77clark77 Posted November 27, 2008 ID:36597 Share Posted November 27, 2008 .....First off, thanks for the work you are doing. Much appreciated!!! Here is my first log. Two nights ago I started getting all sorts of pop-ups from premium-live-scan.com. Since then, I've been getting some others as well. Malwarebytes' Anti-Malware 1.30Database version: 1423Windows 5.1.2600 Service Pack 211/26/2008 7:25:57 PMmbam-log-2008-11-26 (19-25-57).txtScan type: Quick ScanObjects scanned: 56717Time elapsed: 8 minute(s), 12 second(s)Memory Processes Infected: 0Memory Modules Infected: 2Registry Keys Infected: 3Registry Values Infected: 4Registry Data Items Infected: 2Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\zodofigu.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\yubiwojo.dll (Trojan.BHO) -> Delete on reboot.Registry Keys Infected:HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.Registry Values Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ssodl (Trojan.BHO) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cpma37ca89c (Trojan.Agent) -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\leralegipu (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: c:\windows\system32\yubiwojo.dll -> Quarantined and deleted successfully.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.BHO) -> Data: system32\yubiwojo.dll -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\zodofigu.dll (Trojan.Vundo.H) -> Delete on reboot.C:\WINDOWS\system32\ugifodoz.ini (Trojan.Vundo.H) -> Quarantined and deleted successfully.c:\WINDOWS\system32\yubiwojo.dll (Trojan.BHO) -> Delete on reboot. Link to post Share on other sites More sharing options...
Raid Posted November 27, 2008 ID:36601 Share Posted November 27, 2008 Important!All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.I need you to follow the instructions provided here Pre- HJT Post Instructions first. I also need for you to download this program OTListIt.exehttp://oldtimer.geekstogo.com/OTListIt.exe' rel="external nofollow"> to your desktop.Close all applications and windows so that you have nothing open and are at your DesktopDouble-click on the OTListIt.exe file to start OTListIt. OK any warning about running OTListIt.Place a checkmark in the "Scan All Users" checkbox (Leave the 'Use Whitelist' checked' and the 'File Age:' at 30 days)Click the Run Scan buttonNOTE: Please be patient and let the scan run without using the computerWhen the scan is complete, a text file (OTListIt.Txt) will open in Notepad (if not, it can be found on your Desktop)In Notepad, click Edit, Select all then Edit, CopyReply to this topic, click in the topic reply window, and press Ctrl+V to paste the log or Righ click paste.Submit your reply and close the Notepad window with OTList.txtAlso OTListIt's Extras.txt log file will be minimized in the Taskbar (and located on your Desktop) - click on this and maximize the windowIn Notepad, click Edit, Select all then Edit, CopyReply to this topic again, click in the topic reply window, and press Ctrl+V to paste the extras log or Right click paste.NOTE: If the files (OTListIt.txt, Extras.txt) do not appear in your taskbar, just open the files in notepad from your desktop.Please allow me time to analyze your post. If you don't see a reply from me after 24 hours, feel free to PM me. Link to post Share on other sites More sharing options...
77clark77 Posted November 27, 2008 Author ID:36603 Share Posted November 27, 2008 Important!All of the following instructions must be run on the affected computer. Logs from a different computer will not help me help you. So, if you need to download all of this and then copy it to CD or memory stick and take it to the other computer, please do so. Either way, it's important. The logs have to be made by the computer with the problem.I need you to follow the instructions provided here Pre- HJT Post Instructions first.I have started the PreHJT Instructions, and did run Spybot S&D. The immunize feature did not however "Protect" and files. All remained "unprotected". Previous post is MBAM log as instructed. PandaActive is currently scanning my system. Will download suggested program to my desktop - and post logs from PandaActive and OTListIt.exeThanks- Link to post Share on other sites More sharing options...
77clark77 Posted November 27, 2008 Author ID:36605 Share Posted November 27, 2008 PandaActive Log from my system:;***********************************************************************************************************************************************************************************ANALYSIS: 2008-11-26 21:35:20PROTECTIONS: 1MALWARE: 34SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================AVG 7.5.549 7.5.549 Yes Yes;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@trafficmp[2].txt00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@trafficmp[2].txt00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@casalemedia[2].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@doubleclick[2].txt00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@doubleclick[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@atdmt[2].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@atdmt[1].txt00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@247realmedia[2].txt00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@fastclick[1].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@tribalfusion[2].txt00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@tribalfusion[1].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@mediaplex[2].txt00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@mediaplex[1].txt00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@revenue[2].txt00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@com[1].txt00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@xiti[1].txt00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@statcounter[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@ad.yieldmanager[2].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@ad.yieldmanager[2].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@apmebf[1].txt00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@apmebf[2].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@serving-sys[1].txt00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@serving-sys[2].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@bs.serving-sys[1].txt00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@bs.serving-sys[2].txt00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@www.burstbeacon[1].txt00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@weborama[1].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@advertising[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@advertising[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@ads.pointroll[2].txt00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@ads.pointroll[1].txt00170549 Cookie/FortuneCity TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@fortunecity[2].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@overture[2].txt00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@overture[2].txt00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@realmedia[1].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temp\Cookies\erin and david@questionmarket[2].txt00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@questionmarket[1].txt00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@adrevolver[1].txt00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@searchportal.information[2].txt00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@target[1].txt00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@did-it[1].txt00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@atwola[1].txt00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@ads.addynamix[1].txt00456116 Adware/Antivirus2009 Adware No 0 Yes No C:\Documents and Settings\Erin and David\Local Settings\Temporary Internet Files\Content.IE5\KXEZO1AB\freescan[2].htm01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Erin and David\Cookies\erin and david@enhance[2].txt02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1EAAE548-C791-437B-A25F-0CC789572E50}\RP329\A0040288.sys03839851 Trj/Downloader.MDW Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{1EAAE548-C791-437B-A25F-0CC789572E50}\RP328\A0040257.sys;===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description ;=================================================================================================================================================================================== 108742 MEDIUM MS06-006 ;=================================================================================================================================================================================== Link to post Share on other sites More sharing options...
77clark77 Posted November 27, 2008 Author ID:36606 Share Posted November 27, 2008 OTListIT.exe LOG:OTListIt logfile created on: 11/26/2008 9:47:54 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Erin and David\Local Settings\Temporary Internet Files\Content.IE5\ITJC5OZAWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1022.37 Mb Total Physical Memory | 443.68 Mb Available Physical Memory | 43.40% Memory free2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.15% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 87.06 Gb Total Space | 60.61 Gb Free Space | 69.62% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LAPTOPCurrent User Name: Erin and DavidLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== Processes ==========[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe[2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe[2005/08/05 13:56:34 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehtray.exe[2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[2007/10/08 14:18:04 | 00,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe[2007/10/08 14:13:36 | 01,101,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe[2006/03/24 17:30:44 | 00,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe[2005/12/09 20:29:52 | 00,049,152 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe[2008/10/18 07:25:03 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe[2004/09/13 14:49:00 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[2008/07/10 09:51:32 | 00,289,064 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe[2008/06/10 03:27:04 | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[2007/12/31 12:35:11 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe[2004/11/04 18:28:24 | 00,258,048 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[2004/11/04 18:36:46 | 00,425,984 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe[2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2008/03/02 22:45:14 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe[2008/03/02 22:45:18 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe[2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe[2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe[2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe[2007/10/08 14:15:50 | 00,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe[2007/10/08 14:09:26 | 00,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2005/08/05 13:56:28 | 00,046,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehmsas.exe[2006/01/02 17:41:22 | 00,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe[2008/11/26 21:47:48 | 00,418,304 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Erin and David\Local Settings\Temporary Internet Files\Content.IE5\ITJC5OZA\OTListIt[1].exe========== (O23) Win32 Services ==========[2007/12/29 14:40:16 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])[2008/07/10 08:47:18 | 00,116,040 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])[2004/07/15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])[2006/05/23 21:59:38 | 00,409,600 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])[2008/03/02 22:45:14 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe -- (Avg7Alrt [Auto | Running])[2008/03/02 22:45:18 | 00,049,664 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgupsvc.exe -- (Avg7UpdSvc [Auto | Running])[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])[2005/10/11 08:40:32 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehrecvr.exe -- (ehRecvr [Auto | Running])[2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\ehSched.exe -- (ehSched [Auto | Running])[2007/10/08 14:27:02 | 00,794,624 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng [Auto | Running])[2007/12/27 22:00:17 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Running])[2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])[2003/07/28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Running])[2007/10/08 14:01:54 | 00,483,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc [Auto | Running])[2007/10/08 14:06:44 | 01,183,744 | ---- | M] (Intel Corporation ) -- C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -- (S24EventMonitor [Auto | Running])[2007/01/04 13:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service [Auto | Running])[2007/10/08 14:15:50 | 00,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER [Auto | Running])[2006/10/18 20:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped])========== Driver Services ==========[2006/09/19 16:46:00 | 00,011,465 | ---- | M] () -- C:\WINDOWS\system32\drivers\6250spi.sys -- (6250spi [On_Demand | Stopped])[2007/12/27 21:38:57 | 00,021,361 | ---- | M] (Cisco Systems, Inc.) -- C:\WINDOWS\system32\drivers\AegisP.sys -- (AegisP [Auto | Running])[2006/05/23 22:06:36 | 01,578,496 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running])[2008/03/02 22:45:23 | 00,821,856 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7core.sys -- (Avg7Core [system | Running])[2008/03/02 22:45:29 | 00,004,224 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsw.sys -- (Avg7RsW [system | Running])[2008/03/02 22:45:29 | 00,027,776 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avg7rsxp.sys -- (Avg7RsXP [system | Running])[2008/03/02 22:45:29 | 00,010,760 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\avgclean.sys -- (AvgClean [system | Running])[2006/11/21 03:25:44 | 00,045,568 | R--- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])[2005/03/22 14:40:18 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [boot | Stopped])[2008/01/29 11:01:28 | 00,016,168 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])[2004/08/12 17:45:54 | 00,137,728 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys -- (HDAudBus [On_Demand | Running])[2004/12/14 08:07:44 | 00,051,120 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZid412.sys -- (HPZid412 [On_Demand | Running])[2004/12/14 08:07:44 | 00,016,496 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZipr12.sys -- (HPZipr12 [On_Demand | Running])[2004/12/14 08:07:44 | 00,021,744 | R--- | M] (HP) -- C:\WINDOWS\system32\drivers\HPZius12.sys -- (HPZius12 [On_Demand | Running])[2005/07/22 08:01:08 | 00,201,600 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])[2005/07/22 08:02:12 | 01,035,008 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])[2004/08/03 21:58:36 | 00,014,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [system | Stopped])[2004/03/17 09:04:14 | 00,013,059 | R--- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys -- (mdmxsdk [Auto | Running])[2007/09/26 06:01:32 | 02,236,032 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32 [On_Demand | Running])[2001/08/22 07:42:58 | 00,013,632 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\drivers\omci.sys -- (OMCI [system | Running])[2008/06/19 17:24:30 | 00,028,544 | ---- | M] (Panda Security, S.L.) -- C:\WINDOWS\system32\drivers\pavboot.sys -- (pavboot [boot | Running])[2004/08/10 03:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running])[2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [boot | Running])[2006/11/15 00:16:24 | 00,032,256 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk [Auto | Running])[2006/11/14 19:42:46 | 00,043,520 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk [Auto | Running])[2006/11/14 17:35:20 | 00,037,376 | ---- | M] (REDC) -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp [Auto | Running])[2007/08/27 11:10:36 | 00,012,288 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans [Auto | Running])[2004/08/10 03:00:00 | 00,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys -- (sdbus [On_Demand | Running])[2007/11/13 02:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped])[2006/03/24 17:34:30 | 01,156,648 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running])[2008/02/17 20:57:46 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped])[2007/10/31 14:09:14 | 00,030,464 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])[2005/07/22 08:01:00 | 00,717,952 | R--- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf [On_Demand | Running])========== Internet Explorer ==========HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhomeHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htmHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearchHKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=homeHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieHKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comHKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieHKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.localO1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\HostsO1 - Hosts: 127.0.0.1 localhostO2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AOL Search\AOLSearch.dll (America Online, Inc.)O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)O2 - BHO: (del.icio.us Toolbar Helper) - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll (Google Inc.)O2 - BHO: (no name) - {d9c59070-c2f1-4958-8d78-a0f85a0b1cac} - C:\WINDOWS\system32\vihorazo.dll File not foundO3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)O3 - HKLM\..\Toolbar: (del.icio.us) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)O3 - HKCU\..\Toolbar: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)O3 - HKCU\..\Toolbar: (no name) - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll (del.icio.us, a Yahoo! Company)O3 - HKCU\..\Toolbar: (no name) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)O4 - HKLM..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP (GRISOFT, s.r.o.)O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)O4 - HKLM..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" (Hewlett-Packard Company)O4 - HKLM..\Run: [intelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless (Intel Corporation)O4 - HKLM..\Run: [intelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" (Intel Corporation)O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not foundO4 - HKLM..\Run: [leralegipu] Rundll32.exe "C:\WINDOWS\system32\zotahase.dll",s File not foundO4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)O4 - HKLM..\Run: [sigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)O4 - HKLM..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" (Sun Microsystems, Inc.)O4 - HKCU..\Run: [Aim6] File not foundO4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)O4 - Startup: C:\Documents and Settings\Erin and David\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)O15 - HKLM\..Trusted Sites: 1 domain(s) and sub-domain(s) not assigned to a zone.O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemydsl.verizon.net/sdcCommon...DSL/tgctlcm.cab (Support.com Configuration Class)O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://www.pandasecurity.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/buxus/docs/OnlineScanner.cab (OnlineScanner Control)O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1198820672592 (MUWebControl Class)O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 (Java Plug-in 1.6.0_07)O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)O18 - Protocol\Handler: - ipp - No CLSID value foundO18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - msdaipp - No CLSID value foundO18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)O18 - Protocol\Handler: - mso-offdap - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)O18 - Protocol\Handler: - mso-offdap11 - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)O20 - See sections below for AppInitDlls and Winlogon settings========== AppInit_DLLs ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]"AppInit_Dlls" = C:\WINDOWS\system32\babonehu.dll c:\windows\system32\ripojopo.dll>[2008/08/24 21:36:18 | 00,060,416 | -HS- | M] () -- C:\WINDOWS\system32\babonehu.dll>File not found -- c:\windows\system32\ripojopo.dll========== Winlogon Notify Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]AtiExtEvent: "DllName" = Ati2evxx.dll -- C:\WINDOWS\system32\ati2evxx.dll (ATI Technologies Inc.)========== Safeboot Options =========="AlternateShell" = cmd.exe========== CDRom AutoRun Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]"AutoRun" = 1========== Autorun Files on Drives ==========AUTOEXEC.BAT [][2007/12/27 20:44:47 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ]========== Files/Folders - Created Within 30 Days ==========[2008/11/26 19:31:57 | 00,000,000 | ---D | C] -- C:\Program Files\EsetOnlineScanner[2008/11/25 21:40:01 | 00,028,544 | ---- | C] (Panda Security, S.L.) -- C:\WINDOWS\System32\drivers\pavboot.sys[2008/11/25 21:39:53 | 00,000,000 | ---D | C] -- C:\Program Files\Panda Security[2008/11/25 21:11:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Erin and David\Application Data\Malwarebytes[2008/11/25 21:11:22 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys[2008/11/25 21:11:22 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2008/11/25 21:11:19 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys[2008/11/25 21:11:18 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware[2008/11/25 21:11:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes[2008/11/25 21:10:39 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Program Files\mbam-setup.exe[2008/11/25 21:05:24 | 00,000,211 | ---- | C] () -- C:\WINDOWS\wininit.ini[2008/11/25 20:33:21 | 00,000,933 | ---- | C] () -- C:\Documents and Settings\Erin and David\Desktop\Spybot - Search & Destroy.lnk[2008/11/25 20:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy[2008/11/25 20:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy[2008/11/25 20:31:49 | 15,083,520 | ---- | C] (Safer Networking Limited ) -- C:\Program Files\spybotsd160.exe[2008/11/22 16:04:19 | 00,025,600 | ---- | C] () -- C:\Documents and Settings\Erin and David\My Documents\Yvonne 11.22.08.doc[2008/11/21 21:26:49 | 00,000,000 | ---D | C] -- C:\Program Files\__MACOSX[2008/11/20 17:46:25 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Erin and David\My Documents\Book2.xls[2008/11/16 22:29:10 | 00,018,432 | ---- | C] () -- C:\Documents and Settings\Erin and David\My Documents\budget whittier brokers.xls[2008/11/07 22:41:32 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Erin and David\Desktop\Whittier Co-op November order_update.xls[2008/11/05 19:19:45 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Erin and David\My Documents\Vonage Charges.xls[2008/10/30 07:43:46 | 04,366,539 | ---- | C] () -- C:\Documents and Settings\Erin and David\Desktop\control panel.psd[2008/10/29 17:43:51 | 01,172,134 | ---- | C] () -- C:\Documents and Settings\Erin and David\Desktop\untitled.bmp========== Files - Modified Within 30 Days ==========[5 C:\WINDOWS\System32\*.tmp files][3 C:\WINDOWS\*.tmp files][2008/11/26 21:48:37 | 00,008,812 | -H-- | M] () -- C:\WINDOWS\System32\popevuhi[2008/11/26 19:29:12 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT[2008/11/26 19:29:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat[2008/11/26 19:11:13 | 00,000,211 | ---- | M] () -- C:\WINDOWS\wininit.ini[2008/11/25 21:11:22 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk[2008/11/25 20:33:21 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Erin and David\Desktop\Spybot - Search & Destroy.lnk[2008/11/24 19:40:10 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk[2008/11/22 19:53:29 | 00,025,600 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Yvonne 11.22.08.doc[2008/11/20 21:03:01 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job[2008/11/20 17:46:25 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Book2.xls[2008/11/19 20:06:31 | 01,315,840 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Matty Schedule - Master.xls[2008/11/16 22:29:11 | 00,018,432 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\budget whittier brokers.xls[2008/11/12 22:47:06 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK[2008/11/11 20:35:01 | 00,010,752 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Current Sale Price List.xls[2008/11/07 22:41:33 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Erin and David\Desktop\Whittier Co-op November order_update.xls[2008/11/05 22:08:04 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\D Almeida Word Format Resume 07.17.08.doc[2008/11/05 19:19:45 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Vonage Charges.xls[2008/11/02 23:00:43 | 00,012,288 | ---- | M] () -- C:\Documents and Settings\Erin and David\My Documents\Current Sale Price List_a.xls[2008/11/02 08:05:40 | 00,383,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat[2008/11/02 08:05:40 | 00,054,010 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat[2008/11/02 08:05:39 | 00,443,556 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI[2008/10/30 07:43:49 | 04,366,539 | ---- | M] () -- C:\Documents and Settings\Erin and David\Desktop\control panel.psd[2008/10/29 17:43:51 | 01,172,134 | ---- | M] () -- C:\Documents and Settings\Erin and David\Desktop\untitled.bmp< End of report > Link to post Share on other sites More sharing options...
77clark77 Posted November 27, 2008 Author ID:36607 Share Posted November 27, 2008 OTListIT.exe Extras:OTListIt Extras logfile created on: 11/26/2008 9:47:54 PM - Run OTListIt by OldTimer - Version 1.0.12.0 Folder = C:\Documents and Settings\Erin and David\Local Settings\Temporary Internet Files\Content.IE5\ITJC5OZAWindows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstationInternet Explorer (Version = 6.0.2900.2180)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy1022.37 Mb Total Physical Memory | 443.68 Mb Available Physical Memory | 43.40% Memory free2.40 Gb Paging File | 1.93 Gb Available in Paging File | 80.15% Paging File freePaging file location(s): C:\pagefile.sys 1536 3072;%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program FilesDrive C: | 87.06 Gb Total Space | 60.61 Gb Free Space | 69.62% Space Free | Partition Type: NTFSD: Drive not present or media not loadedE: Drive not present or media not loadedF: Drive not present or media not loadedG: Drive not present or media not loadedH: Drive not present or media not loadedI: Drive not present or media not loadedComputer Name: LAPTOPCurrent User Name: Erin and DavidLogged in as Administrator.Current Boot Mode: NormalScan Mode: Current userWhitelist: OnFile Age = 30 Days========== File Associations ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]========== Security Center Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"FirstRunDisabled" = 1"AntiVirusDisableNotify" = 0"FirewallDisableNotify" = 0"UpdatesDisableNotify" = 1"AntiVirusOverride" = 0"FirewallOverride" = 0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile"EnableFirewall" = 1"DoNotAllowExceptions" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List][2004/10/13 08:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows MessengerFile not found -- D:\iTunes\iTunes.exe:*:Enabled:iTunes[2007/07/24 15:17:08 | 00,229,376 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour[2008/10/18 07:25:04 | 00,514,560 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe[2008/03/02 22:45:14 | 00,418,816 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe[2008/10/18 07:25:03 | 00,590,848 | ---- | M] (GRISOFT, s.r.o.) -- C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe[2006/11/02 23:17:27 | 00,010,800 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader[2008/03/06 12:50:59 | 00,050,528 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM[2008/07/10 09:51:26 | 20,246,824 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes[2008/11/04 20:02:47 | 00,318,976 | ---- | M] (Octoshape ApS) -- C:\Documents and Settings\Erin and David\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Disabled:Octoshape add-in for Adobe Flash Player[2004/08/10 03:00:00 | 00,218,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wbem\wmiprvse.exe:*:Enabled:wmiprvse[2004/09/29 11:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe:*:Enabled:HPZipm12[2008/07/10 09:51:22 | 00,532,264 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe:*:Enabled:iPodService========== HKEY_LOCAL_MACHINE Uninstall List ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}" = 2350"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update"{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}" = 2350_Help"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime"{08F7CCA6-8590-4401-8B44-CEB09A909AAB}" = del.icio.us Buttons for Internet Explorer"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView"{10CE1EA2-12E9-11D3-825E-00C04F6843FE}" = Microsoft Office Sounds"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP"{35B91753-5789-4517-9CF1-2CCE3A8CF4F1}" = Apple Mobile Device Support"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme"{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}" = Bonjour"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update"{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon Camera WIA Driver"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1"{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = EOS Capture 1.2"{750CF8D7-4B04-404F-AFA2-14C129C42373}" = EOS Viewer Utility 1.2.1"{77A75E29-89D0-45D4-9A3A-9823B0D0C939}" = CFLR Suite 2007-2"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders"{A02ED372-22FA-448B-AB6A-1B0FC23B7D08}" = ATI Catalyst Control Center"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director"{BCE72AED-3332-4863-9567-C5DCB9052CA2}" = Netflix Movie Viewer"{C0E7118C-CF3D-46EC-B431-F744C035A571}" = 2350Trb"{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon Camera WIA Driver"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0"{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon Camera WIA Driver"{EF6C4600-306D-4F6A-A119-C2A877D25B4A}" = iTunes"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe"12133444-BF36-4d4e-B7FB-A3424C645DE4" = GemMaster Mystic"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)"ActiveScan 2.0" = Panda ActiveScan 2.0"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2"AIM Toolbar" = AIM Toolbar 5.0"AIM_6" = AIM 6"All ATI Software" = ATI - Software Uninstall Utility"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.2"AOL Search" = AOL Search"ATI Display Driver" = ATI Display Driver"AVG7Uninstall" = AVG 7.5"B3EE3001-DC24-4cd1-8743-5692C716659F" = Otto"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem"DECCHECK" = Microsoft Windows XP Video Decoder Checkup Utility"EsetOnlineScanner" = ESET Online Scanner"ESPNMotion" = ESPNMotion"Excel Utilities 1.5" = Excel Utilities 1.5"Excel VBA Code Cleaner 4.4" = Excel VBA Code Cleaner 4.4"ExpressBurn" = Express Burn"HP Photo & Imaging" = HP Image Zone 4.7"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1"InstallShield_{652C4ADF-0A29-4B02-9211-EE61675847DE}" = Canon EOS-1Ds Mark II WIA Driver"InstallShield_{74BE7519-41A7-45A8-8AA6-78C7907A4808}" = Canon Utilities EOS Capture 1.2"InstallShield_{750CF8D7-4B04-404F-AFA2-14C129C42373}" = Canon Utilities EOS Viewer Utility 1.2"InstallShield_{C537C86E-22C0-41CF-8A8E-3B23E986C3D9}" = Canon EOS-1D Mark II WIA Driver"InstallShield_{ED9775A0-383E-4EAA-8DA5-8CC6860D60A3}" = Canon EOS 20D WIA Driver"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP"Power Ranger_is1" = Power Ranger"ProInst" = Intel® PROSet/Wireless Software"Shed 1.0" = Shed 1.0"ViewpointMediaPlayer" = Viewpoint Media Player"WavePad" = WavePad Uninstall"Windows Media Format Runtime" = Windows Media Format 11 runtime"Windows Media Player" = Windows Media Player 11"WinRAR archiver" = WinRAR archiver"WMFDist11" = Windows Media Format 11 runtime"wmp11" = Windows Media Player 11"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0"XY Chart Labeler 6.22" = XY Chart Labeler 6.22========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player========== Last 10 Event Log Errors ==========[ Application Events ]Error - 5/21/2008 7:28:58 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 5/22/2008 11:10:44 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 5/24/2008 1:18:41 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002Description = Hanging application aim6.exe, version 1.4.9.1, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 5/24/2008 5:31:24 PM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002Description = Hanging application IEXPLORE.EXE, version 6.0.2900.2180, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 5/26/2008 1:12:53 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 5/29/2008 1:51:16 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 5/30/2008 9:29:47 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 5/31/2008 2:40:19 AM | Computer Name = LAPTOP | Source = Application Hang | ID = 1002Description = Hanging application Photoshop.exe, version 9.0.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error - 5/31/2008 7:18:46 PM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.Error - 6/1/2008 12:18:25 AM | Computer Name = LAPTOP | Source = Application Error | ID = 1000Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting module pngfilt.dll, version 6.0.2900.3314, fault address 0x000049ce.[ System Events ]Error - 11/8/2008 10:36:15 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 11/8/2008 10:36:15 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/15/2008 12:54:10 AM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 11/15/2008 12:54:10 AM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/20/2008 12:17:38 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 11/20/2008 12:17:38 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/23/2008 1:38:20 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 11/23/2008 1:38:20 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. Error - 11/25/2008 9:33:18 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452689Description = Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)Error - 11/25/2008 9:33:18 PM | Computer Name = LAPTOP | Source = W32Time | ID = 39452701Description = The time provider NtpClient is configured to acquire time from one or more time sources, however none of the sources are currently accessible. No attempt to contact a source will be made for 14 minutes. NtpClient has no source of accurate time. < End of report > Link to post Share on other sites More sharing options...
Raid Posted November 27, 2008 ID:36608 Share Posted November 27, 2008 Can you upload this file C:\WINDOWS\system32\babonehu.dlland C:\WINDOWS\System32\popevuhito uploads.malwarebytes.org ?Your logs don't look to bad. I need you to update MBAM and scan again with it, reboot if/when asked to do so, then post a fresh hijackthis log. Link to post Share on other sites More sharing options...
Recommended Posts