS\system32\wstart3.vbs Infected: Trojan.VBS.KillAV.h 1 Selected area has been scanned. >>>>>>>>>>>>>>>>>>>> Avenger log <<<<<<<<<<<<<<<<<<<< Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\Documents and Settings\Tammi\Local Settings\Temp\bvnr.tmp" deleted successfully. File "C:\Kits\kadellin-bx1\Parent\UltraVNC-102-Setup.exe" deleted successfully. File "C:\Overpro-401.exe" deleted successfully. File "C:\Program Files\UltraVNC\vnchooks.dll" deleted successfully. File "C:\Program Files\UltraVNC\winvnc.exe" deleted successfully. File "C:\VNC\vnc-4_1_3-x86_win32.exe" deleted successfully. File "C:\Windows\system32\wstart3.vbs" deleted successfully. Completed script processing. ******************* Finished! Terminate.
  5. ken42
    Hi Maurice, I can't get Kaspersky to run on my wife's computer. Actually, I can't even get the web site to come up correctly, and now IE is crashing frequently. Maybe IE is missing a normally-important-but-recently-infected-found-and-removed file? I'm running Kaspersky from a known-clean computer on my network, pointing to network-mapped drives on my wife's computer. I know that will miss whatever is in RAM and also the registry, but I'm hoping it will at least remove enough infection (via disk files) so that I can do a local scan/clean on my wife's computer. Looks like it will take a VERY long time, longer since it's via the network. But I can be patient. ;-) In the meantime, I'm going to look through our backup logs and seriously consider restoring my wife's computer to a previous known-clean state. If I'm fortunate, I'll be able to just restore clean versions of now-infected files. But the way things are going, I'm feeling less averse to just wiping the disks and restoring just the personal (i.e., non-system) files. Thank goodness for mozy.com! ;-) I'll post again when I get a completed Kaspersky scan log, if it finishes early enough today. If not, it will be about a week before I can dive back into this mess - I may be offline until 3/28. Thanks again for all the help! Ken
  6. ken42
    Hi Maurice, I couldn't find the file you said to remove - I think MBAM already removed it. Since the path where that file was is just a non-essential plug-in, I've removed everything from .\Move Networks\... and below. The problem with MBAM getting killed after launch is still there. Fortunately the launch-twice-and-click-scan-immediately trick is still working (at least on the winlogon.exe file). Here's the next log from MBAM (and I clicked to remove the files indicated by MBAM). . . . Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 3/18/2010 1:43:07 AM mbam-log-2010-03-18 (01-43-07).txt Scan type: Full Scan (C:\|D:\|F:\|) Objects scanned: 368479 Time elapsed: 1 hour(s), 9 minute(s), 24 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (reboot) (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1793\A0238591.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1793\A0239141.exe (Trojan.Banker) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1793\A0239243.sys (Malware.Trace) -> Quarantined and deleted successfully. >>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<<<<< And here's the last log from MBAM, which shows a clean system. HOWEVER, I'm still seeing the original symptoms of infection. Malwarebytes' Anti-Malware 1.44 Database version: 3510 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 3/18/2010 1:56:28 PM mbam-log-2010-03-18 (13-56-28).txt Scan type: Full Scan (C:\|D:\|F:\|) Objects scanned: 368584 Time elapsed: 1 hour(s), 7 minute(s), 0 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) >>>>>>>>>>>>>>>>>>>> <<<<<<<<<<<<<<<<< Any thoughts on what to do next? Thanks! Ken
  7. ken42
    Hi Maurice, I did steps B - E (I haven't yet purchased MBAM). On step E, the randomly-named mbam would not stay running, and also if I renamed it to KEN.EXE, it would quit just after launching. Same problem with winlogon.exe in the mbam-installer folder, BUT . . . I found that if I launched winlogon.exe twice (one right after the other), that one of the instances would stay running *IF* I also clicked on the scan button quickly enough. I actually tried that same maneuver a while back but it didn't help then - I'm not sure why it helped this time. MBAM found 3 infected files and I clicked to remove them and then immediately rebooted. However, clicking on google search result links is still getting redirected. I've launched MBAM again now - still had to do the double-launch trick to get it to stay up - and we'll see what it finds this time. Takes about an hour to run a full scan. Here, below, is the log from the first MBAM full-scan I ran earlier this evening. Thanks, Ken >>>>>>>>>>>>>> mbam-log.txt <<<<<<<<<<<<<<< Malwarebytes' Anti-Malware 1.44 Database version: 3878 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 3/17/2010 9:39:22 PM mbam-log-2010-03-17 (21-39-12).txt Scan type: Full Scan (C:\|D:\|F:\|) Objects scanned: 383460 Time elapsed: 1 hour(s), 6 minute(s), 8 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 3 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Documents and Settings\Tammi\Application Data\Move Networks\MoveMediaPlayer_07103010.exe (Backdoor.Bot) -> No action taken. C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1793\A0238577.sys (Rootkit.Agent) -> No action taken. C:\System Volume Information\_restore{8D158EE2-D9C9-431C-9BE1-863FB6FF5C9F}\RP1793\A0239130.sys (Rootkit.Agent) -> No action taken.
  8. ken42
    Hi Maurice, Step 1 went fine. Step 2, MBAM launches and then exits after a couple of seconds (before I can click any options), just like before. I tried reinstalling MBAM and checked the launch MBAM check-box at the end of installation . . . same results. I also tried it again after repeating Step 1 . . . same results. Ken
  9. ken42
    Hi Maurice, and thanks again. Here is the output from the tasks you specified . . . . Ken >>>>>>>>>>>>>>>>>>>> Avenger(2).txt . . . . <<<<<<<<<<<<<<<<<<<< Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\MF_C421.lfa" deleted successfully. File "C:\WINDOWS\MF_C420.lfa" deleted successfully. Completed script processing. ******************* Finished! Terminate. >>>>>>>>>>>>>>>>>>>> Combo-fix-log.txt . . . . <<<<<<<<<<<<<<<<<<<< ComboFix 10-03-16.03 - Tammi 03/16/2010 21:17:56.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1280.591 [GMT -5:00] Running from: c:\kits\SpyWareCheckers\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\AUTOLNCH.REG c:\windows\Downloaded Program Files\f3initialsetup1.0.0.15.inf c:\windows\Downloaded Program Files\popcaploader.inf c:\windows\eSellerateEngine.dll c:\windows\run.log c:\windows\system32\advpack0.3x3 c:\windows\system32\asycfilt.3x3 c:\windows\system32\RFHelper.dll c:\windows\system32\SHELLLNK.TLB . ((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 ))))))))))))))))))))))))))))))) . 2010-03-16 18:39 . 2010-03-16 18:39 -------- d-----w- C:\Rooter$ 2010-03-16 15:56 . 2010-03-16 15:56 -------- d-----w- c:\program files\ERUNT 2010-03-12 15:18 . 2010-03-12 15:18 -------- d-----w- c:\documents and settings\Tammi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2010-03-12 15:13 . 2010-03-12 15:13 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-03-12 15:10 . 2010-03-15 13:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-16 00:28 . 2009-11-16 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-03-12 15:11 . 2010-03-12 15:11 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2010-03-01 10:14 . 2009-09-22 02:46 3803208 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe 2010-02-16 20:11 . 2010-02-16 20:11 65536 ----a-r- c:\documents and settings\Tammi\Application Data\Microsoft\Installer\{987D1E20-24AE-424F-89F9-2973FC9C2A57}\NewShortcut2.4747EFCD_A8CE_4016_80F6_050BCAD9FE72.exe 2010-02-16 20:11 . 2010-02-16 20:11 49152 ----a-r- c:\documents and settings\Tammi\Application Data\Microsoft\Installer\{987D1E20-24AE-424F-89F9-2973FC9C2A57}\NewShortcut3_CE3444101D0046CBA9F1EEBEFCF138B2.exe 2010-02-16 20:11 . 2010-02-16 20:11 49152 ----a-r- c:\documents and settings\Tammi\Application Data\Microsoft\Installer\{987D1E20-24AE-424F-89F9-2973FC9C2A57}\NewShortcut1_CE3444101D0046CBA9F1EEBEFCF138B2_1.exe 2010-02-16 20:11 . 2010-02-16 20:11 49152 ----a-r- c:\documents and settings\Tammi\Application Data\Microsoft\Installer\{987D1E20-24AE-424F-89F9-2973FC9C2A57}\DatabaseRepair_116B79E778BA4FE8BD6B967DB1BB46F1.exe 2010-02-16 20:11 . 2010-02-16 20:11 45056 ----a-r- c:\documents and settings\Tammi\Application Data\Microsoft\Installer\{987D1E20-24AE-424F-89F9-2973FC9C2A57}\ARPPRODUCTICON.exe 2010-02-04 22:14 . 2009-06-18 02:46 389784 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll 2010-02-04 22:14 . 2009-06-18 02:46 1181328 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe 2010-02-04 16:16 . 2009-06-18 02:46 823928 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe 2010-01-07 21:07 . 2009-11-16 19:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 21:07 . 2009-11-16 19:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-05 10:00 . 2003-03-31 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00 . 2003-03-31 12:00 17408 ------w- c:\windows\system32\corpol.dll 2009-12-31 16:14 . 2003-03-31 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys 2008-06-18 03:33 . 2008-06-18 03:33 0 -c--a-w- c:\program files\temp01 2005-11-15 01:45 . 2005-11-15 01:45 774144 -c--a-w- c:\program files\RngInterstitial.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2] @="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}" [HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}] 2010-01-04 17:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3] @="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}" [HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}] 2010-01-04 17:36 2848568 ----a-w- c:\program files\MozyHome\mozyshell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-23 67128] "PDFSaver"="c:\program files\PDF-XChange 2.5\PDFSaver.exe" [2003-02-21 61440] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 68856] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "C-Media Mixer"="Mixer.exe" [2002-10-15 1818624] "Opware12"="c:\program files\ScanSoft\OmniPagePro12.0\Opware12.exe" [2002-08-01 49152] "Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632] "zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2004-03-18 892928] "EM_EXEC"="c:\progra~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [2002-07-09 28672] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2004-11-28 65536] "RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2004-11-28 868352] "RoxioAudioCentral"="c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe" [2004-11-28 319488] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2006-05-05 36864] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2006-05-05 40960] "ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-23 94208] "McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 139320] "WinVNC"="c:\program files\UltraVNC\winvnc.exe" [2005-08-07 974848] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-01-27 788880] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2006-10-04 53760] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544] c:\documents and settings\Tammi\Start Menu\Programs\Startup\ ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912] c:\documents and settings\All Users\Start Menu\Programs\Startup\ FA-950.lnk - c:\fa-950\BIN\Klslink.exe [2004-2-27 65536] HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-23 67128] MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2010-1-4 2893624] TabletWorks.lnk - c:\program files\GTCO CalComp\TabletWorks\TWCP.exe [2005-3-7 933888] ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2008-2-5 54512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableStatusMessages"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0sprestrt\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Real\\RealOne Player\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\spoolsv.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "21:TCP"= 21:TCP:*:Disabled:ftp R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/8/2009 9:46 PM 64288] R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [7/19/2004 12:05 PM 53632] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [1/16/2007 1:00 AM 58464] R1 WebDriveFSD;WebDrive File System Driver;c:\program files\WebDrive\rffsd.sys [9/7/2002 4:28 PM 67204] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1181328] R2 mfsyncsv;MirrorFolder auto-synchronization service;c:\windows\system32\mfsyncsv.exe [7/19/2004 7:05 PM 98304] R3 Klsmpad;Klsmpad Device;c:\windows\system32\drivers\Klsmpad.sys [2/27/2004 4:55 PM 24142] S2 gupdate1c9e4a13256cfec;Google Update Service (gupdate1c9e4a13256cfec);c:\program files\Google\Update\GoogleUpdate.exe [6/3/2009 6:15 PM 133104] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [8/29/2002 2:41 PM 96256] S3 DCamUSBOvt;Intel Play Me2Cam;c:\windows\system32\drivers\Me2Cam.sys [5/21/2005 10:45 PM 72556] S3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\DRIVERS\el59x.sys --> c:\windows\system32\DRIVERS\el59x.sys [?] S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys --> c:\windows\system32\DRIVERS\scsiscan.sys [?] S3 WBMSA;Winbond Memory Stick Storage (MS) Device Driver - A;c:\windows\system32\drivers\wbmsa.sys [9/17/2002 11:21 PM 24214] S4 RFNP32;WebDrive Provider; [x] . Contents of the 'Scheduled Tasks' folder 2010-03-17 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:16] 2010-03-17 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:16] 2010-03-17 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:16] 2010-03-17 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:16] 2010-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 16:16] 2010-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-03-01 c:\windows\Tasks\BackupTammiStuff.job - c:\windows\system32\ntbackup.exe [2003-03-31 07:56] 2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:15] 2010-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 23:15] 2002-09-30 c:\windows\Tasks\TASK20020930010621.job - c:\program files\WS_FTP Pro\ftpsync.exe [2002-09-30 18:56] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8 uDefault_Search_Url = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local uCustomizeSearch = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {10101010-1010-1111-1010-101010101011} - mhtml:c:\\WINX.MHT!http://216.240.137.41/counter/ie.exe DPF: {6054D082-355D-4B47-B77C-36A778899F48} - hxxp://qmedia.xlontech.net/100348/qm/latest/qsp2ieFull06061501.cab . - - - - ORPHANS REMOVED - - - - WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKLM-Run-AtiPTA - maybe-delete-this-atiptaxx.exe MSConfigStartUp-Motive SmartBridge - c:\progra~1\SBCLIG~1\SMARTB~1\MotiveSB.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-16 21:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(592) c:\windows\system32\wininet.dll c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(664) c:\windows\system32\wininet.dll - - - - - - - > 'explorer.exe'(1720) c:\windows\system32\WININET.dll c:\program files\ScanSoft\OmniPagePro12.0\ophook12.dll c:\program files\MozyHome\mozyshell.dll c:\program files\Logitech\iTouch\iTchHk.dll c:\windows\system32\ieframe.dll c:\fa-950\BIN\syshook.dll c:\program files\Common Files\Logitech\Scrolling\LgMsgHk.dll c:\progra~1\Logitech\MOUSEW~1\SYSTEM\LGMOUSHK.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\WS_FTP Pro\nsftpch.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Network Associates\Common Framework\FrameworkService.exe c:\progra~1\NETWOR~1\COMMON~1\naPrdMgr.exe c:\program files\Network Associates\VirusScan\vstskmgr.exe c:\program files\MozyHome\mozybackup.exe c:\windows\system32\IoctlSvc.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe c:\program files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2010-03-16 22:05:15 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-17 03:05 Pre-Run: 18,721,529,856 bytes free Post-Run: 18,741,071,872 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - E015FFA60C2D740A569B57C72BE02F60
  10. ken42
    Hi Maurice, Thanks for the detailed instructions! I followed them exactly, but I noticed that while Security Check (screen317) was in the "Preparing" phase, I got an error window saying "Objlist.exe has encountered a problem and needs to close. . . ." So I don't know if it did anything useful. Below are the output of the scans in the order request. I don't know if the redirects would happen in Firefox (not installed on my wife's computer), but the redirects DO happen in Chrome as well as IE 7. Thanks, Ken - - - - - - - - - - - - - - - - - - - - >>>>>>>>>>>>>>>>>>>> avenger.txt . . . <<<<<<<<<<<<<<<<<<<< Logfile of The Avenger Version 2.0, © by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "C:\Windows\System32\brastk.exe" not found! Deletion of file "C:\Windows\System32\brastk.exe" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. >>>>>>>>>>>>>>>>>>>> OTL.txt . . . <<<<<<<<<<<<<<<<<<<< OTL logfile created on: 3/16/2010 12:37:11 PM - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Kits\SpyWareCheckers Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 3200 3200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78.13 Gb Total Space | 17.57 Gb Free Space | 22.49% Space Free | Partition Type: NTFS Drive D: | 78.13 Gb Total Space | 8.34 Gb Free Space | 10.68% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 77.50 Gb Total Space | 66.84 Gb Free Space | 86.25% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ARRIVA2 Current User Name: Tammi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2010/03/16 12:35:12 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Kits\SpyWareCheckers\OTL.com PRC - [2010/02/04 17:14:16 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe PRC - [2010/01/27 05:14:22 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe PRC - [2010/01/04 12:36:28 | 002,893,624 | ---- | M] (Mozy, Inc.) -- C:\Program Files\MozyHome\mozystat.exe PRC - [2009/07/25 05:23:22 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2008/02/05 15:29:20 | 000,054,512 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe PRC - [2008/01/22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008/01/22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007/06/14 12:08:09 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe PRC - [2007/06/13 05:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/03/23 16:40:41 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe PRC - [2006/05/05 12:18:54 | 000,036,864 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\pptd40nt.exe PRC - [2005/08/06 20:45:14 | 000,974,848 | ---- | M] (UltraVNC) -- C:\Program Files\UltraVNC\winvnc.exe PRC - [2005/02/16 23:11:42 | 000,049,152 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe PRC - [2004/11/28 00:01:40 | 000,319,488 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe PRC - [2004/11/28 00:01:38 | 000,118,784 | ---- | M] (Roxio, Inc.) -- C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe PRC - [2004/11/04 19:36:46 | 000,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe PRC - [2004/11/04 19:28:24 | 000,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe PRC - [2004/09/22 21:00:00 | 000,094,208 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\shstat.exe PRC - [2004/09/22 21:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe PRC - [2004/08/06 04:50:00 | 000,237,623 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe PRC - [2004/08/06 04:50:00 | 000,139,320 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe PRC - [2004/08/06 04:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe PRC - [2004/07/19 19:05:04 | 000,098,304 | ---- | M] (Techsoft Pvt. Ltd.) -- C:\WINDOWS\system32\mfsyncsv.exe PRC - [2004/03/18 09:33:26 | 000,892,928 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\iTouch.exe PRC - [2002/08/01 05:49:54 | 000,049,152 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\OmniPagePro12.0\opware12.exe PRC - [2002/07/09 11:50:00 | 000,028,672 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE PRC - [2002/04/17 12:49:16 | 000,077,824 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe PRC - [2002/04/17 12:42:56 | 000,069,632 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe PRC - [2001/09/26 19:31:34 | 000,094,208 | ---- | M] () -- C:\Program Files\WebDrive\wdService.exe PRC - [2000/07/05 15:00:00 | 000,065,536 | ---- | M] (CASIO COMPUTER CO., LTD.) -- C:\FA-950\BIN\Klslink.exe ========== Modules (SafeList) ========== MOD - [2010/03/16 12:35:12 | 000,556,032 | ---- | M] (OldTimer Tools) -- C:\Kits\SpyWareCheckers\OTL.com MOD - [2006/08/25 10:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll MOD - [2004/08/04 02:56:44 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2004/03/18 11:26:48 | 000,114,688 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\Scrolling\LGMSGHK.DLL MOD - [2004/03/18 09:26:50 | 000,004,608 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\iTouch\itchhk.dll MOD - [2002/08/01 05:49:34 | 000,159,744 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\OmniPagePro12.0\ophook12.dll MOD - [2002/07/09 11:50:00 | 000,024,576 | ---- | M] (Logitech Inc. ) -- C:\Program Files\Logitech\MouseWare\system\LGMOUSHK.DLL MOD - [2000/07/05 15:00:00 | 000,028,672 | ---- | M] (CASIO COMPUTER CO., LTD.) -- C:\FA-950\BIN\Syshook.dll ========== Win32 Services (SafeList) ========== SRV - [2010/02/04 17:14:16 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service) SRV - [2007/01/18 19:04:04 | 000,067,056 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper) SRV - [2006/09/14 08:56:06 | 000,102,400 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0) SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service) SRV - [2006/01/05 00:06:02 | 000,163,840 | ---- | M] (Alex Feinman) [On_Demand | Stopped] -- C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe -- (Imapi Helper) SRV - [2005/11/14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005/08/06 20:45:14 | 000,974,848 | ---- | M] (UltraVNC) [Auto | Running] -- C:\Program Files\UltraVNC\winvnc.exe -- (winvnc) SRV - [2004/09/22 21:00:00 | 000,221,191 | ---- | M] (Network Associates, Inc.) [On_Demand | Stopped] -- C:\Program Files\Network Associates\VirusScan\mcshield.exe -- (McShield) SRV - [2004/09/22 21:00:00 | 000,028,672 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\VirusScan\vstskmgr.exe -- (McTaskManager) SRV - [2004/08/06 04:50:00 | 000,102,463 | ---- | M] (Network Associates, Inc.) [Auto | Running] -- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2004/07/19 19:05:04 | 000,098,304 | ---- | M] (Techsoft Pvt. Ltd.) [Auto | Running] -- C:\WINDOWS\system32\mfsyncsv.exe -- (mfsyncsv) SRV - [2003/03/31 07:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC) SRV - [2001/09/26 19:31:34 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\WebDrive\wdService.exe -- (WebDriveService) ========== Driver Services (SafeList) ========== DRV - [2009/09/23 07:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd) DRV - [2007/06/20 03:00:00 | 000,009,072 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2006/02/21 21:46:26 | 001,505,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/02/10 21:00:00 | 000,058,464 | ---- | M] (Network Associates, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mvstdi5x.sys -- (NaiAvTdi1) DRV - [2005/01/14 21:00:00 | 000,108,480 | ---- | M] (Network Associates, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\naiavf5x.sys -- (NaiAvFilter1) DRV - [2005/01/14 21:00:00 | 000,008,320 | ---- | M] (Network Associates, Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\entdrv51.sys -- (EntDrv51) DRV - [2004/11/28 00:01:53 | 000,213,120 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp) DRV - [2004/11/28 00:01:53 | 000,118,409 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k) DRV - [2004/11/28 00:01:52 | 000,260,224 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp) DRV - [2004/11/28 00:01:52 | 000,022,777 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K) DRV - [2004/11/28 00:01:52 | 000,021,993 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K) DRV - [2004/10/07 20:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AFS2K.SYS -- (AFS2K) DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2004/08/04 01:07:44 | 000,041,088 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\sisagp.sys -- (sisagp) DRV - [2004/08/04 00:31:36 | 000,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC) DRV - [2004/08/04 00:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv) DRV - [2004/07/19 19:05:04 | 000,053,632 | ---- | M] (Techsoft Pvt. Ltd.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\mrfoldr.sys -- (mrfoldr) DRV - [2004/03/10 15:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2004/03/03 11:50:00 | 000,037,887 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Lhidusb.sys -- (LHidUsb) DRV - [2004/03/03 11:50:00 | 000,014,095 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LCcfltr.sys -- (LCcfltr) DRV - [2003/12/12 15:29:10 | 000,031,048 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irstusb.sys -- (STIrUsb) DRV - [2003/11/30 21:54:20 | 000,043,136 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl) DRV - [2003/07/03 01:18:08 | 000,088,269 | R--- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emDevice.sys -- (DCamUSBEMPIA) DRV - [2003/07/03 01:18:00 | 000,004,621 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emScan.sys -- (ScanUSBEMPIA) DRV - [2002/11/18 15:51:40 | 000,377,358 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmaudio.sys -- (cmpci) C-Media PCI Audio Driver (WDM) DRV - [2002/09/06 00:15:23 | 000,022,585 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.old -- (Cdralw2k) DRV - [2002/07/09 04:50:00 | 000,070,382 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.sys -- (LMouFlt2) DRV - [2002/07/09 04:50:00 | 000,050,862 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Pr2.sys -- (l8042pr2) DRV - [2002/07/09 04:50:00 | 000,023,854 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS -- (LHidFlt2) DRV - [2002/07/09 04:50:00 | 000,006,030 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys -- (LKbdFlt2) DRV - [2002/03/26 14:43:34 | 000,006,016 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2001/09/26 19:32:04 | 000,135,168 | ---- | M] (River Front Software) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\RFNP32.dll -- (RFNP32) DRV - [2001/09/26 19:30:56 | 000,067,204 | ---- | M] () [File_System | System | Running] -- C:\Program Files\WebDrive\rffsd.sys -- (WebDriveFSD) DRV - [2001/08/22 12:14:36 | 000,024,214 | R--- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wbmsa.sys -- (WBMSA) Winbond Memory Stick Storage (MS) DRV - [2001/08/17 07:50:26 | 000,731,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4.sys -- (nv4) DRV - [2001/08/17 07:19:20 | 000,096,256 | ---- | M] (Copyright © Creative Technology Ltd. 1994-2001) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctlsb16.sys -- (ctlsb16) Creative SB16/AWE32/AWE64 Driver (WDM) DRV - [2000/07/05 08:00:00 | 000,024,142 | R--- | M] (CASIO COMPUTER CO.,LTD.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Klsmpad.sys -- (Klsmpad) DRV - [2000/01/11 09:41:09 | 000,072,556 | R--- | M] (ViewQuest Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Me2Cam.sys -- (DCamUSBOvt) DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aspi32.sys -- (ASPI32) DRV - [1997/04/22 12:16:00 | 000,006,272 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASLM75.SYS -- (aslm75) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Font Size = 02 00 00 00 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_Url = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/webhp?sourceid=navclient&ie=UTF-8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Data = C3 17 11 E0 B2 A4 AC 29 3E F1 D7 B3 41 B1 F2 21 F8 FE DE 71 3C 18 BA 0A F9 AA 17 17 FE 78 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;*.local O1 HOSTS File: ([2009/11/16 12:01:06 | 000,001,032 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 192.168.1.254 sbc_gateway # Firewall / router to WAN (SBC DSL) O1 - Hosts: O1 - Hosts: 192.168.1.155 HP000D9D22EA65 O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0988.2\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [AtiPTA] File not found O4 - HKLM..\Run: [ATT-SST_UninstallTracking] C:\DOCUME~1\Tammi\LOCALS~1\Temp\InstallHelper.exe File not found O4 - HKLM..\Run: [C-Media Mixer] C:\WINDOWS\mixer.exe (C-Media Electronic Inc. (www.cmedia.com.tw)) O4 - HKLM..\Run: [EM_EXEC] C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. ) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe (Hewlett-Packard Co.) O4 - HKLM..\Run: [indexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (Network Associates, Inc.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [Opware12] C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.) O4 - HKLM..\Run: [RoxioAudioCentral] C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (Roxio, Inc.) O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe (Roxio) O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio) O4 - HKLM..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) O4 - HKLM..\Run: [shStatEXE] C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (Network Associates, Inc.) O4 - HKLM..\Run: [sSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Scansoft, Inc.) O4 - HKLM..\Run: [WinVNC] C:\Program Files\UltraVNC\winvnc.exe (UltraVNC) O4 - HKLM..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe (Logitech Inc.) O4 - HKCU..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [PDFSaver] C:\Program Files\PDF-XChange 2.5\pdfSaver.exe (Tracker Software Products) O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKCU..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\FA-950.lnk = C:\FA-950\BIN\Klslink.exe (CASIO COMPUTER CO., LTD.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk = C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabletWorks.lnk = C:\Program Files\GTCO CalComp\TabletWorks\TWCP.exe (GTCO CalComp, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: verbosestatus = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 0 O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M] O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.) O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M] O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2007/09/21 12:05:09 | 000,000,000 | ---D | M] O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.) O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: myspace.com ([]* in Internet) O16 - DPF: {10101010-1010-1111-1010-101010101011} mhtml:C:\\WINX.MHT!http://216.240.137.41/counter/ie.exe (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/US/install.cab (Reg Error: Key error.) O16 - DPF: {6054D082-355D-4B47-B77C-36A778899F48} http://qmedia.xlontech.net/100348/qm/lates...ull06061501.cab (Reg Error: Key error.) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...37873.940150463 (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.) O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O27 - HKLM IFEO\brastk.exe: Debugger - svchost.exe (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2002/08/29 21:56:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O34 - HKLM BootExecute: (sprestrt) - C:\WINDOWS\System32\sprestrt.exe (Microsoft Corporation) O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe () O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/03/16 11:16:51 | 000,000,000 | ---D | C] -- C:\Avenger [2010/03/16 10:59:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010/03/16 10:56:22 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010/03/12 10:18:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tammi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2010/03/12 10:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer [2010/03/12 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR [2010/03/12 10:10:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS [2009/06/12 03:09:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2006/12/11 16:19:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [2006/03/11 04:00:32 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2005/11/14 20:45:45 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll [2005/03/03 15:08:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2002/08/29 22:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2 C:\Documents and Settings\Tammi\My Documents\*.tmp files -> C:\Documents and Settings\Tammi\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Tammi\*.tmp files -> C:\Documents and Settings\Tammi\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2793/06/26 18:20:07 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C421.lfa [2793/06/26 18:20:07 | 000,003,120 | ---- | M] () -- C:\WINDOWS\MF_C420.lfa [2010/03/16 12:34:46 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\MBAM won't run; GMER . . . reboots - Malwarebytes Forum.url [2010/03/16 12:30:12 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/03/16 12:30:01 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2010/03/16 12:28:37 | 000,000,512 | ---- | M] () -- C:\WINDOWS\randseed.rnd [2010/03/16 12:25:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job [2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job [2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job [2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job [2010/03/16 12:23:21 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/03/16 12:23:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/03/16 12:23:04 | 1341,755,392 | -HS- | M] () -- C:\hiberfil.sys [2010/03/16 12:22:29 | 012,582,912 | ---- | M] () -- C:\Documents and Settings\Tammi\ntuser.dat [2010/03/16 12:22:29 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Tammi\ntuser.ini [2010/03/16 12:01:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2010/03/16 11:15:37 | 000,000,717 | ---- | M] () -- C:\WINDOWS\KLSLINK.INI [2010/03/16 10:56:59 | 000,000,818 | ---- | M] () -- C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/03/16 01:05:09 | 000,011,058 | ---- | M] () -- C:\WINDOWS\mozy.blk [2010/03/16 01:05:08 | 000,015,752 | ---- | M] () -- C:\WINDOWS\mozy.flt [2010/03/15 20:03:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Tammi\defogger_reenable [2010/03/15 20:02:55 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\Defogger.exe [2010/03/15 14:15:05 | 000,000,747 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/03/15 08:51:27 | 000,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2010/03/15 08:51:26 | 000,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2010/03/15 08:51:23 | 000,525,946 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2010/03/12 10:14:32 | 000,000,783 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk [2010/03/10 12:50:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2010/03/04 11:50:42 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Tammi\default.pls [2010/03/04 11:40:47 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2010/03/01 03:01:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\BackupTammiStuff.job [2010/02/25 04:00:42 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/16 15:11:33 | 000,001,891 | ---- | M] () -- C:\Documents and Settings\Tammi\Desktop\eBay Blackthorne.lnk [2010/02/15 23:58:43 | 000,000,680 | ---- | M] () -- C:\WINDOWS\AUTOLNCH.REG [2 C:\Documents and Settings\Tammi\My Documents\*.tmp files -> C:\Documents and Settings\Tammi\My Documents\*.tmp -> ] [1 C:\Documents and Settings\Tammi\*.tmp files -> C:\Documents and Settings\Tammi\*.tmp -> ] ========== Files Created - No Company Name ========== [2793/06/26 18:20:07 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C421.lfa [2793/06/26 18:20:07 | 000,003,120 | ---- | C] () -- C:\WINDOWS\MF_C420.lfa [2010/03/16 12:34:46 | 000,000,211 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\MBAM won't run; GMER . . . reboots - Malwarebytes Forum.url [2010/03/16 10:56:59 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\Tammi\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk [2010/03/15 20:03:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Tammi\defogger_reenable [2010/03/15 20:03:09 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\Defogger.exe [2010/03/15 15:55:20 | 1341,755,392 | -HS- | C] () -- C:\hiberfil.sys [2010/03/12 10:14:32 | 000,000,783 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk [2010/02/16 15:11:32 | 000,001,891 | ---- | C] () -- C:\Documents and Settings\Tammi\Desktop\eBay Blackthorne.lnk [2010/01/14 12:13:27 | 000,038,438 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\Comma Separated Values (DOS).ADR [2009/07/29 21:59:09 | 000,000,737 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/05/31 23:47:22 | 000,003,127 | ---- | C] () -- C:\WINDOWS\DMUSProd.INI [2009/05/05 13:25:30 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameE.txt [2009/03/01 22:40:28 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI [2008/07/30 17:27:58 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2008/06/28 14:45:01 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll [2008/06/28 14:45:01 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll [2008/06/28 14:45:01 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll [2008/06/28 14:45:00 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll [2008/06/28 14:45:00 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll [2008/06/28 14:45:00 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll [2008/06/17 22:33:12 | 000,000,000 | ---- | C] () -- C:\Program Files\temp01 [2007/01/03 17:02:23 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll [2007/01/03 16:58:11 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll [2006/10/20 22:44:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI [2006/10/07 23:13:50 | 000,000,557 | ---- | C] () -- C:\WINDOWS\DcmLtbox.ini [2006/10/05 20:47:11 | 000,000,033 | ---- | C] () -- C:\WINDOWS\BiMonitor.ini [2006/10/05 20:47:05 | 000,031,378 | ---- | C] () -- C:\WINDOWS\maxlink.ini [2006/10/05 20:44:47 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\LLHttpsUpload2.dll [2006/10/05 20:44:47 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\regobj.dll [2006/07/31 21:28:59 | 000,005,385 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log [2006/07/31 21:28:59 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini [2006/07/27 22:52:05 | 000,000,224 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2006/03/22 10:33:06 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll [2005/12/28 12:36:19 | 000,008,521 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini [2005/10/03 15:02:18 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\fusioncache.dat [2005/09/29 02:51:13 | 000,000,454 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2005/09/29 02:51:12 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini [2005/09/28 20:25:00 | 000,003,397 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2005/09/07 12:00:44 | 000,257,536 | ---- | C] () -- C:\WINDOWS\System32\BiImg.dll [2005/09/07 12:00:44 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPEG32.DLL [2005/06/04 23:06:58 | 000,136,448 | ---- | C] () -- C:\WINDOWS\RMTOOLS.DLL [2005/05/21 22:45:31 | 000,000,599 | R--- | C] () -- C:\WINDOWS\mt110.ini [2005/03/04 03:45:57 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2005/02/20 00:23:34 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini [2005/02/20 00:22:29 | 000,000,045 | ---- | C] () -- C:\WINDOWS\DBHMMIKM.ini [2004/11/28 02:34:06 | 000,000,005 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DragToDiscUserNameV.txt [2004/11/04 23:23:57 | 000,000,699 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI [2004/11/04 23:23:15 | 000,000,113 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI [2004/10/16 19:41:01 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2004/09/04 20:45:08 | 000,000,060 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2004/09/04 20:44:27 | 000,000,044 | ---- | C] () -- C:\WINDOWS\KA.INI [2004/08/30 17:09:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Game.INI [2004/08/29 22:07:49 | 000,000,101 | ---- | C] () -- C:\WINDOWS\CMMIXER.INI [2004/03/01 15:53:06 | 000,000,717 | ---- | C] () -- C:\WINDOWS\KLSLINK.INI [2003/10/12 22:01:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI [2003/10/12 20:32:32 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wpd99.drv [2003/10/12 20:30:49 | 000,127,026 | ---- | C] () -- C:\WINDOWS\System32\pdfmona.dll [2003/10/12 20:30:49 | 000,048,936 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll [2003/09/25 19:32:53 | 000,000,814 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTApp.html [2003/08/19 10:03:22 | 000,450,560 | ---- | C] () -- C:\WINDOWS\System32\tls704d.dll [2003/08/18 18:42:09 | 000,000,235 | ---- | C] () -- C:\WINDOWS\QTW.INI [2003/07/04 19:06:22 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL [2003/06/28 12:09:53 | 000,001,600 | ---- | C] () -- C:\WINDOWS\cdplayer.ini [2003/02/27 08:42:54 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll [2003/02/15 11:43:28 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\PFP100JPR.{PB [2003/02/15 11:43:28 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Tammi\Application Data\PFP100JCM.{PB [2003/02/08 14:16:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI [2003/01/11 23:02:03 | 000,119,296 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2002/12/06 03:37:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI [2002/11/30 04:15:51 | 000,000,032 | ---- | C] () -- C:\WINDOWS\iltwain.ini [2002/11/30 04:08:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI [2002/11/06 21:39:18 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2002/10/15 01:05:07 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\RFHelper.dll [2002/10/15 01:05:07 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\rfwdres.dll [2002/10/15 01:05:07 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\rfshext.dll [2002/10/15 01:05:07 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\rfhres.dll [2002/10/15 01:05:07 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\rfshres.dll [2002/10/15 01:05:07 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\rfstrres.dll [2002/10/15 01:05:07 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\rfwdui.dll [2002/09/30 02:56:35 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\FTPStubInstUtils.dll [2002/09/23 22:46:53 | 000,000,896 | ---- | C] () -- C:\WINDOWS\System32\hpsj16.dll [2002/09/23 22:46:52 | 000,000,057 | ---- | C] () -- C:\WINDOWS\HPDS23.INI [2002/09/18 00:20:00 | 000,006,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASLM75.SYS [2002/09/18 00:17:23 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2002/09/17 23:24:03 | 000,000,312 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI [2002/09/17 23:23:31 | 000,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI [2002/09/17 05:01:29 | 000,003,698 | ---- | C] () -- C:\WINDOWS\mixerdef.ini [2002/09/17 04:19:40 | 000,002,964 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2002/09/17 04:19:38 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2002/09/17 04:16:05 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.ini [2002/09/17 04:15:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL [2002/09/03 00:21:54 | 000,000,578 | ---- | C] () -- C:\WINDOWS\PSADMIN.INI [2002/09/02 20:59:28 | 000,021,186 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTWiz.html [2002/09/02 19:59:29 | 000,066,067 | ---- | C] () -- C:\Documents and Settings\Tammi\Local Settings\Application Data\FASTWiz.log [2002/06/06 02:01:58 | 000,029,696 | ---- | C] () -- C:\WINDOWS\System32\asutl8.dll [2002/03/16 19:00:00 | 000,007,420 | ---- | C] () -- C:\WINDOWS\UA000071.DLL [1998/10/11 01:07:38 | 000,088,576 | ---- | C] () -- C:\WINDOWS\System32\Iticheck.dll ========== LOP Check ========== [2003/08/18 21:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC [2007/01/16 00:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\espionServerData [2005/02/08 20:27:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse [2009/11/16 16:02:44 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\InfectedBy_e4b4d56 [2009/11/16 10:35:01 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\InfectedBy_WSDDSys [2008/06/28 14:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InterVideo [2008/07/29 16:15:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe [2004/10/31 00:10:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MirrorFolder [2005/11/25 17:36:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster [2007/01/16 01:00:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates [2006/10/21 14:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap [2006/10/21 16:37:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games [2006/10/05 20:52:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft [2002/11/06 20:49:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir [2002/11/06 20:49:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanWizard [2008/06/17 22:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP [2008/06/28 14:43:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2006/10/31 13:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO [2006/10/05 20:51:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\zeon [2009/10/31 16:34:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} [2009/05/11 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} [2009/11/16 17:12:55 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/05/21 22:31:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Anvil Studio [2010/03/12 10:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2007/06/26 07:34:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\eBay [2008/07/18 15:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\EPSON [2007/03/01 12:38:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\IMVU [2009/11/16 10:37:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Tammi\Application Data\InfectedBy System Defender [2009/05/31 23:06:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\MtStudio [2005/02/20 00:11:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\oenl [2007/02/18 21:51:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Opera [2006/08/01 16:50:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\PPIMAGES [2006/10/05 20:47:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\ScanSoft [2008/06/28 14:53:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Ulead Systems [2006/03/08 18:12:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Webshots [2006/10/05 20:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tammi\Application Data\Zeon [2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job [2010/03/16 12:25:30 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job [2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job [2010/03/16 12:25:31 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job [2010/03/16 12:25:32 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job [2010/03/01 03:01:06 | 000,000,966 | ---- | M] () -- C:\WINDOWS\Tasks\BackupTammiStuff.job [2002/09/30 03:51:55 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\TASK20020930010621.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 @Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F1019FF < End of report > >>>>>>>>>>>>>>>>>>>> Extras.txt . . . <<<<<<<<<<<<<<<<<<<< OTL Extras logfile created on: 3/16/2010 12:37:11 PM - Run 1 OTL by OldTimer - Version 3.1.37.2 Folder = C:\Kits\SpyWareCheckers Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 7.0.5730.13) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 0.00 Gb Available Physical Memory | 28.00% Memory free 4.00 Gb Paging File | 4.00 Gb Available in Paging File | 86.00% Paging File free Paging file location(s): C:\pagefile.sys 3200 3200 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 78.13 Gb Total Space | 17.57 Gb Free Space | 22.49% Space Free | Partition Type: NTFS Drive D: | 78.13 Gb Total Space | 8.34 Gb Free Space | 10.68% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 77.50 Gb Total Space | 66.84 Gb Free Space | 86.25% Space Free | Partition Type: NTFS G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ARRIVA2 Current User Name: Tammi Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 1 "FirewallOverride" = 0 "FirewallDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "21:TCP" = 21:TCP:*:Disabled:ftp "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\Real\RealOne Player\realplay.exe" = C:\Program Files\Real\RealOne Player\realplay.exe:*:Disabled:RealOne Player -- (RealNetworks, Inc.) "C:\Program Files\eBay\Seller's Assistant Pro\SAPro.exe" = C:\Program Files\eBay\Seller's Assistant Pro\SAPro.exe:*:Enabled:Seller's Assistant Pro executable -- File not found "V:\Setup\HPZnet01.exe" = V:\Setup\HPZnet01.exe:*:Enabled:Install Consumer Experience Network Plug in -- File not found "C:\Program Files\IncrediMail\bin\IMApp.exe" = C:\Program Files\IncrediMail\bin\IMApp.exe:*:Enabled:IncrediMail -- File not found "C:\Program Files\IncrediMail\bin\IncMail.exe" = C:\Program Files\IncrediMail\bin\IncMail.exe:*:Enabled:IncrediMail -- File not found "C:\Program Files\IncrediMail\bin\ImpCnt.exe" = C:\Program Files\IncrediMail\bin\ImpCnt.exe:*:Enabled:IncrediMail -- File not found "C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found "C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.) "C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Disabled:File Transfer Program -- (Microsoft Corporation) "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.) "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.) "C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.) "C:\Documents and Settings\All Users\Application Data\e4b4d56\WSe4b4.exe" = C:\Documents and Settings\All Users\Application Data\e4b4d56\WSe4b4.exe:*:Enabled:System Defender -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02E73E50-6513-4802-8600-B5A5BA185BE3}" = ScanSoft PaperPort 11 "{031C88EF-4EA5-4A9D-A77D-857A914CAFA5}" = ScanSoft RealSpeak "{036AA4D4-6D32-11D4-9875-00105ACE7734}" = Logitech iTouch Software "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan "{0DDFF679-AEDE-4BD3-8B56-0180A96BD1A7}" = OmniPage Pro 12.0 "{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis "{10C69612-017B-45F5-B986-7D113D5A2EA3}" = MSN Toolbar "{10F5D9BB-E2F2-4B18-A65D-928B73D22E6F}" = IFSYS-8003 IrDA FIR USB Adapter "{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy "{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{25569723-DC5A-4467-A639-79535BF01B71}" = Adobe Help Center 2.1 "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 15 "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1 "{2818095F-FB6C-42C8-827E-0A406CC9AFF5}" = Quicken 2006 "{29302832-88E4-4748-AC13-E8FB91B0D9DD}" = Dress Shop Download Master 7.00 "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload "{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001 "{413CEBC4-ABA1-4AC4-ADFB-69FA195F09AB}" = 7300_Help "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme "{521AAD14-5030-44BB-8B0E-5CE65FCE57E0}" = InterVideo DeviceService "{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade "{54AA707B-68DA-49A4-9916-68DD670241BD}" = AT&T Yahoo! Music Jukebox "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.71 "{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns "{5DF3D1BB-894E-4DCD-8275-159AC9829B43}" = McAfee VirusScan Enterprise "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects "{644F9DBE-CEDB-45AF-ACB8-E26692B74F62}" = Easy CD & DVD Creator 6 "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan "{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6D48CC96-AC7C-449F-BD06-7C52A791848B}" = 7400 "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm "{7088EC18-1D00-43EA-B37B-608E71D88A5D}" = EpsonNet Config V1 "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73643FB0-21FF-4800-95AF-BD0DB4A2171F}" = Dress Shop Download Master 7.00 "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1 "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware "{86B77B5A-B157-6386-37B0-DB2494DEEAFF}" = MozyHome Remote Backup "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder "{885283DA-46D5-4F9A-85AA-45B421BB6077}" = ATI Multimedia Center "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc "{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update "{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine "{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{93ECA342-9C9B-4334-80DD-5476E1DAB81A}" = CoZmanager 2.0 "{987D1E20-24AE-424F-89F9-2973FC9C2A57}" = eBay Blackthorne "{9EF5B77F-703E-4953-9DA9-186E28A62568}" = 7300Trb "{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002 "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config "{A7B609FB-83D8-4FC3-8477-1BC65ECFE85B}" = Adobe Photoshop Elements 5.0 "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1 "{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.1 "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX "{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9 "{AC76BA86-7AD7-5464-3428-7050000000A7}" = Adobe Reader 7.0.5 Language Support "{AD1D8B40-F83C-41CA-BA08-9DB8D1653316}" = ScanSoft PDF Create! 3 "{B4E96960-5F6B-48B9-A5BD-6A5A9BB4F027}" = Avery Wizard 3.1 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director "{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster "{BFF54E94-8BF2-4A9C-9452-6EF320C53B80}" = ENCAD NovaJet 600 Series ICC Profiles "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C5B573BD-21D3-4CB7-9474-502B8E0AB8D4}" = PaperPort Professional 11 "{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes "{D94A8E22-DF2B-4107-9E51-608A60A7671D}" = Personal Ancestral File 5 "{DCB91C79-B78B-44B1-A7FE-28DECA6E9245}" = Dell TrueMobile 2300 Wireless Broadband Router Control Utility "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware "{DFC6573E-124D-4026-BFA4-B433C9D3FF21}" = ISO Recorder "{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari "{EF729AE1-4AE9-402A-AF64-5C5A8150F549}" = HP Photo and Imaging 1.2 - Scanjet 4570c Series "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729) "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01 "{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1033}" = Nero 7 Essentials "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates "{FDCD7EE4-1515-4172-AE20-AF5A69F627FE}" = Intel® Integrated Performance Primitives RTI 3.0 "3DGroove" = OTOY "Ad-Aware" = Ad-Aware "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Photoshop Elements 5" = Adobe Photoshop Elements 5.0 "AstroAvenger_is1" = AstroAvenger "AsUninst.exe" = Anvil Studio "ASUS Probe V2.16.01" = ASUS Probe V2.16.01 "AsusUpdate V3.29.08" = AsusUpdate V3.29.08 "ATI Display Driver" = ATI Display Driver "Bingo Card Creator_is1" = Bingo Card Creator 2.0 "Cameo 3.0 Apparel Pattern Software" = Cameo 3.0 Apparel Pattern Software "ce876f80-8a31-11d4-b9d2-002018382069_is1" = MirrorFolder 3.0 "Click and Sew Demo1101" = Click and Sew Demo1101 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "DirectMusic Producer" = Microsoft DirectMusic Producer "DXTXTRA" = Microsoft DirectX Transform optional components "EPSON Scanner" = EPSON Scan "ERUNT_is1" = ERUNT 1.1j "Google Chrome" = Google Chrome "HijackThis" = HijackThis 2.0.2 "Home Control Center" = Home Control Center "hp instant support" = hp instant support "HP Photo & Imaging" = HP Image Zone 4.7 "IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs "ie7" = Windows Internet Explorer 7 "InstallShield_{118A578C-FBFF-43EE-8C1A-6598EE0E3741}" = GTCO CalComp TabletWorks "InstallShield_{CCC4E428-411E-4605-B515-317D50ABD477}" = Ulead DVD MovieFactory 6 TBYB "InterActual Player" = InterActual Player "jZip" = jZip "LABEL PRINTER APPLICATION FA-950" = LABEL PRINTER APPLICATION FA-950 "Lexmark Printer Software Uninstall" = Lexmark Printer Software Uninstall "Logitech Resource Center" = Logitech Resource Center "Macromedia Shockwave Player" = Macromedia Shockwave Player "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "MultitrackStudio_is1" = MultitrackStudio Lite 5.21 "Musicnotes Player_is1" = Musicnotes Player V1.22.3 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "OmniFormat" = OmniFormat "Pattern Master 4 Movies" = Pattern Master 4 Movies "PatternMaster Celebrations 4" = PatternMaster Celebrations 4 "PatternMaster Celebrations 4 Demo" = PatternMaster Celebrations 4 Demo "PCI Audio Applications" = PCI Audio Applications "PCI Audio Driver" = PCI Audio Driver "Pdf995" = Pdf995 "PdfEdit995" = PdfEdit995 "PDF-Tools" = PDF-Tools "PDF-XChange Registered Release" = PDF-XChange Registered Release "Picasa 3" = Picasa 3 "QuickTime32" = QuickTime for Windows (32-bit) "RealPlayer 6.0" = RealPlayer "TCEssentials" = TC Native Essentials 2.02 "Vextractor_is1" = Vextractor 2.00 "VMidi" = vanBasco's Karaoke Player "WebDrive" = WebDrive "WIC" = Windows Imaging Component "Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "Windows XP Service Pack" = Windows XP Service Pack 2 "WinRAR archiver" = WinRAR archiver "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "WS_FTP Pro" = Ipswitch WS_FTP Pro "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "Yahoo! Applications" = AT&T Yahoo! Applications "Yahoo! Toolbar" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{FC94A2F6-E490-42DD-901F-1BABDD3947F1}" = Seller's Assistant Pro "GCalc 3" = GCalc 3 "Move Networks Player - IE" = Move Networks Media Player for Internet Explorer ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 3/15/2010 4:35:44 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting module msvcr71.dll, version 7.10.3052.4, fault address 0x000017fb. Error - 3/15/2010 4:35:47 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1001 Description = Fault bucket 1670938873. Error - 3/15/2010 5:52:39 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257 Description = VirusScan Enterprise: The update failed; see event log.(from ARRIVA2 IP 192.168.1.142 user Tammi running VirusScan Ent. 8.0.0 UPD) Error - 3/15/2010 5:53:19 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257 Description = VirusScan Enterprise: The update failed; see event log.(from ARRIVA2 IP 192.168.1.142 user Tammi running VirusScan Ent. 8.0.0 UPD) Error - 3/15/2010 7:19:24 PM | Computer Name = ARRIVA2 | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 7.0.6000.16981, faulting module , version 0.0.0.0, fault address 0x00000000. Error - 3/15/2010 8:48:40 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BF from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 3/15/2010 8:48:40 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 3/15/2010 8:48:41 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 3/15/2010 8:48:41 PM | Computer Name = ARRIVA2 | Source = EventSystem | ID = 4609 Description = The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this erro Error - 3/15/2010 9:36:02 PM | Computer Name = ARRIVA2 | Source = Alert Manager Event Interface | ID = 257 Description = VirusScan Enterprise: Failed to connect to CMA updater.(from ARRIVA2 IP 192.168.1.142 user SYSTEM running VirusScan Ent. 8.0.0 UPD) [ System Events ] Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034 Description = The VNC Server service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034 Description = The iPod Service service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2010 12:57:37 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034 Description = The Network Associates Task Manager service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2010 12:57:38 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034 Description = The Java Quick Starter service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2010 12:57:38 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7034 Description = The MozyHome Backup Service service terminated unexpectedly. It has done this 1 time(s). Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883 Description = dmboot: Failed to start volume Volume4 (M:) Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883 Description = dmboot: Failed to start volume Volume5 (N:) Error - 3/16/2010 1:23:22 PM | Computer Name = ARRIVA2 | Source = dmboot | ID = 5242883 Description = dmboot: Failed to start volume Volume6 (O:) Error - 3/16/2010 1:23:49 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7000 Description = The NetBEUI Protocol service failed to start due to the following error: %%2 Error - 3/16/2010 1:23:49 PM | Computer Name = ARRIVA2 | Source = Service Control Manager | ID = 7000 Description = The Parallel port driver service failed to start due to the following error: %%1058 < End of report > >>>>>>>>>>>>>>>>>>>> checkup.txt . . . <<<<<<<<<<<<<<<<<<<< Results of screen317's Security Check version 0.99.1 Windows XP Service Pack 2 Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee VirusScan Enterprise Antivirus up to date! `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware HijackThis 2.0.2 Java 6 Update 15 Java SE Runtime Environment 6 Update 1 Java 6 Update 2 Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 7.0.9 Adobe Reader 7.0.5 Language Support Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log``````````` >>>>>>>>>>>>>>>>>>>> Rooter_1.txt . . . <<<<<<<<<<<<<<<<<<<< Rooter.exe (v1.0.2) by Eric_71 . SeDebugPrivilege granted successfully ... . Windows XP . (5.1.2600) Service Pack 2 [32_bits] - x86 Family 15 Model 2 Stepping 4, GenuineIntel . [wscsvc] (Security Center) RUNNING (state:4) [sharedAccess] RUNNING (state:4) Windows Firewall -> Disabled ! . Internet Explorer 7.0.5730.13 . A:\ [Removable] C:\ [Fixed-NTFS] .. ( Total:78 Go - Free:17 Go ) D:\ [Fixed-NTFS] .. ( Total:78 Go - Free:8 Go ) E:\ [CD_Rom] F:\ [Fixed-NTFS] .. ( Total:77 Go - Free:66 Go ) . Scan : 13:37.35 Path : C:\Kits\SpyWareCheckers\Rooter.exe User : Tammi ( Administrator -> YES ) . ----------------------\\ Processes . Locked [system Process] (0) ______ System (4) ______ \SystemRoot\System32\smss.exe (496) ______ \??\C:\WINDOWS\system32\csrss.exe (560) ______ \??\C:\WINDOWS\system32\winlogon.exe (588) ______ C:\WINDOWS\system32\services.exe (640) ______ C:\WINDOWS\system32\lsass.exe (660) ______ C:\WINDOWS\system32\Ati2evxx.exe (852) ______ C:\WINDOWS\system32\svchost.exe (868) ______ C:\WINDOWS\system32\svchost.exe (964) ______ C:\WINDOWS\System32\svchost.exe (1060) ______ C:\WINDOWS\System32\svchost.exe (1156) ______ C:\WINDOWS\System32\svchost.exe (1252) ______ C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (1388) ______ C:\WINDOWS\system32\spoolsv.exe (1492) ______ C:\WINDOWS\System32\svchost.exe (1624) ______ C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (1668) ______ C:\Program Files\Bonjour\mDNSResponder.exe (1696) ______ C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (1768) ______ C:\Program Files\Java\jre6\bin\jqs.exe (1972) ______ C:\Program Files\Common Files\LightScribe\LSSrvc.exe (196) ______ C:\Program Files\Network Associates\Common Framework\FrameworkService.exe (252) ______ C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe (304) ______ C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (376) ______ C:\WINDOWS\System32\mfsyncsv.exe (452) ______ C:\Program Files\MozyHome\mozybackup.exe (512) ______ C:\WINDOWS\system32\IoctlSvc.exe (552) ______ C:\WINDOWS\System32\svchost.exe (664) ______ C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (912) ______ C:\Program Files\WebDrive\wdService.exe (1080) ______ C:\Program Files\UltraVNC\winvnc.exe (1208) ______ C:\WINDOWS\System32\wbem\unsecapp.exe (2052) ______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2172) ______ C:\WINDOWS\System32\alg.exe (2236) ______ C:\WINDOWS\system32\Ati2evxx.exe (3356) ______ C:\WINDOWS\Explorer.EXE (3588) ______ C:\WINDOWS\system32\wuauclt.exe (3840) ______ C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe (3908) ______ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (3916) ______ C:\Program Files\Logitech\iTouch\iTouch.exe (3924) ______ C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE (3948) ______ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe (4040) ______ C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (4068) ______ C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (2004) ______ C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE (1368) ______ C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe (916) ______ C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (2168) ______ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe (2204) ______ C:\Program Files\Java\jre6\bin\jusched.exe (2296) ______ C:\Program Files\iTunes\iTunesHelper.exe (2428) ______ C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (820) ______ C:\Program Files\Messenger\msmsgs.exe (2564) ______ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (2624) ______ C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe (2656) ______ C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (1780) ______ C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe (2992) ______ C:\FA-950\BIN\Klslink.exe (288) ______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe (2856) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (3016) ______ C:\Program Files\MozyHome\mozystat.exe (904) ______ C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe (3148) ______ C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (2632) ______ C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe (3516) ______ C:\Program Files\iPod\bin\iPodService.exe (3688) ______ C:\Program Files\Internet Explorer\iexplore.exe (3752) ______ C:\Program Files\Java\jre6\bin\jucheck.exe (2636) ______ C:\WINDOWS\system32\NOTEPAD.EXE (3788) ______ C:\Kits\SpyWareCheckers\Rooter.exe (3892) . ----------------------\\ Device\Harddisk0\ . \Device\Harddisk0 [sectors : 63 x 512 Bytes] . \Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:83889598464) \Device\Harddisk0\Partition2 (Start_Offset:83889630720 | Length:167104788480) . ----------------------\\ Scheduled Tasks . C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job C:\WINDOWS\Tasks\AppleSoftwareUpdate.job C:\WINDOWS\Tasks\BackupTammiStuff.job C:\WINDOWS\Tasks\desktop.ini C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\Tasks\SA.DAT C:\WINDOWS\Tasks\TASK20020930010621.job . ----------------------\\ Registry . . ----------------------\\ Files & Folders . ----------------------\\ Scan completed at 13:39.02 . C:\Rooter$\Rooter_1.txt - (16/03/2010 | 13:39.02)
  11. ken42
    Hi, My wife's computer has a malware attack. Google search links get hijacked to bogus destinations on the first clicks; sometimes go to correct destination on second or third click. McAfee VirusScan Enterprise 8.0 can't update, but will run and report no viruses (based on the old definitions). Malwarebytes starts to run but exits a few seconds after launching - no error message or anything, it just goes away. I followed the instructions for disabling the CD emulator drivers with Defogger - that seemed to work. I was able to run DDS and have attached the logs, but then I tried running the GMER and my system reboots before the scan completes (and no log file remains on m disk). Any help is GREATLY appreciated. I'm really in the doghouse this week since my wife's car died leaving her stranded (on the way to a doctor appointment), and our septic pump died last night (meaning now showers or flushing!). So having her computer out of commission now is kinda my 3rd strike! Thanks, Ken DDS.txt DDS (Ver_09-12-01.01) - NTFSx86 Run by Tammi at 21:05:42.84 on Mon 03/15/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1280.298 [GMT -5:00] AV: System Defender *On-access scanning enabled* (Updated) {7DABE7D7-FEFE-4C27-8749-6981824480CD} FW: System Defender *enabled* {3CD4113F-F68E-41D7-904C-4B9093B5E300} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\vstskmgr.exe C:\WINDOWS\System32\mfsyncsv.exe C:\Program Files\MozyHome\mozybackup.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\WebDrive\wdService.exe C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Logitech\iTouch\iTouch.exe C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\FA-950\BIN\Klslink.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe C:\Program Files\MozyHome\mozystat.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Java\jre6\bin\jucheck.exe C:\Program Files\Network Associates\VirusScan\mcconsol.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Kits\SpyWareCheckers\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/webhp?sourceid=navclient&ie=UTF-8 uWindow Title = Microsoft Internet Explorer provided by GTE uSEARCH PAGE = hxxp://www.google.com uDefault_Search_Url = hxxp://www.google.com/ie uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local uCustomizeSearch = about:blank uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn1\yt.dll TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe uRun: [PDFSaver] c:\program files\pdf-xchange 2.5\PDFSaver.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Yahoo! Pager] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" mRun: [AtiPTA] maybe-delete-this-atiptaxx.exe mRun: [C-Media Mixer] Mixer.exe /startup mRun: [Opware12] "c:\program files\scansoft\omnipagepro12.0\Opware12.exe" mRun: [share-to-Web Namespace Daemon] c:\program files\hewlett-packard\hp share-to-web\hpgs2wnd.exe mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe mRun: [EM_EXEC] c:\progra~1\logitech\mousew~1\system\EM_EXEC.EXE mRun: [RoxioEngineUtility] "c:\program files\common files\roxio shared\system\EngUtil.exe" mRun: [RoxioDragToDisc] "c:\program files\roxio\easy cd creator 6\dragtodisc\DrgToDsc.exe" mRun: [RoxioAudioCentral] "c:\program files\roxio\easy cd creator 6\audiocentral\RxMon.exe" mRun: [<NO NAME>] mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [shStatEXE] "c:\program files\network associates\virusscan\SHSTAT.EXE" /STANDALONE mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [WinVNC] "c:\program files\ultravnc\winvnc.exe" -servicehelper mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [ATT-SST_UninstallTracking] c:\docume~1\tammi\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=ATT-SST mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRunOnce: [RunNarrator] Narrator.exe dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\fa-950.lnk - c:\fa-950\bin\Klslink.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqthb08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mozyho~1.lnk - c:\program files\mozyhome\mozystat.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\tablet~1.lnk - c:\program files\gtco calcomp\tabletworks\TWCP.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe mPolicies-system: DisableStatusMessages = 1 (0x1) IE: &Search IE: &Yahoo! Search - file:///c:\program files\yahoo!\Common/ycsrch.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html IE: Yahoo! &Dictionary - file:///c:\program files\yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\yahoo!\Common/ycsms.htm IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - c:\program files\yahoo!\messenger\YahooMessenger.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab DPF: {10101010-1010-1111-1010-101010101011} - mhtml:c:\\WINX.MHT!http://216.240.137.41/counter/ie.exe DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - hxxp://download.ebay.com/turbo_lister/US/install.cab DPF: {6054D082-355D-4B47-B77C-36A778899F48} - hxxp://qmedia.xlontech.net/100348/qm/latest/qsp2ieFull06061501.cab DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37873.940150463 DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll IFEO: image file execution options - svchost.exe IFEO: brastk.exe - svchost.exe Hosts: 192.168.1.254 sbc_gateway # Firewall / router to WAN (SBC DSL) Hosts: 192.168.1.155 HP000D9D22EA65 ============= SERVICES / DRIVERS =============== R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-8 64288] R0 mrfoldr;MirrorFolder real-time replication driver;c:\windows\system32\drivers\mrfoldr.sys [2004-7-19 53632] R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2007-1-16 58464] R1 WebDriveFSD;WebDrive File System Driver;c:\program files\webdrive\rffsd.sys [2002-9-7 67204] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 McAfeeFramework;McAfee Framework Service;c:\program files\network associates\common framework\FrameworkService.exe [2007-1-16 102463] R2 McTaskManager;Network Associates Task Manager;c:\program files\network associates\virusscan\vstskmgr.exe [2004-9-22 28672] R2 mfsyncsv;MirrorFolder auto-synchronization service;c:\windows\system32\mfsyncsv.exe [2004-7-19 98304] R3 Klsmpad;Klsmpad Device;c:\windows\system32\drivers\Klsmpad.sys [2004-2-27 24142] S2 gupdate1c9e4a13256cfec;Google Update Service (gupdate1c9e4a13256cfec);c:\program files\google\update\GoogleUpdate.exe [2009-6-3 133104] S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2002-8-29 96256] S3 DCamUSBOvt;Intel Play Me2Cam;c:\windows\system32\drivers\Me2Cam.sys [2005-5-21 72556] S3 EL59X;3Com Fast EtherLink 59x Adapter Driver;c:\windows\system32\drivers\el59x.sys --> c:\windows\system32\drivers\el59x.sys [?] S3 McShield;Network Associates McShield;c:\program files\network associates\virusscan\mcshield.exe [2004-9-22 221191] S3 NaiAvFilter1;NaiAvFilter1;c:\windows\system32\drivers\naiavf5x.sys [2007-1-16 108480] S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?] S3 WBMSA;Winbond Memory Stick Storage (MS) Device Driver - A;c:\windows\system32\drivers\wbmsa.sys [2002-9-17 24214] S4 RFNP32;WebDrive Provider; [x] =============== Created Last 30 ================ 2793-06-26 23:20:07 3120 -c--a-w- c:\windows\MF_C421.lfa 2793-06-26 23:20:07 3120 -c--a-w- c:\windows\MF_C420.lfa 2010-03-16 01:03:41 0 ----a-w- c:\documents and settings\tammi\defogger_reenable 2010-03-12 15:18:24 0 d-----w- c:\docume~1\tammi\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 ==================== Find3M ==================== 2010-01-27 10:14:31 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-01-05 10:00:29 832512 ----a-w- c:\windows\system32\wininet.dll 2010-01-05 10:00:21 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-01-05 10:00:20 17408 ------w- c:\windows\system32\corpol.dll 2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe 2008-06-18 03:33:12 0 -c--a-w- c:\program files\temp01 2005-11-15 01:45:33 774144 -c--a-w- c:\program files\RngInterstitial.dll ============= FINISH: 21:07:20.28 =============== Attach.txt UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_09-12-01.01) Microsoft Windows XP Professional Boot Device: \Device\HarddiskDmVolumes\Arriva2Dg0\Volume1 Install Date: 5/22/2005 7:48:00 PM System Uptime: 3/15/2010 8:37:28 PM (1 hours ago) Motherboard: ASUSTeK Computer INC. | | P4S533 Processor: Intel
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.